Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Search Redirect Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.09.2011, 08:23   #1
Chronisch
 
Search Redirect Virus - Standard

Search Redirect Virus



Hallo,

Ich leide seit langer Zeit an das Redirect-Virus und irgendwie ist es in letzter Zeit schlimmer geworden so das Google praktisch unnutzbar ist. Das beste, was ich erreichen konnte, ist die Hosts zu blockieren, aber jetzt kriege ich einfach eine leere statt die gewünschte Seite.

Ich habe folgendes Thema gelesen und dementsprechend die ersten 2 Scans ausgeführt. Die Logs habe ich angehängt

http://www.trojaner-board.de/96793-g...entfernen.html

vielen Dank im voraus
Angehängte Dateien
Dateityp: txt OTL.Txt (87,7 KB, 180x aufgerufen)
Dateityp: txt mbam-log-2011-09-10 (07-49-09).txt (1,2 KB, 153x aufgerufen)
Dateityp: txt Extras.Txt (63,4 KB, 173x aufgerufen)

Alt 11.09.2011, 14:32   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Search Redirect Virus - Standard

Search Redirect Virus



Hallo und

1.) Die Funde mit Malwarebytes müssen immer entfernt werden!
2.) Du hast keinen Vollscan mit Malwarebytes gemacht
3.) Das OTL-Log stammt nicht von einem CustomScan, daher das hier jetzt machen:


Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Danach OTL-Custom:


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________

__________________

Alt 12.09.2011, 07:59   #3
Chronisch
 
Search Redirect Virus - Standard

Search Redirect Virus



Hallo und danke für die Antwort. Malwarebytes hat nichts gefunden. Hier der Inhalt von OTL:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 9/12/2011 3:19:54 AM - Run 2
OTL by OldTimer - Version 3.2.27.0     Folder = C:\Users\WiNas\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.98 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 46.34% Memory free
7.96 Gb Paging File | 5.54 Gb Available in Paging File | 69.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.40 Gb Total Space | 48.28 Gb Free Space | 17.66% Space Free | Partition Type: NTFS
Drive D: | 180.26 Gb Total Space | 177.90 Gb Free Space | 98.69% Space Free | Partition Type: NTFS
 
Computer Name: WINAS-MSI | User Name: WiNas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\WiNas\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Giraffic\GirafficWatchdog.exe (Giraffic)
PRC - C:\Program Files (x86)\Giraffic\Giraffic.exe (Giraffic)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\js3250.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cea5d9b8e3d6ff3bf3be32cf5fcbcd02\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\456d5e9d3a0a37697ab28c150e9ac5b7\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll ()
MOD - C:\Program Files (x86)\Unlocker\UnlockerHook.dll ()
MOD - C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.DEU ()
MOD - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.DEU ()
MOD - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU ()
MOD - C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe ()
MOD - C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWLAN.dll ()
MOD - C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\dot1x_dll.dll ()
MOD - C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\SSLEAY32.dll ()
MOD - C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\LIBEAY32.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
SRV:64bit: - (Bluetooth Media Service) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.)
SRV:64bit: - (Bluetooth Device Manager) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.)
SRV:64bit: - (Bluetooth OBEX Service) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Giraffic) -- C:\Program Files (x86)\Giraffic\GirafficWatchdog.exe (Giraffic)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SW2SVC) -- C:\Program Files (x86)\SecureW2\sw2_service.exe (SecureW2 B.V.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Micro Star SCM) -- C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SCDEmu) -- C:\windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\drivers\HssDrv.sys (AnchorFree Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (BTMUSB) -- C:\Windows\SysNative\drivers\btmusb.sys (Motorola, Inc.)
DRV:64bit: - (BTMHID) -- C:\Windows\SysNative\drivers\btmhid.sys (Motorola, Inc.)
DRV:64bit: - (smserial) -- C:\Windows\SysNative\drivers\smserial.sys (Motorola Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BTMCOM) -- C:\Windows\SysNative\drivers\btmcom.sys (Motorola, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (johci) -- C:\Windows\SysNative\drivers\johci.sys (JMicron )
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (enecirhid) -- C:\Windows\SysNative\drivers\enecirhid.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (enecirhidma) -- C:\Windows\SysNative\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.)
DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsi Software GmbH)
DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsi Software GmbH)
DRV - (MSI_DVD_010507) -- C:\PROGRA~1\MSI\MSIWDev\DVDSYS64_100507.sys (Your Corporation)
DRV - (MSI_MSIBIOS_010507) -- C:\PROGRA~1\MSI\MSIWDev\msibios64_100507.sys (Your Corporation)
DRV - (MSI_VGASYS_010507) -- C:\PROGRA~1\MSI\MSIWDev\VGASYS64_100507.sys ()
DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsi Software GmbH)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (speedfan) -- C:\windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSI | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {c840e246-6b95-475e-9bd7-caa1c7eca9f2}:3.3.3.2
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\WiNas\AppData\Roaming\Move Networks\plugins\npqmp071700000016.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/20 15:26:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/20 15:26:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/08 08:28:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/08 09:08:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\WiNas\AppData\Roaming\Move Networks [2011/02/10 22:20:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\WiNas\AppData\Roaming\IDM\idmmzcc3
 
[2011/02/05 13:59:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WiNas\AppData\Roaming\mozilla\Extensions
[2011/09/11 20:09:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WiNas\AppData\Roaming\mozilla\Firefox\Profiles\rkqgl2a9.default\extensions
[2011/05/22 22:51:28 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\WiNas\AppData\Roaming\mozilla\Firefox\Profiles\rkqgl2a9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/04/01 11:34:27 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\WiNas\AppData\Roaming\mozilla\Firefox\Profiles\rkqgl2a9.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2011/04/01 11:34:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\WiNas\AppData\Roaming\mozilla\Firefox\Profiles\rkqgl2a9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/04/01 11:34:28 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\WiNas\AppData\Roaming\mozilla\Firefox\Profiles\rkqgl2a9.default\extensions\engine@conduit.com
[2011/02/05 16:42:16 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\WiNas\AppData\Roaming\mozilla\Firefox\Profiles\rkqgl2a9.default\extensions\firefox@tvunetworks.com
[2011/07/26 13:54:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/03/20 16:51:22 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/02/07 23:58:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/07/26 13:54:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/04/23 13:46:21 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com
[2011/03/20 15:26:29 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/03/20 15:26:29 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011/02/10 22:20:39 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\WINAS\APPDATA\ROAMING\MOVE NETWORKS
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/03 20:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/12/03 20:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010/12/03 20:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/12/03 20:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/12/03 20:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (FlashGet(??)-Best Download Manager)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (FlashGet(??)-Best Download Manager)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SecureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe (SecureW2 B.V.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DietPower 4.4 Update Setup]  File not found
O4 - HKCU..\Run: [DietPower 4.4 Update Setup for All Users] C:\ProgramData\{7689A553-874D-4F62-ABC0-C6643D2F1962}\DietPowerSetup.exe (DietPower                                                                                                                                                                                                                                                                                                   )
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [RGSC]  File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\WiNas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8:64bit: - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: com ([www.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.174 80.69.100.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2CACF33-E2B9-4793-9631-3FB4D223DD80}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF866FC9-228E-4F8B-9795-3FDF916ECE23}: DhcpNameServer = 80.69.100.174 80.69.100.206
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
SafeBootMin:64bit: 89177300.sys - Driver
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: 89177300.sys - Driver
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: 89177300.sys - Driver
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: 89177300.sys - Driver
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {A72E5B11-AA78-4E19-1810-2E72E537BAF3} - Browser Customizations
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {572D76C2-DC7B-6629-4616-7AF6A23A2DB7} - Microsoft Windows Media Player 12.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {613A70D5-EC22-69AC-7113-23C19F0CD6B3} - Microsoft Windows Media Player 12.0
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {AE3397DF-4F5E-86FB-006E-3589382333C2} - Microsoft Windows Media Player
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.yv12 - C:\windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/09/10 10:39:38 | 000,000,000 | ---D | C] -- C:\fifatrax
[2011/09/10 10:34:44 | 000,000,000 | ---D | C] -- C:\OUT_MEDIA_FILES
[2011/09/10 10:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alt MP3 Bitrate Converter
[2011/09/10 10:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alt MP3 Bitrate Converter
[2011/09/10 10:18:06 | 000,000,000 | ---D | C] -- C:\fifa
[2011/09/10 10:14:09 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\fifafs_for_windows
[2011/09/10 07:49:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\security
[2011/09/10 07:36:05 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Roaming\Malwarebytes
[2011/09/10 07:35:55 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2011/09/10 07:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/10 07:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/10 07:35:52 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/09/10 07:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/08 20:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2011/09/08 20:03:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2011/09/08 20:03:58 | 000,000,000 | ---D | C] -- C:\Users\WiNas\Documents\Anti-Malware
[2011/09/08 09:07:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/09/08 09:07:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/09/08 09:06:08 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{87AB4034-485A-44B4-806B-6911ED60844C}
[2011/09/08 09:05:57 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{D121D2DD-4CDA-4A05-ABF3-A944862255DB}
[2011/09/08 08:27:43 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{CCDE0272-9B82-4C1C-B78D-A63CB1A8F2A8}
[2011/09/08 08:27:28 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{B44E1AC0-8721-4061-B326-B2C46D7D69AA}
[2011/09/07 20:49:59 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{EB6F3E4B-6B85-451A-A625-D882D159629B}
[2011/09/07 20:49:48 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{C092D487-FC86-479F-B152-CF13DA2A66CA}
[2011/09/07 12:09:41 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{9BE554E7-A24E-420D-985E-6B68EEFAEB32}
[2011/09/07 12:09:29 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{DD6A2581-9D5D-4052-957E-8F64D2ED005C}
[2011/09/06 23:56:42 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{20E7E534-407A-4F63-BD09-9C5FCDFC67C3}
[2011/09/06 23:56:31 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{E9022E82-900E-4D5A-A23B-1190BF8D2D45}
[2011/09/06 10:53:26 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{BD77C386-222B-4DC4-9926-7090D89EFFAF}
[2011/09/06 10:53:09 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{8A485EB9-5628-41EE-B777-40F9927DF0FA}
[2011/09/04 23:08:54 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{0695E327-28D2-4431-A384-6454735AD643}
[2011/09/04 23:08:40 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{E431A4CF-6B1B-4AF1-AD30-7022892D916E}
[2011/09/04 01:03:14 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{2AC46F4F-F7EF-46CA-89AF-1A930A86D1A8}
[2011/09/04 01:03:02 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{09F2D29C-0ABA-4D75-86CA-5C970A668D22}
[2011/09/03 09:47:50 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{44C6C7A5-26D0-4FA4-B6B5-3F9162C863E8}
[2011/09/03 09:47:38 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{7B480D3A-E12C-4D37-A361-EBAED245474B}
[2011/09/02 22:58:00 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{8A59DB00-D446-48D7-BEB1-2DD5BEBB1011}
[2011/09/02 22:57:48 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{E4DA1ABA-0D30-4D08-96C1-99D14869C593}
[2011/09/02 15:51:57 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{E7D9A6D6-EA7D-40ED-B6B1-85AFCD7A6F88}
[2011/09/02 15:51:45 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{F4DFE619-73A5-4205-A856-FABEC4D7AA51}
[2011/09/02 15:12:05 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{372CCE58-A4D7-4F98-988E-6F35EEAD7903}
[2011/09/02 15:11:53 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{35A71176-B610-4E3D-BD35-4AD009518841}
[2011/09/02 15:09:57 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{33ECF9DD-9235-43A9-8135-904F2A060DE6}
[2011/09/02 15:09:46 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{CF52C7A6-4A19-403F-96BD-D7BF54ECDA7B}
[2011/08/23 16:18:01 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{40CCD2C6-C0A8-4BBB-B006-725610E0F890}
[2011/08/23 16:17:49 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{48FCAB44-5E34-42A4-9D3E-0206BBAE9413}
[2011/08/23 11:00:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\stillspying
[2011/08/23 09:22:39 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{1608460F-3418-4805-8453-86EBF40263EF}
[2011/08/23 09:22:27 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{12B13185-F44F-499C-A3BC-2BB61F7DDD70}
[2011/08/20 14:26:00 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{15B65295-F3A8-46CA-B2DD-71C4A73B79B7}
[2011/08/19 00:48:12 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{072C33D3-3A5C-453A-8383-9499DC65F545}
[2011/08/18 11:54:41 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{C7E29A62-B5CD-4015-93A3-3402AFAF5D5A}
[2011/08/17 18:18:42 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{08C90FAB-26B6-41B1-968E-02D25A510943}
[2011/08/17 18:18:30 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{2D37F762-1037-4534-80D5-C66238FD0418}
[2011/08/17 15:13:11 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{1F264C19-53A3-4ECF-843B-68E2DF983C39}
[2011/08/17 15:12:59 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{CE251AE7-73BB-4860-B175-C1960FD2952B}
[2011/08/17 13:15:07 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{3AB5685B-CD56-48F1-8061-251089E938FD}
[2011/08/17 13:14:55 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{25987FC3-68DB-471D-8302-238F61E45FC5}
[2011/08/16 22:48:12 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{FCE706BF-8235-49FA-9AC0-3095D00646C7}
[2011/08/16 22:48:00 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{555C34F4-0B6E-48C9-A0BD-EC2265E98A72}
[2011/08/13 10:58:29 | 000,081,920 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\windows\SysWow64\ZDPN50.dll
[2011/08/13 10:58:29 | 000,081,920 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\windows\SysWow64\ZDBRGDLL.dll
[2011/08/13 10:58:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZyDAS IEEE 802.11g Wireless LAN - USB
[2011/08/13 10:58:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZyDAS Technology Corporation
[2011/08/13 08:29:55 | 000,000,000 | ---D | C] -- C:\Users\WiNas\AppData\Local\{2E97E5F9-8B0E-46F8-9F1E-6678D5F57584}
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/09/11 08:49:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/09/10 08:04:49 | 000,017,600 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/10 08:04:49 | 000,017,600 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/10 08:04:16 | 001,498,506 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/09/10 08:04:16 | 000,654,166 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2011/09/10 08:04:16 | 000,616,008 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/09/10 08:04:16 | 000,130,006 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2011/09/10 08:04:16 | 000,106,388 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/09/10 07:57:16 | 000,000,302 | -HS- | M] () -- C:\windows\tasks\YWAUA.job
[2011/09/10 07:56:59 | 3207,114,752 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/08 09:08:30 | 000,002,024 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/09/04 16:32:24 | 000,049,873 | ---- | M] () -- C:\Users\WiNas\Desktop\22222222.wma
[2011/09/04 16:30:42 | 000,072,323 | ---- | M] () -- C:\Users\Public\Documents\22.wma
[2011/09/04 16:30:11 | 000,112,733 | ---- | M] () -- C:\Users\WiNas\Desktop\1111.wma
[2011/09/04 16:26:34 | 000,081,303 | ---- | M] () -- C:\Users\WiNas\Desktop\Unbenannt.wma
[2011/09/04 13:26:30 | 000,076,813 | ---- | M] () -- C:\Users\Public\Documents\Unbenannt.wma
[2011/08/29 23:04:41 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf
[2011/08/25 11:25:35 | 000,061,952 | RHS- | M] () -- C:\windows\SysWow64\msdrmz.dll
[2011/08/17 17:52:35 | 484,365,547 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/08/13 10:58:29 | 000,002,199 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ZDWLan Utility.lnk
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/09/08 09:07:45 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/09/08 09:07:45 | 000,002,024 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/09/04 16:32:24 | 000,049,873 | ---- | C] () -- C:\Users\WiNas\Desktop\22222222.wma
[2011/09/04 16:30:41 | 000,072,323 | ---- | C] () -- C:\Users\Public\Documents\22.wma
[2011/09/04 16:30:10 | 000,112,733 | ---- | C] () -- C:\Users\WiNas\Desktop\1111.wma
[2011/09/04 16:26:34 | 000,081,303 | ---- | C] () -- C:\Users\WiNas\Desktop\Unbenannt.wma
[2011/09/04 13:26:17 | 000,076,813 | ---- | C] () -- C:\Users\Public\Documents\Unbenannt.wma
[2011/08/29 23:04:41 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_xusb21_01007.Wdf
[2011/08/25 11:25:35 | 000,061,952 | RHS- | C] () -- C:\windows\SysWow64\msdrmz.dll
[2011/08/25 11:25:35 | 000,000,302 | -HS- | C] () -- C:\windows\tasks\YWAUA.job
[2011/08/13 10:58:29 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\InsDrvZD.dll
[2011/08/13 10:58:29 | 000,024,576 | ---- | C] () -- C:\windows\SysWow64\ZyDelReg.exe
[2011/08/13 10:58:29 | 000,002,199 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ZDWLan Utility.lnk
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
[2011/05/11 22:12:58 | 000,000,036 | ---- | C] () -- C:\Users\WiNas\AppData\Local\housecall.guid.cache
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
[2011/03/20 16:52:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/17 19:51:44 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/02/17 23:14:51 | 000,669,184 | ---- | C] () -- C:\windows\SysWow64\pbsvc.exe
[2011/02/17 23:14:51 | 000,103,736 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2011/02/17 23:14:51 | 000,066,872 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2011/02/07 06:15:50 | 000,000,178 | ---- | C] () -- C:\Users\WiNas\AppData\Roaming\wklnhst.dat
[2010/04/09 11:59:48 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011/04/18 23:17:56 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\Anthropics
[2011/08/17 14:53:15 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\Audacity
[2011/04/23 23:35:51 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\BlackBean
[2011/02/11 18:16:51 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\DAEMON Tools Lite
[2011/02/11 18:12:54 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\DMCache
[2011/02/11 17:16:01 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\FlashGet
[2011/02/23 18:05:05 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\Leadertech
[2011/02/07 15:46:14 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\Mael
[2011/07/01 12:52:25 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\OpenOffice.org
[2011/02/11 17:20:14 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\ProtectDISC
[2011/02/07 06:15:52 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\Template
[2011/03/13 20:50:19 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\The Creative Assembly
[2011/06/13 22:00:56 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\Toon Boom Animation
[2011/07/27 11:56:10 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\uTorrent
[2009/07/14 07:08:49 | 000,018,730 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2011/09/10 07:57:16 | 000,000,302 | -HS- | M] () -- C:\windows\Tasks\YWAUA.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/02/02 20:38:48 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\Adobe
[2011/04/18 23:17:56 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\Anthropics
[2011/02/02 16:01:13 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\ArcSoft
[2011/02/02 16:00:27 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\ATI
[2011/08/17 14:53:15 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\Audacity
[2011/04/23 23:35:51 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\BlackBean
[2011/02/11 18:16:51 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\DAEMON Tools Lite
[2011/06/16 01:32:00 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\DivX
[2011/02/11 18:12:54 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\DMCache
[2011/02/11 17:16:01 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\FlashGet
[2011/02/02 16:00:02 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\Identities
[2011/02/02 15:59:31 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\InstallShield
[2011/02/02 16:00:32 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\Intel Corporation
[2011/02/23 18:05:05 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\Leadertech
[2011/02/02 20:35:07 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\Macromedia
[2011/02/07 15:46:14 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\Mael
[2011/09/10 07:36:05 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\Malwarebytes
[2010/04/16 21:24:51 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\Media Center Programs
[2011/07/22 23:52:44 | 000,000,000 | --SD | M] -- C:\Users\WiNas\AppData\Roaming\Microsoft
[2011/02/10 22:20:39 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\Move Networks
[2011/02/05 13:59:25 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\Mozilla
[2011/07/01 12:52:25 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\OpenOffice.org
[2011/02/11 17:20:14 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\ProtectDISC
[2011/02/12 18:33:27 | 000,000,000 | RH-D | M] -- C:\Users\WiNas\AppData\Roaming\SecuROM
[2011/03/20 17:12:52 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\Skype
[2011/03/20 17:01:28 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\skypePM
[2011/02/07 06:15:52 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\Template
[2011/03/13 20:50:19 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\The Creative Assembly
[2011/06/13 22:00:56 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\Toon Boom Animation
[2011/07/27 11:56:10 | 000,000,000 | ---D | M] -- C:\Users\WiNas\AppData\Roaming\uTorrent
 
< %APPDATA%\*.exe /s >
[2011/05/02 05:53:29 | 000,386,560 | ---- | M] (Octoshape ApS) -- C:\Users\WiNas\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
[2011/02/10 22:20:39 | 000,143,973 | ---- | M] () -- C:\Users\WiNas\AppData\Roaming\Move Networks\uninstall.exe
[2009/09/24 23:45:48 | 000,097,216 | ---- | M] () -- C:\Users\WiNas\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009/10/02 13:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\windows\SysNative\drivers\iaStor.sys
[2009/10/02 13:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_b03f80929ac23556\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\windows\SysNative\netlogon.dll
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\windows\SysNative\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\windows\SysNative\user32.dll
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\windows\SysNative\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/04/16 22:08:22 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/04/16 22:08:22 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe
[2010/04/16 22:08:22 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011/08/25 11:25:35 | 000,061,952 | RHS- | M] () Unable to obtain MD5 -- C:\windows\system32\msdrmz.dll
[2 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
 
========== Files - Unicode (All) ==========
[2011/02/13 13:12:42 | 000,000,000 | ---D | M](C:\Users\WiNas\Documents\??? ????) -- C:\Users\WiNas\Documents\Мои игры
[2011/02/13 13:12:42 | 000,000,000 | ---D | C](C:\Users\WiNas\Documents\??? ????) -- C:\Users\WiNas\Documents\Мои игры

< End of report >
         
--- --- ---
__________________

Alt 12.09.2011, 11:47   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Search Redirect Virus - Standard

Search Redirect Virus



Trotzdem immer alle Logs von Malwarebytes posten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.09.2011, 13:31   #5
Chronisch
 
Search Redirect Virus - Standard

Search Redirect Virus



Da ist es. Danke schön

Zitat:
Malwarebytes' Anti-Malware 1.51.1.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 7696

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11.09.2011 23:50:13
mbam-log-2011-09-11 (23-50-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 449853
Laufzeit: 46 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Alt 12.09.2011, 14:49   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Search Redirect Virus - Standard

Search Redirect Virus



Führe auch bitte ESET aus, danach sehen wir weiter.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

n.
__________________
--> Search Redirect Virus

Alt 13.09.2011, 21:47   #7
Chronisch
 
Search Redirect Virus - Standard

Search Redirect Virus



Die logs von ESE:

Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=4e383b588e9b6f478c2e78cc196129ea
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-09-12 02:03:36
# local_time=2011-09-12 04:03:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776574 100 94 1370851 67466040 0 0
# compatibility_mode=8192 67108863 100 0 135 135 0 0
# scanned=362
# found=0
# cleaned=0
# scan_time=26
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=4e383b588e9b6f478c2e78cc196129ea
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-09-12 04:22:49
# local_time=2011-09-12 06:22:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776574 100 94 1370925 67466114 0 0
# compatibility_mode=8192 67108863 100 0 209 209 0 0
# scanned=16106
# found=1
# cleaned=0
# scan_time=8305
C:\Program Files (x86)\Cheat Engine 6\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=4e383b588e9b6f478c2e78cc196129ea
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-13 04:59:13
# local_time=2011-09-13 06:59:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776574 100 94 1430725 67525914 0 0
# compatibility_mode=8192 67108863 100 0 60009 60009 0 0
# scanned=304309
# found=1
# cleaned=0
# scan_time=37089
C:\Users\WiNas\Downloads\Dirt.3-SKIDROW\sr-dirt3.iso a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean) 00000000000000000000000000000000 I

Alt 14.09.2011, 06:44   #8
Chronisch
 
Search Redirect Virus - Standard

Search Redirect Virus



Sorry für das Doppelpost, wollte nur sagen dass das "Befund" oben nur ein Spieltrainer ist

Alt 14.09.2011, 13:21   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Search Redirect Virus - Standard

Search Redirect Virus



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll (Conduit Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun.exe
SafeBootMin:64bit: 89177300.sys - Driver
SafeBootMin: 89177300.sys - Driver
SafeBootNet:64bit: 89177300.sys - Driver
SafeBootNet: 89177300.sys - Driver
[2011/09/10 07:57:16 | 000,000,302 | -HS- | M] () -- C:\windows\tasks\YWAUA.job
[2011/08/25 11:25:35 | 000,061,952 | RHS- | C] () -- C:\windows\SysWow64\msdrmz.dll
[2011/08/25 11:25:35 | 000,000,302 | -HS- | C] () -- C:\windows\tasks\YWAUA.job
[2011/08/13 10:58:29 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\InsDrvZD.dll
[2011/08/13 10:58:29 | 000,024,576 | ---- | C] () -- C:\windows\SysWow64\ZyDelReg.exe
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.09.2011, 17:44   #10
Chronisch
 
Search Redirect Virus - Standard

Search Redirect Virus



Hallo wieder:

Zitat:
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ deleted successfully.
C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}\ not found.
File C:\Program Files (x86)\uTorrentBar_DE\tbuTor.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\autorun.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SafeBootMin 89177300.sys\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\89177300.sys\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SafeBootNet 89177300.sys\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\89177300.sys\ deleted successfully.
C:\Windows\Tasks\YWAUA.job moved successfully.
C:\Windows\SysWOW64\msdrmz.dll moved successfully.
File C:\windows\tasks\YWAUA.job not found.
C:\Windows\SysWOW64\InsDrvZD.dll moved successfully.
C:\Windows\SysWOW64\ZyDelReg.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: WiNas
->Temp folder emptied: 1905953411 bytes
->Temporary Internet Files folder emptied: 100812872 bytes
->Java cache emptied: 2244681 bytes
->FireFox cache emptied: 108200320 bytes
->Google Chrome cache emptied: 1905008 bytes
->Flash cache emptied: 2024132 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 453891 bytes
%systemroot%\System32 .tmp files removed: 1618992 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 102408916 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 53328554 bytes

Total Files Cleaned = 2,173.00 mb

C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.27.0 log created on 09142011_173146

Files\Folders moved on Reboot...
C:\Users\WiNas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Alt 14.09.2011, 21:46   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Search Redirect Virus - Standard

Search Redirect Virus



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.09.2011, 17:38   #12
Chronisch
 
Search Redirect Virus - Standard

Search Redirect Virus



0 Objects found:

Zitat:
2011/09/15 17:35:59.0229 4904 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/15 17:35:59.0502 4904 ================================================================================
2011/09/15 17:35:59.0502 4904 SystemInfo:
2011/09/15 17:35:59.0502 4904
2011/09/15 17:35:59.0502 4904 OS Version: 6.1.7600 ServicePack: 0.0
2011/09/15 17:35:59.0502 4904 Product type: Workstation
2011/09/15 17:35:59.0503 4904 ComputerName: WINAS-MSI
2011/09/15 17:35:59.0503 4904 UserName: WiNas
2011/09/15 17:35:59.0503 4904 Windows directory: C:\windows
2011/09/15 17:35:59.0503 4904 System windows directory: C:\windows
2011/09/15 17:35:59.0503 4904 Running under WOW64
2011/09/15 17:35:59.0503 4904 Processor architecture: Intel x64
2011/09/15 17:35:59.0503 4904 Number of processors: 8
2011/09/15 17:35:59.0503 4904 Page size: 0x1000
2011/09/15 17:35:59.0503 4904 Boot type: Normal boot
2011/09/15 17:35:59.0503 4904 ================================================================================
2011/09/15 17:36:00.0317 4904 Initialize success
2011/09/15 17:36:20.0857 6844 ================================================================================
2011/09/15 17:36:20.0857 6844 Scan started
2011/09/15 17:36:20.0857 6844 Mode: Manual;
2011/09/15 17:36:20.0857 6844 ================================================================================
2011/09/15 17:36:22.0666 6844 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
2011/09/15 17:36:22.0791 6844 a2acc (0b8ed3de81ec30ad50873f033b34b39e) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
2011/09/15 17:36:22.0869 6844 a2injectiondriver (f75ddc4047aa1ac85164445cba7601ef) C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys
2011/09/15 17:36:22.0916 6844 a2util (e41d79682a209f72f4f578cfd4a53952) C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys
2011/09/15 17:36:22.0978 6844 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
2011/09/15 17:36:23.0025 6844 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
2011/09/15 17:36:23.0103 6844 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
2011/09/15 17:36:23.0165 6844 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
2011/09/15 17:36:23.0228 6844 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
2011/09/15 17:36:23.0321 6844 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
2011/09/15 17:36:23.0399 6844 AgereSoftModem (af4748ef93416159459769a24a0053af) C:\windows\system32\DRIVERS\agrsm64.sys
2011/09/15 17:36:23.0493 6844 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
2011/09/15 17:36:23.0555 6844 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
2011/09/15 17:36:23.0602 6844 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
2011/09/15 17:36:23.0649 6844 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
2011/09/15 17:36:23.0899 6844 amdkmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\windows\system32\DRIVERS\atikmdag.sys
2011/09/15 17:36:24.0179 6844 amdkmdap (9deb889d152f9c9dba98be8986084535) C:\windows\system32\DRIVERS\atikmpag.sys
2011/09/15 17:36:24.0257 6844 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
2011/09/15 17:36:24.0304 6844 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
2011/09/15 17:36:24.0335 6844 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
2011/09/15 17:36:24.0367 6844 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
2011/09/15 17:36:24.0413 6844 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
2011/09/15 17:36:24.0476 6844 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
2011/09/15 17:36:24.0507 6844 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
2011/09/15 17:36:24.0554 6844 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys
2011/09/15 17:36:24.0616 6844 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
2011/09/15 17:36:24.0647 6844 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
2011/09/15 17:36:24.0741 6844 atksgt (fc0e8778c000291caf60eb88c011e931) C:\windows\system32\DRIVERS\atksgt.sys
2011/09/15 17:36:24.0835 6844 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
2011/09/15 17:36:24.0897 6844 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
2011/09/15 17:36:24.0959 6844 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
2011/09/15 17:36:25.0006 6844 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
2011/09/15 17:36:25.0100 6844 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
2011/09/15 17:36:25.0147 6844 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/09/15 17:36:25.0178 6844 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/09/15 17:36:25.0240 6844 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
2011/09/15 17:36:25.0271 6844 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
2011/09/15 17:36:25.0303 6844 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/09/15 17:36:25.0349 6844 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
2011/09/15 17:36:25.0412 6844 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
2011/09/15 17:36:25.0443 6844 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
2011/09/15 17:36:25.0474 6844 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
2011/09/15 17:36:25.0552 6844 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\windows\System32\Drivers\BTHport.sys
2011/09/15 17:36:25.0630 6844 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\windows\System32\Drivers\BTHUSB.sys
2011/09/15 17:36:25.0693 6844 BTMCOM (bb95f4f2c1ada589e97c8598e14e1c74) C:\windows\System32\Drivers\btmcom.sys
2011/09/15 17:36:25.0833 6844 BTMHID (a505e3d17b12113d947a85baa3070691) C:\windows\system32\DRIVERS\btmhid.sys
2011/09/15 17:36:25.0880 6844 BTMUSB (09b5a74916fa3417186c8f494ae6c9fe) C:\windows\system32\Drivers\btmusb.sys
2011/09/15 17:36:25.0927 6844 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
2011/09/15 17:36:26.0005 6844 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
2011/09/15 17:36:26.0051 6844 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
2011/09/15 17:36:26.0098 6844 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
2011/09/15 17:36:26.0207 6844 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
2011/09/15 17:36:26.0254 6844 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
2011/09/15 17:36:26.0301 6844 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
2011/09/15 17:36:26.0348 6844 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
2011/09/15 17:36:26.0379 6844 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/09/15 17:36:26.0426 6844 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
2011/09/15 17:36:26.0504 6844 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
2011/09/15 17:36:26.0566 6844 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
2011/09/15 17:36:26.0597 6844 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
2011/09/15 17:36:26.0691 6844 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
2011/09/15 17:36:26.0738 6844 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\windows\system32\DRIVERS\dtsoftbus01.sys
2011/09/15 17:36:26.0816 6844 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
2011/09/15 17:36:26.0941 6844 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
2011/09/15 17:36:27.0097 6844 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
2011/09/15 17:36:27.0159 6844 enecir (a9ec08727c64d985678f5b64c03823f0) C:\windows\system32\DRIVERS\enecir.sys
2011/09/15 17:36:27.0206 6844 enecirhid (e17eb95358f396e27d573a1b20f891f8) C:\windows\system32\DRIVERS\enecirhid.sys
2011/09/15 17:36:27.0237 6844 enecirhidma (8492d808c79bd6fe439f77be84956cdf) C:\windows\system32\DRIVERS\enecirhidma.sys
2011/09/15 17:36:27.0284 6844 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
2011/09/15 17:36:27.0346 6844 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
2011/09/15 17:36:27.0393 6844 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
2011/09/15 17:36:27.0440 6844 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
2011/09/15 17:36:27.0502 6844 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
2011/09/15 17:36:27.0533 6844 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
2011/09/15 17:36:27.0611 6844 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
2011/09/15 17:36:27.0643 6844 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
2011/09/15 17:36:27.0705 6844 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
2011/09/15 17:36:27.0783 6844 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\windows\system32\DRIVERS\fssfltr.sys
2011/09/15 17:36:27.0814 6844 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
2011/09/15 17:36:27.0877 6844 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
2011/09/15 17:36:27.0923 6844 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/09/15 17:36:27.0986 6844 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
2011/09/15 17:36:28.0033 6844 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
2011/09/15 17:36:28.0079 6844 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/09/15 17:36:28.0126 6844 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
2011/09/15 17:36:28.0204 6844 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
2011/09/15 17:36:28.0251 6844 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
2011/09/15 17:36:28.0298 6844 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
2011/09/15 17:36:28.0360 6844 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/09/15 17:36:28.0438 6844 HssDrv (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\windows\system32\DRIVERS\HssDrv.sys
2011/09/15 17:36:28.0516 6844 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
2011/09/15 17:36:28.0563 6844 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
2011/09/15 17:36:28.0610 6844 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
2011/09/15 17:36:28.0672 6844 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\windows\system32\DRIVERS\iaStor.sys
2011/09/15 17:36:28.0750 6844 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
2011/09/15 17:36:28.0828 6844 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
2011/09/15 17:36:28.0969 6844 IntcAzAudAddService (9297bc7fb61f58670ee176dd18f4dd92) C:\windows\system32\drivers\RTKVHD64.sys
2011/09/15 17:36:29.0062 6844 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
2011/09/15 17:36:29.0109 6844 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
2011/09/15 17:36:29.0156 6844 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/09/15 17:36:29.0218 6844 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/09/15 17:36:29.0265 6844 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
2011/09/15 17:36:29.0312 6844 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
2011/09/15 17:36:29.0374 6844 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
2011/09/15 17:36:29.0421 6844 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
2011/09/15 17:36:29.0452 6844 JMCR (02bd12c2ee52f0849a5d6f9a2fa67b4e) C:\windows\system32\DRIVERS\jmcr.sys
2011/09/15 17:36:29.0499 6844 johci (e662cb468a1cff3a57e120a212fadd57) C:\windows\system32\DRIVERS\johci.sys
2011/09/15 17:36:29.0530 6844 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
2011/09/15 17:36:29.0561 6844 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
2011/09/15 17:36:29.0608 6844 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
2011/09/15 17:36:29.0671 6844 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
2011/09/15 17:36:29.0702 6844 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
2011/09/15 17:36:29.0811 6844 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\windows\system32\DRIVERS\lirsgt.sys
2011/09/15 17:36:29.0842 6844 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
2011/09/15 17:36:29.0920 6844 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/09/15 17:36:29.0951 6844 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/09/15 17:36:30.0014 6844 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/09/15 17:36:30.0061 6844 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/09/15 17:36:30.0092 6844 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
2011/09/15 17:36:30.0185 6844 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\windows\system32\drivers\mbam.sys
2011/09/15 17:36:30.0232 6844 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
2011/09/15 17:36:30.0263 6844 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
2011/09/15 17:36:30.0341 6844 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
2011/09/15 17:36:30.0357 6844 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
2011/09/15 17:36:30.0404 6844 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
2011/09/15 17:36:30.0435 6844 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
2011/09/15 17:36:30.0466 6844 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
2011/09/15 17:36:30.0497 6844 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
2011/09/15 17:36:30.0529 6844 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
2011/09/15 17:36:30.0575 6844 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
2011/09/15 17:36:30.0638 6844 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/09/15 17:36:30.0700 6844 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/09/15 17:36:30.0747 6844 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/09/15 17:36:30.0778 6844 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
2011/09/15 17:36:30.0809 6844 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
2011/09/15 17:36:30.0872 6844 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
2011/09/15 17:36:30.0887 6844 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
2011/09/15 17:36:30.0934 6844 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
2011/09/15 17:36:31.0012 6844 MSI_DVD_010507 (b0142fb630770fd1e31983793cef5945) C:\PROGRA~1\MSI\MSIWDev\DVDSYS64_100507.sys
2011/09/15 17:36:31.0075 6844 MSI_MSIBIOS_010507 (192476c10371dc83243d67432b2cdcbf) C:\PROGRA~1\MSI\MSIWDev\msibios64_100507.sys
2011/09/15 17:36:31.0106 6844 MSI_VGASYS_010507 (541721064012dd044aeb1b74fbdbda14) C:\PROGRA~1\MSI\MSIWDev\VGASYS64_100507.sys
2011/09/15 17:36:31.0153 6844 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
2011/09/15 17:36:31.0184 6844 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
2011/09/15 17:36:31.0231 6844 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
2011/09/15 17:36:31.0262 6844 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
2011/09/15 17:36:31.0309 6844 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
2011/09/15 17:36:31.0355 6844 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
2011/09/15 17:36:31.0387 6844 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
2011/09/15 17:36:31.0418 6844 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
2011/09/15 17:36:31.0465 6844 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
2011/09/15 17:36:31.0527 6844 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
2011/09/15 17:36:31.0589 6844 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
2011/09/15 17:36:31.0636 6844 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
2011/09/15 17:36:31.0683 6844 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
2011/09/15 17:36:31.0714 6844 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
2011/09/15 17:36:31.0761 6844 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
2011/09/15 17:36:31.0792 6844 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
2011/09/15 17:36:31.0823 6844 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
2011/09/15 17:36:31.0933 6844 netr7364 (81b8d0c1ce44a7fdbd596b693783950c) C:\windows\system32\DRIVERS\netr7364.sys
2011/09/15 17:36:32.0151 6844 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\windows\system32\DRIVERS\NETw5s64.sys
2011/09/15 17:36:32.0369 6844 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
2011/09/15 17:36:32.0416 6844 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
2011/09/15 17:36:32.0463 6844 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
2011/09/15 17:36:32.0541 6844 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
2011/09/15 17:36:32.0619 6844 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
2011/09/15 17:36:32.0681 6844 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
2011/09/15 17:36:32.0728 6844 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
2011/09/15 17:36:32.0775 6844 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
2011/09/15 17:36:32.0822 6844 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
2011/09/15 17:36:32.0884 6844 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
2011/09/15 17:36:32.0915 6844 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
2011/09/15 17:36:32.0962 6844 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
2011/09/15 17:36:32.0993 6844 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
2011/09/15 17:36:33.0040 6844 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
2011/09/15 17:36:33.0087 6844 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
2011/09/15 17:36:33.0118 6844 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
2011/09/15 17:36:33.0305 6844 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
2011/09/15 17:36:33.0352 6844 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
2011/09/15 17:36:33.0415 6844 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
2011/09/15 17:36:33.0508 6844 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
2011/09/15 17:36:33.0602 6844 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
2011/09/15 17:36:33.0649 6844 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
2011/09/15 17:36:33.0695 6844 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
2011/09/15 17:36:33.0758 6844 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/09/15 17:36:33.0789 6844 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/09/15 17:36:33.0851 6844 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
2011/09/15 17:36:33.0883 6844 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
2011/09/15 17:36:33.0914 6844 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
2011/09/15 17:36:33.0961 6844 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
2011/09/15 17:36:34.0023 6844 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/09/15 17:36:34.0070 6844 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
2011/09/15 17:36:34.0101 6844 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
2011/09/15 17:36:34.0163 6844 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
2011/09/15 17:36:34.0195 6844 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
2011/09/15 17:36:34.0257 6844 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
2011/09/15 17:36:34.0335 6844 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
2011/09/15 17:36:34.0382 6844 RTHDMIAzAudService (4e821c740a675f6d040be41d59a62b1d) C:\windows\system32\drivers\RtHDMIVX.sys
2011/09/15 17:36:34.0444 6844 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys
2011/09/15 17:36:34.0522 6844 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
2011/09/15 17:36:34.0647 6844 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\windows\system32\drivers\SCDEmu.sys
2011/09/15 17:36:34.0694 6844 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
2011/09/15 17:36:34.0756 6844 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\windows\system32\DRIVERS\sdbus.sys
2011/09/15 17:36:34.0819 6844 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
2011/09/15 17:36:34.0881 6844 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
2011/09/15 17:36:34.0928 6844 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
2011/09/15 17:36:34.0975 6844 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
2011/09/15 17:36:35.0053 6844 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
2011/09/15 17:36:35.0084 6844 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
2011/09/15 17:36:35.0115 6844 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\windows\system32\DRIVERS\sffp_sd.sys
2011/09/15 17:36:35.0162 6844 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
2011/09/15 17:36:35.0224 6844 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/09/15 17:36:35.0255 6844 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
2011/09/15 17:36:35.0302 6844 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
2011/09/15 17:36:35.0365 6844 smserial (aa59ba9348ebdeb455027c455538a08e) C:\windows\system32\DRIVERS\smserial.sys
2011/09/15 17:36:35.0489 6844 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
2011/09/15 17:36:35.0567 6844 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
2011/09/15 17:36:35.0614 6844 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
2011/09/15 17:36:35.0661 6844 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
2011/09/15 17:36:35.0739 6844 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
2011/09/15 17:36:35.0786 6844 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
2011/09/15 17:36:35.0926 6844 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\drivers\tcpip.sys
2011/09/15 17:36:36.0082 6844 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\DRIVERS\tcpip.sys
2011/09/15 17:36:36.0160 6844 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
2011/09/15 17:36:36.0207 6844 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
2011/09/15 17:36:36.0238 6844 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
2011/09/15 17:36:36.0285 6844 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
2011/09/15 17:36:36.0316 6844 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
2011/09/15 17:36:36.0394 6844 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/09/15 17:36:36.0441 6844 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
2011/09/15 17:36:36.0472 6844 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
2011/09/15 17:36:36.0519 6844 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
2011/09/15 17:36:36.0581 6844 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/09/15 17:36:36.0613 6844 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
2011/09/15 17:36:36.0659 6844 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
2011/09/15 17:36:36.0737 6844 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys
2011/09/15 17:36:36.0800 6844 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\windows\system32\drivers\usbaudio.sys
2011/09/15 17:36:36.0847 6844 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\windows\system32\DRIVERS\usbccgp.sys
2011/09/15 17:36:36.0893 6844 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
2011/09/15 17:36:36.0925 6844 usbehci (92969ba5ac44e229c55a332864f79677) C:\windows\system32\drivers\usbehci.sys
2011/09/15 17:36:36.0971 6844 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\windows\system32\DRIVERS\usbhub.sys
2011/09/15 17:36:37.0034 6844 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\windows\system32\drivers\usbohci.sys
2011/09/15 17:36:37.0065 6844 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
2011/09/15 17:36:37.0112 6844 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/09/15 17:36:37.0143 6844 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\windows\system32\drivers\usbuhci.sys
2011/09/15 17:36:37.0190 6844 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
2011/09/15 17:36:37.0252 6844 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/09/15 17:36:37.0299 6844 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
2011/09/15 17:36:37.0346 6844 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
2011/09/15 17:36:37.0377 6844 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
2011/09/15 17:36:37.0424 6844 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
2011/09/15 17:36:37.0455 6844 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
2011/09/15 17:36:37.0502 6844 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
2011/09/15 17:36:37.0549 6844 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
2011/09/15 17:36:37.0595 6844 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
2011/09/15 17:36:37.0642 6844 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
2011/09/15 17:36:37.0673 6844 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
2011/09/15 17:36:37.0736 6844 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
2011/09/15 17:36:37.0783 6844 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
2011/09/15 17:36:37.0814 6844 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
2011/09/15 17:36:37.0892 6844 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
2011/09/15 17:36:37.0939 6844 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
2011/09/15 17:36:38.0063 6844 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
2011/09/15 17:36:38.0095 6844 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
2011/09/15 17:36:38.0219 6844 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/09/15 17:36:38.0282 6844 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
2011/09/15 17:36:38.0360 6844 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
2011/09/15 17:36:38.0391 6844 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/09/15 17:36:38.0485 6844 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\windows\system32\DRIVERS\xusb21.sys
2011/09/15 17:36:38.0563 6844 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/09/15 17:36:38.0609 6844 Boot (0x1200) (40cff08d87c2b568983bbbe1df15f2ef) \Device\Harddisk0\DR0\Partition0
2011/09/15 17:36:38.0641 6844 Boot (0x1200) (bb7677cde1b3f49e7684cec4a4eb8862) \Device\Harddisk0\DR0\Partition1
2011/09/15 17:36:38.0656 6844 ================================================================================
2011/09/15 17:36:38.0656 6844 Scan finished
2011/09/15 17:36:38.0656 6844 ================================================================================
2011/09/15 17:36:38.0672 6344 Detected object count: 0
2011/09/15 17:36:38.0672 6344 Actual detected object count: 0

Alt 15.09.2011, 19:24   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Search Redirect Virus - Standard

Search Redirect Virus



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.09.2011, 11:54   #14
Chronisch
 
Search Redirect Virus - Standard

Search Redirect Virus



Die Logs von Combofix:

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-09-16.01 - WiNas 17.09.2011   2:00.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.4078.2618 [GMT 2:00]
ausgeführt von:: c:\users\WiNas\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Skype\Plugin Manager\SkypePM.exe
c:\users\Public\Documents\22.wma
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-08-17 bis 2011-09-17  ))))))))))))))))))))))))))))))
.
.
2011-09-17 00:11 . 2011-09-17 00:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-09-14 15:31 . 2011-09-14 15:31	--------	d-----w-	C:\_OTL
2011-09-13 09:29 . 2011-09-13 09:29	--------	d-----w-	c:\users\WiNas\AppData\Local\Google
2011-09-12 14:00 . 2011-09-12 14:00	--------	d-----w-	c:\program files (x86)\ESET
2011-09-10 08:34 . 2011-09-10 08:34	--------	d-----w-	C:\OUT_MEDIA_FILES
2011-09-10 08:33 . 2011-09-10 08:34	--------	d-----w-	c:\program files (x86)\Alt MP3 Bitrate Converter
2011-09-10 08:18 . 2011-09-10 08:19	--------	d-----w-	C:\fifa
2011-09-10 08:14 . 2011-09-10 08:16	--------	d-----w-	c:\users\WiNas\AppData\Local\fifafs_for_windows
2011-09-10 05:36 . 2011-09-10 05:36	--------	d-----w-	c:\users\WiNas\AppData\Roaming\Malwarebytes
2011-09-10 05:35 . 2011-09-10 05:35	--------	d-----w-	c:\programdata\Malwarebytes
2011-09-10 05:35 . 2011-07-06 17:52	41272	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-10 05:35 . 2011-07-06 17:52	25912	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-09-10 05:35 . 2011-09-10 05:35	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-08 18:03 . 2011-09-13 15:58	--------	d-----w-	c:\program files (x86)\Emsisoft Anti-Malware
2011-09-08 07:07 . 2011-09-08 07:07	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2011-08-24 04:34 . 2011-07-09 05:14	2048	----a-w-	c:\windows\system32\tzres.dll
2011-08-24 04:34 . 2011-07-09 04:30	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2011-08-23 05:41 . 2011-08-12 04:10	8862544	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{03D28C7F-8BDF-464F-B1DF-AE0D9442E85B}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-08 07:11 . 2011-07-10 19:43	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-26 21:16 . 2011-02-07 12:41	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2011-07-26 21:16 . 2011-02-07 12:41	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2011-07-26 21:16 . 2011-02-07 12:41	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2011-07-26 21:16 . 2011-02-07 12:41	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2011-07-22 16:56 . 2011-07-22 16:56	5636	----a-w-	c:\windows\SysWow64\ealregsnapshot1.reg
2011-07-22 05:35 . 2011-08-10 23:10	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-07-22 04:56 . 2011-08-10 23:10	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:26 . 2011-08-10 23:09	362496	----a-w-	c:\windows\system32\wow64win.dll
2011-07-16 05:26 . 2011-08-10 23:09	243200	----a-w-	c:\windows\system32\wow64.dll
2011-07-16 05:26 . 2011-08-10 23:09	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2011-07-16 05:26 . 2011-08-10 23:09	214528	----a-w-	c:\windows\system32\winsrv.dll
2011-07-16 05:24 . 2011-08-10 23:09	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2011-07-16 05:21 . 2011-08-10 23:09	422400	----a-w-	c:\windows\system32\KernelBase.dll
2011-07-16 05:17 . 2011-08-10 23:09	338432	----a-w-	c:\windows\system32\conhost.exe
2011-07-16 05:04 . 2011-08-10 23:09	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 23:09	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 23:09	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 23:09	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 23:09	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 23:09	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 23:09	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 23:09	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 23:09	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 23:09	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 23:09	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 23:09	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 23:09	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 23:09	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 23:09	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 23:09	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 23:09	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 23:09	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 23:09	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 23:09	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 23:09	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 23:09	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 23:09	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 23:09	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 23:09	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 23:09	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 23:09	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 23:09	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:36 . 2011-08-10 23:09	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:32 . 2011-08-10 23:09	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2011-07-16 04:31 . 2011-08-10 23:09	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2011-07-16 04:30 . 2011-08-10 23:09	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2011-07-16 04:30 . 2011-08-10 23:09	272384	----a-w-	c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:19 . 2011-08-10 23:09	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 23:09	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 23:09	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 23:09	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 23:09	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 23:09	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 23:09	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 23:09	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 23:09	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 23:09	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 23:09	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 23:09	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 23:09	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 23:09	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 23:09	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 23:09	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 23:09	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 23:09	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 23:09	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 23:09	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 23:09	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 23:09	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 23:09	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 23:09	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:26 . 2011-08-10 23:09	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2011-07-16 02:26 . 2011-08-10 23:09	2048	----a-w-	c:\windows\SysWow64\user.exe
2011-07-16 02:21 . 2011-08-10 23:09	6144	---ha-w-	c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 23:09	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 23:09	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 23:09	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:44 . 2011-08-10 23:09	287744	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-06-23 05:29 . 2011-08-10 23:06	5507968	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-06-23 04:38 . 2011-08-10 23:06	3957120	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:38 . 2011-08-10 23:06	3902336	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2011-06-21 06:27 . 2011-08-10 23:08	1896832	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-06-21 06:20 . 2011-08-10 23:10	1197056	----a-w-	c:\windows\system32\wininet.dll
2011-06-21 06:20 . 2011-08-10 23:10	57856	----a-w-	c:\windows\system32\licmgr10.dll
2011-06-21 05:36 . 2011-08-10 23:10	981504	----a-w-	c:\windows\SysWow64\wininet.dll
2011-06-21 05:35 . 2011-08-10 23:10	44544	----a-w-	c:\windows\SysWow64\licmgr10.dll
2011-06-21 05:05 . 2011-08-10 23:10	482816	----a-w-	c:\windows\system32\html.iec
2011-06-21 04:26 . 2011-08-10 23:10	386048	----a-w-	c:\windows\SysWow64\html.iec
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-16 1242448]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2010-08-20 33120]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"DietPower 4.4 Update Setup for All Users"="c:\programdata\{7689A553-874D-4F62-ABC0-C6643D2F1962}\DietPowerSetup.exe" [2009-04-23 2397768]
"EA Core"="c:\program files (x86)\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MGSysCtrl"="c:\program files (x86)\System Control Manager\MGSysCtrl.exe" [2009-08-05 2072576]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"SecureW2 Tray"="c:\program files (x86)\SecureW2\sw2_tray.exe" [2010-11-05 279944]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ZDWLan Utility.lnk - c:\program files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2011-8-13 413696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
"ForceActiveDesktopOn"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
SetupExecute	REG_MULTI_SZ   	\0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\System32\Drivers\btmcom.sys [x]
R3 BTMHID;BTMHID;c:\windows\system32\DRIVERS\btmhid.sys [x]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [x]
R3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [x]
R3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [x]
R3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIWDev\DVDSYS64_100507.sys [2010-05-10 28984]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios64_100507.sys [2010-05-10 33592]
R3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\MSI\MSIWDev\VGASYS64_100507.sys [2010-05-10 14960]
R3 netr7364;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [x]
S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2010-09-05 48216]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-05 14720]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-06-30 3029208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2009-12-21 637192]
S2 Giraffic;Giraffic Video Accelerator;c:\program files (x86)\Giraffic\GirafficWatchdog.exe [2011-08-24 2219664]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2011-04-14 328952]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 SW2SVC;SecureW2 Service;c:\program files (x86)\SecureW2\sw2_service.exe [2010-11-05 118152]
S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-02-20 85800]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-01-25 4154120]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-01-26 1029896]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-04-09 1028096]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 74509044
*Deregistered* - 74509044
.
Inhalt des "geplante Tasks" Ordners
.
2011-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4086237714-932796241-2580729142-1000Core.job
- c:\users\WiNas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-13 09:29]
.
2011-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4086237714-932796241-2580729142-1000UA.job
- c:\users\WiNas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-13 09:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2011-04-14 23:19	286456	----a-w-	c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-02-13 20433160]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2010-01-12 1702400]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2851647
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Alles mit FlashGet laden - c:\program files (x86)\FlashGet\jc_all.htm
IE: &Mit FlashGet laden - c:\program files (x86)\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
FF - ProfilePath - c:\users\WiNas\AppData\Roaming\Mozilla\Firefox\Profiles\rkqgl2a9.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: afurladvisor: afurladvisor@anchorfree.com - c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar_DE Community Toolbar: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - %profile%\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\WiNas\AppData\Roaming\Move Networks
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
BHO-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
Wow6432Node-HKCU-Run-RGSC - c:\spiele\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe
Wow6432Node-HKCU-Run-DietPower 4.4 Update Setup - c:\users\WiNas\AppData\Local\{7689A553-874D-4F62-ABC0-C6643D2F1962}\DietPowerSetup.exe
AddRemove-BattlEye - c:\spiele\ArmA 2 Operation ArrowheadExpansion\BattlEye\UnInstallBE.exe
AddRemove-HotspotShield - c:\program files (x86)\Hotspot Shield\Uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{B5E0195A-A38A-46B2-A770-9F2362834E2B} - c:\spiele\Thief - Deadly Shadows\Uninst.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\WiNas\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4086237714-932796241-2580729142-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4086237714-932796241-2580729142-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-4086237714-932796241-2580729142-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:a3,74,e9,82,52,94,07,57,a9,e0,27,d9,83,29,69,af,49,73,25,a5,bb,a5,1a,
   7d,31,b0,2c,91,5c,ee,15,94,85,b6,b3,92,bf,6b,62,bc,86,66,f7,a7,59,a9,4b,b7,\
"??"=hex:28,a7,60,03,63,5e,4c,54,71,69,c6,55,68,dd,a2,56
.
[HKEY_USERS\S-1-5-21-4086237714-932796241-2580729142-1000\Software\SecuROM\License information*]
"datasecu"=hex:cc,60,ae,f4,6d,a5,04,01,32,12,cd,6b,32,51,84,a0,95,3c,22,a8,41,
   8f,5b,91,70,af,b8,f6,bf,3a,71,2c,65,5d,ea,0d,b5,b0,a5,40,6f,38,1f,8b,91,85,\
"rkeysecu"=hex:38,e1,19,cb,d3,d1,40,ac,73,6f,36,a1,52,d4,38,40
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-09-17  02:16:15
ComboFix-quarantined-files.txt  2011-09-17 00:16
.
Vor Suchlauf: 19 Verzeichnis(se), 40.238.997.504 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 40.832.647.168 Bytes frei
.
- - End Of File - - 45449EE61790A183421E3D508771C6FA
         
--- --- ---

Alt 17.09.2011, 13:37   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Search Redirect Virus - Standard

Search Redirect Virus



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Search Redirect Virus
.html, beste, blockieren, einfach, erreiche, folge, folgendes, google, hosts, konnte, kriege, langer, leere, nutzbar, praktisch, redirect, redirect google search, redirect-virus, scans, schlimmer, search, thema, virus



Ähnliche Themen: Search Redirect Virus


  1. Search.yahoo.com redirect entfernen
    Anleitungen, FAQs & Links - 14.11.2015 (2)
  2. Search.mysportsxp.com redirect entfernen
    Anleitungen, FAQs & Links - 13.11.2015 (2)
  3. Search.youremailcenter.com redirect entfernen
    Anleitungen, FAQs & Links - 13.11.2015 (2)
  4. Search.wowmusix.com redirect entfernen
    Anleitungen, FAQs & Links - 12.11.2015 (2)
  5. Filmate-search.com redirect entfernen
    Anleitungen, FAQs & Links - 12.11.2015 (2)
  6. Search.softorama.com redirect entfernen
    Anleitungen, FAQs & Links - 12.11.2015 (2)
  7. Search.yourmapsnow.com redirect entfernen
    Anleitungen, FAQs & Links - 12.11.2015 (2)
  8. Search.golliver.com redirect entfernen
    Anleitungen, FAQs & Links - 09.11.2015 (2)
  9. Search.findeer.com redirect entfernen
    Anleitungen, FAQs & Links - 09.11.2015 (2)
  10. Search.findwide.com redirect entfernen
    Anleitungen, FAQs & Links - 06.11.2015 (2)
  11. Secury-search.com redirect entfernen
    Anleitungen, FAQs & Links - 01.11.2015 (2)
  12. Broadband-Search.com redirect entfernen
    Anleitungen, FAQs & Links - 30.10.2015 (2)
  13. Search Pile redirect entfernen
    Anleitungen, FAQs & Links - 17.08.2015 (2)
  14. My online search virus - redirect auf Bing.com
    Plagegeister aller Art und deren Bekämpfung - 18.12.2013 (11)
  15. Delta Search Redirect, letzte Monate mit alter Java Version gesurft
    Log-Analyse und Auswertung - 31.07.2013 (7)
  16. Yahoo Search Redirect Virus
    Plagegeister aller Art und deren Bekämpfung - 22.05.2011 (8)
  17. search-gala.com redirect
    Plagegeister aller Art und deren Bekämpfung - 19.04.2010 (1)

Zum Thema Search Redirect Virus - Hallo, Ich leide seit langer Zeit an das Redirect-Virus und irgendwie ist es in letzter Zeit schlimmer geworden so das Google praktisch unnutzbar ist. Das beste, was ich erreichen konnte, - Search Redirect Virus...
Archiv
Du betrachtest: Search Redirect Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.