Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 03.12.2011, 15:43   #1
Grisu 35
 
Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet - Standard

Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet



Hallo,
ich habe versucht alle Logfiles zu erstellen und hoffe es ist richtig so.
Zu meinem Problem: Seit ca. 4 Tagen konnte Antivir nicht mehr auto-updaten. Außerdem bin ich bei Google öfter auf komische Seiten (Search, Werbeseiten) umgeleitet worden. Firefox brauchte auch beim Starten sehr lange und hatte meist eine Weile keine Rückmeldung.
Meine eigenen Schritte:
Zunächst habe ich versucht Antivir mit einem aktuellen Download per Überinstallation zu reparieren und immer wieder versucht zu aktualisieren. Zwischendurch hat das auch einmal geklappt. Nun geht es wieder nicht mehr. Ich habe bei einem Vollscan mehrere Schädlinge gefunden und in die Quarantäne packen lassen. (Log hängt an, sieht allerdings komisch aus weil ausversehen der Scanner doppelt lief und daher die Dateien schon vom ersten weggepakt wurden- der Log ist aber vom zweiten - sorry) Sind aber die selben Warnmeldungen.
Nun findet Antivir nichts mehr und eine Antivir Boot-CD eines Kollegen (ca. 14 Tage alt) hat auch nichts mehr gefunden. Ich konnte aber die Boot-CD nicht updaten lassen.
Andere Probleme als das weiterleiten bei Suchmaschienen und das Updaten habe ich nicht. Windowsupdates liefen OK. Wir haben eine Fritzbox und ich hoffe das der Schädling noch nichts nach aussen senden konnte... Wäre toll wenn Ihr mir weiter helfen könntet - Komplett neu aufsetzten wäre der GAU...
Und ja, ich weiß ich hab viel komischen Kram auf dem Computer
Danke schon einmal!

Hier die LOG von OTL, die anderen im Anhang.

OTL logfile created on: 03.12.2011 14:21:14 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Steffi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1021,38 Mb Total Physical Memory | 363,01 Mb Available Physical Memory | 35,54% Memory free
2,25 Gb Paging File | 1,22 Gb Available in Paging File | 54,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 71,28 Gb Total Space | 12,26 Gb Free Space | 17,20% Space Free | Partition Type: NTFS
Drive D: | 70,94 Gb Total Space | 40,84 Gb Free Space | 57,58% Space Free | Partition Type: NTFS

Computer Name: GRISU | User Name: Steffi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.12.03 13:50:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Steffi\Desktop\OTL.exe
PRC - [2011.12.03 13:27:39 | 000,173,056 | ---- | M] () -- C:\Users\Steffi\AppData\Roaming\2839F\EE168.exe
PRC - [2011.12.02 10:05:02 | 000,189,952 | ---- | M] () -- C:\Users\Steffi\AppData\Roaming\9F2CC\lvvm.exe
PRC - [2011.12.01 17:01:34 | 000,286,208 | ---- | M] () -- C:\Users\Steffi\AppData\Roaming\Microsoft\D512\551.exe
PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.08.31 09:43:46 | 000,241,664 | ---- | M] () -- C:\Programme\Join Air\AssistantServices.exe
PRC - [2009.08.31 09:43:14 | 000,132,608 | ---- | M] () -- C:\Programme\Join Air\UIExec.exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.16 16:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.10.16 15:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.04.14 15:45:22 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Steffi\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2006.12.08 13:35:24 | 000,614,400 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2006.12.01 09:34:16 | 000,131,072 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2006.12.01 06:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.11.30 18:39:10 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2006.11.30 16:48:26 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006.11.23 15:24:46 | 000,319,488 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2006.11.20 20:43:08 | 000,118,784 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2006.11.20 20:04:18 | 000,720,896 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2006.11.17 07:26:58 | 000,453,120 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2006.11.16 15:35:18 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2006.11.12 23:13:10 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2006.11.12 11:35:58 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011.12.03 13:27:39 | 000,173,056 | ---- | M] () -- C:\Users\Steffi\AppData\Roaming\2839F\EE168.exe
MOD - [2011.12.02 10:05:02 | 000,189,952 | ---- | M] () -- C:\Users\Steffi\AppData\Roaming\9F2CC\lvvm.exe
MOD - [2011.12.01 17:01:34 | 000,286,208 | ---- | M] () -- C:\Users\Steffi\AppData\Roaming\Microsoft\D512\551.exe
MOD - [2011.12.01 10:42:08 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011.12.01 10:40:11 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll
MOD - [2011.12.01 10:40:02 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011.12.01 10:39:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011.12.01 10:39:36 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011.12.01 10:37:57 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011.12.01 10:37:34 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011.12.01 10:37:23 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011.12.01 10:36:03 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011.12.01 10:35:52 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.03.27 21:11:04 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2009.08.31 09:43:14 | 000,132,608 | ---- | M] () -- C:\Programme\Join Air\UIExec.exe
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2006.11.30 20:56:32 | 000,696,320 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll
MOD - [2006.11.30 20:56:32 | 000,036,864 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll
MOD - [2006.11.23 18:14:32 | 000,245,760 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
MOD - [2006.11.23 15:24:42 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
MOD - [2006.11.23 15:24:26 | 000,020,480 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
MOD - [2006.11.20 20:04:16 | 000,237,568 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
MOD - [2006.11.16 15:34:54 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
MOD - [2006.11.16 12:20:46 | 000,172,032 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\eDSplugin.dll
MOD - [2006.11.16 12:19:10 | 000,037,376 | ---- | M] () -- C:\Windows\System32\MSNChatHook.dll
MOD - [2006.11.16 12:18:50 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll
MOD - [2006.11.12 23:13:14 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
MOD - [2006.11.12 23:13:14 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll
MOD - [2006.11.12 23:13:00 | 000,010,752 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll
MOD - [2006.11.12 23:12:58 | 000,126,976 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
MOD - [2006.11.12 23:12:56 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
MOD - [2006.11.12 23:12:46 | 000,540,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
MOD - [2006.09.04 09:41:14 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2006.08.08 10:11:06 | 000,073,216 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\Wlan.dll
MOD - [2003.06.07 06:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.08.31 09:43:46 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Programme\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2008.12.01 20:48:19 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.10.16 16:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.10.16 15:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2006.12.01 09:34:16 | 000,131,072 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006.11.30 18:39:10 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006.11.20 20:43:08 | 000,118,784 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2006.11.16 15:35:18 | 000,045,056 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006.11.12 23:13:10 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)


========== Driver Services (SafeList) ==========

DRV - [2011.10.11 14:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.07.20 13:44:58 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.22 15:35:04 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.02.02 17:14:20 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.02.02 17:14:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.02.02 17:14:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008.11.17 06:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.11.08 09:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.04.10 09:00:00 | 000,389,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2006.12.20 20:50:00 | 004,448,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.11.22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006.11.02 14:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.10.30 02:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.10.25 07:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006.10.25 07:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006.10.25 07:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006.10.18 15:44:30 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2006.08.04 10:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005.01.13 13:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.94
FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.71
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 56040
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Programme\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Steffi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.26 19:07:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.26 14:15:41 | 000,000,000 | ---D | M]

[2008.12.21 12:16:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi\AppData\Roaming\mozilla\Extensions
[2011.11.18 20:14:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi\AppData\Roaming\mozilla\Firefox\Profiles\iv44ljhc.default\extensions
[2010.07.13 06:33:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Steffi\AppData\Roaming\mozilla\Firefox\Profiles\iv44ljhc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.02 18:18:22 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Users\Steffi\AppData\Roaming\mozilla\Firefox\Profiles\iv44ljhc.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2011.11.26 19:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\STEFFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IV44LJHC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.26 19:07:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.27 12:08:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.27 12:08:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.27 12:08:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.27 12:08:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.27 12:08:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.27 12:08:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Join Air\UIExec.exe ()
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKCU..\Run: [4C8.exe] C:\Users\Steffi\AppData\Roaming\Microsoft\8932\4C8.exe ()
O4 - HKCU..\Run: [551.exe] C:\Users\Steffi\AppData\Roaming\Microsoft\D512\551.exe ()
O4 - HKCU..\Run: [579.exe] C:\Users\Steffi\AppData\Roaming\Microsoft\5112\579.exe ()
O4 - HKCU..\Run: [8DE.exe] C:\Users\Steffi\AppData\Roaming\Microsoft\ABB2\8DE.exe ()
O4 - HKCU..\Run: [B1A.exe] C:\Users\Steffi\AppData\Roaming\Microsoft\BA12\B1A.exe ()
O4 - HKCU..\Run: [E15.exe] C:\Users\Steffi\AppData\Roaming\Microsoft\3EC2\E15.exe ()
O4 - HKCU..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\Run: [捁牥吠畯r] File not found
F3 - HKCU WinNT: Load - (C:\Users\Steffi\AppData\Roaming\9F2CC\lvvm.exe) -C:\Users\Steffi\AppData\Roaming\9F2CC\lvvm.exe ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1F831FA3-42FC-11D4-95A6-0080AD30DCE1} file:///C:/Programme/AutoCAD%202002%20Deu/InstFred.ocx (InstaFred)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Programme/AutoCAD%202002%20Deu/AcDcToday.ocx (AcDcToday-Steuerung)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AE563724-B4F5-11D4-A415-00108302FDFD} file:///C:/Programme/AutoCAD%202002%20Deu/InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Programme/AutoCAD%202002%20Deu/AcPreview.ocx (AcPreview-Steuerung)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{599E380C-9F2F-41D6-914C-38FBA143A0A4}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Steffi\AppData\Roaming\2839F\B81AB.exe) -C:\Users\Steffi\AppData\Roaming\2839F\B81AB.exe ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.12.05 03:24:29 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0c0265da-89ca-11de-8f48-0016d46869d2}\Shell - "" = AutoRun
O33 - MountPoints2\{0c0265da-89ca-11de-8f48-0016d46869d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0c0265f9-89ca-11de-8f48-0016d46869d2}\Shell - "" = AutoRun
O33 - MountPoints2\{0c0265f9-89ca-11de-8f48-0016d46869d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{48a114c8-a91b-11de-9021-0016d46869d2}\Shell - "" = AutoRun
O33 - MountPoints2\{48a114c8-a91b-11de-9021-0016d46869d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{48a114ca-a91b-11de-9021-0016d46869d2}\Shell - "" = AutoRun
O33 - MountPoints2\{48a114ca-a91b-11de-9021-0016d46869d2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6b068047-9898-11de-a14d-0016d46869d2}\Shell - "" = AutoRun
O33 - MountPoints2\{6b068047-9898-11de-a14d-0016d46869d2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6b068049-9898-11de-a14d-0016d46869d2}\Shell - "" = AutoRun
O33 - MountPoints2\{6b068049-9898-11de-a14d-0016d46869d2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fe3e9f66-9d70-11de-ad97-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fe3e9f66-9d70-11de-ad97-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {76E7A40E-A6D8-0D3A-A2C5-04CBB4C2F830} - Themes Setup
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: 捁牥吠畯⁲敒業摮牥 - hkey= - key= - File not found
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.12.03 13:50:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Steffi\Desktop\OTL.exe
[2011.12.02 23:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.01 09:49:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.11.24 18:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011.11.24 17:14:30 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\9F2CC
[2011.11.24 17:13:52 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\2839F
[2011.11.23 17:04:21 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Local\Unity
[2011.11.20 16:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ovis
[2011.11.20 16:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Ovis
[2011.11.17 17:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011.11.17 14:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[2011.11.14 13:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.08 12:06:09 | 000,000,000 | --SD | C] -- C:\Users\Steffi\Documents\Eigene Datenquellen
[2011.11.06 11:39:26 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\dvdcss
[2007.04.14 15:55:35 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2006.12.05 03:31:45 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

========== Files - Modified Within 30 Days ==========

[2011.12.03 14:15:15 | 000,633,580 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.03 14:15:15 | 000,600,138 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.03 14:15:15 | 000,128,796 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.03 14:15:15 | 000,106,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.03 14:13:43 | 000,049,528 | ---- | M] () -- C:\Users\Steffi\AppData\Roaming\nvModes.001
[2011.12.03 14:11:29 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.03 14:10:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.03 14:10:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.03 14:10:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.03 14:10:36 | 1071,767,552 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.03 14:07:24 | 000,000,000 | ---- | M] () -- C:\Users\Steffi\defogger_reenable
[2011.12.03 14:04:14 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.03 13:58:31 | 000,302,592 | ---- | M] () -- C:\Users\Steffi\Desktop\bv6lfwgn.exe
[2011.12.03 13:50:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Steffi\Desktop\OTL.exe
[2011.12.03 13:49:19 | 000,050,477 | ---- | M] () -- C:\Users\Steffi\Desktop\Defogger.exe
[2011.12.03 13:31:01 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{02450484-794A-42CC-8D18-CF725362E277}.job
[2011.12.02 23:26:37 | 001,666,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.02 17:19:36 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2011.12.01 09:59:44 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011.11.30 19:23:36 | 000,044,032 | ---- | M] () -- C:\Users\Steffi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.29 17:21:37 | 000,049,528 | ---- | M] () -- C:\Users\Steffi\AppData\Roaming\nvModes.dat
[2011.11.24 18:13:05 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011.11.20 16:28:01 | 000,000,973 | ---- | M] () -- C:\Users\Steffi\Desktop\pdf-Recover.lnk
[2011.11.17 14:13:03 | 000,001,906 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
[2011.11.04 15:39:13 | 000,004,096 | -H-- | M] () -- C:\Users\Steffi\AppData\Local\keyfile3.drm

========== Files Created - No Company Name ==========

[2011.12.03 14:07:24 | 000,000,000 | ---- | C] () -- C:\Users\Steffi\defogger_reenable
[2011.12.03 13:58:30 | 000,302,592 | ---- | C] () -- C:\Users\Steffi\Desktop\bv6lfwgn.exe
[2011.12.03 13:49:16 | 000,050,477 | ---- | C] () -- C:\Users\Steffi\Desktop\Defogger.exe
[2011.12.01 14:49:19 | 1071,767,552 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.01 09:59:44 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.11.24 18:12:12 | 000,000,388 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011.11.20 16:28:01 | 000,000,973 | ---- | C] () -- C:\Users\Steffi\Desktop\pdf-Recover.lnk
[2011.11.17 14:13:03 | 000,001,906 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
[2010.07.20 13:44:58 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2010.07.19 17:45:10 | 000,079,360 | ---- | C] () -- C:\Windows\System32\acdbres.dll
[2010.07.13 14:59:07 | 000,004,096 | -H-- | C] () -- C:\Users\Steffi\AppData\Local\keyfile3.drm
[2010.07.02 10:59:39 | 000,000,983 | ---- | C] () -- C:\Users\Steffi\AppData\Local\upayuwaxohesewe.dll
[2010.04.30 23:27:19 | 000,000,680 | ---- | C] () -- C:\Users\Steffi\AppData\Local\d3d9caps.dat
[2009.11.18 08:51:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.11.17 14:01:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.11.17 14:01:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.02 12:04:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.12.03 12:27:57 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2007.07.23 21:02:49 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.07.07 14:22:12 | 000,044,032 | ---- | C] () -- C:\Users\Steffi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.04.15 15:14:04 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2007.04.15 14:49:41 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.04.14 16:42:31 | 000,049,528 | ---- | C] () -- C:\Users\Steffi\AppData\Roaming\nvModes.001
[2007.04.14 16:42:30 | 000,049,528 | ---- | C] () -- C:\Users\Steffi\AppData\Roaming\nvModes.dat
[2007.04.14 15:55:35 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007.04.14 15:54:55 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007.04.14 15:54:55 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007.04.14 15:54:01 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007.04.14 15:47:25 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.DAT
[2007.04.14 15:43:22 | 000,000,037 | ---- | C] () -- C:\Windows\Acer.ini
[2006.12.24 14:28:29 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2006.12.05 12:27:19 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2006.12.05 10:40:19 | 000,000,101 | ---- | C] () -- C:\Windows\Alaunch.ini
[2006.12.05 10:40:08 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006.12.05 03:35:42 | 000,198,144 | ---- | C] () -- C:\Windows\System32\_psisdecd.dll
[2006.12.05 03:31:50 | 000,319,488 | ---- | C] () -- C:\Windows\System32\SysMonitor.exe
[2006.12.05 03:31:48 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2006.12.05 03:24:47 | 000,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys
[2006.12.05 03:17:47 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2006.11.16 12:20:38 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2006.11.16 12:20:20 | 000,200,704 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2006.11.16 12:20:10 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2006.11.16 12:19:10 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MSNChatHook.dll
[2006.11.16 12:19:04 | 000,123,904 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2006.11.16 12:18:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2006.11.16 12:18:50 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006.11.16 12:18:06 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006.11.13 04:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006.11.02 16:33:31 | 000,633,580 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,128,796 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 001,666,376 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,600,138 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,106,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[2001.04.30 09:36:36 | 000,045,056 | ---- | C] () -- C:\Windows\System32\mtstack.exe
[2000.09.19 00:50:28 | 000,202,752 | ---- | C] () -- C:\Windows\System32\zlib.dll

========== LOP Check ==========

[2011.12.03 14:11:32 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\2839F
[2011.12.02 10:05:02 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\9F2CC
[2010.07.19 17:58:28 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Autodesk
[2011.05.09 19:59:50 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\FileZilla
[2010.05.01 00:28:24 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\GARMIN
[2011.03.15 08:19:36 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\IcoFX
[2010.07.20 14:29:06 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Nemetschek
[2011.11.24 18:13:05 | 000,000,388 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011.12.03 14:09:33 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.12.03 13:31:01 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{02450484-794A-42CC-8D18-CF725362E277}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2009.02.03 16:59:56 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2007.04.14 15:42:47 | 000,000,000 | ---D | M] -- C:\Acer
[2009.08.02 22:01:55 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache
[2006.12.05 10:38:59 | 000,000,000 | ---D | M] -- C:\Book
[2009.11.29 12:43:46 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.12.01 09:55:12 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2007.04.14 15:37:55 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2006.12.24 14:28:38 | 000,000,000 | ---D | M] -- C:\DRV
[2007.08.31 16:34:09 | 000,000,000 | ---D | M] -- C:\MyWorks
[2009.11.16 17:30:27 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.11.24 18:12:09 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.10.19 07:27:33 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2007.04.14 15:37:55 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.12.03 14:25:37 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.12.02 12:26:20 | 000,000,000 | ---D | M] -- C:\temp
[2009.02.03 16:59:18 | 000,000,000 | R--D | M] -- C:\Users
[2011.12.01 11:39:51 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >


< MD5 for: AFD.SYS >
[2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys
[2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011.04.21 14:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2006.11.02 09:58:43 | 000,270,336 | ---- | M] (Microsoft Corporation) MD5=5D24CAF8EFD924A875698FF28384DB8B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6000.16386_none_d5b1809661820e7c\afd.sys
[2011.04.21 14:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2008.01.19 06:57:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009.04.11 05:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2011.04.21 14:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys

< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.12.22 10:06:06 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.12.22 10:06:05 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
[2006.11.02 10:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe

< MD5 for: USERINIT.EXE >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WININIT.EXE >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-01 09:26:46

========== Alternate Data Streams ==========

@Alternate Data Stream - 577 bytes -> C:\Users\Steffi\Documents\Herzlichen Glückwunsch.eml:OECustomProperty
@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:88E3B9B6
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:BD4CC9FB
@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:70B3C619

< End of report >
Angehängte Dateien
Dateityp: txt AVSCAN-20111201-184838-F44CE65B-2.txt (37,2 KB, 272x aufgerufen)

Alt 04.12.2011, 18:43   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet - Standard

Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________

Alt 05.12.2011, 06:58   #3
Grisu 35
 
Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet - Standard

Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet



Hallo Cosinus,

danke fürs kümmern :-)
Malwarebytes hats gepackt und über 30 Dinge gefunden - da kann ich Antivir ja fast in die Tonne kloppen? Jedenfalls scheint alles bereinigt, der zweite Scanner hat nix gefunden. Antivir ließ sich auch wieder updaten. Logs sind im Anhang bzw. unten am Text.
Zwei Dinge die ich manuell ändern mußte: Malwarebytes wurde nach dem Hochfahren vom Autostart abgehalten, ich mußte es manuell erlauben. Und beim Starten von Firefox jetzt zum Schluss wurde angezeigt das der eingestellte Proxy die Verbindung zurückweist. Ich habe das jetzt von der Einstellung Manuell Http 127.0.0.1 Port 56040 auf `Einstellungen des Systems verwenden´umgestellt und es ging. Hoffe das war OK und ich habe euren Programmen da nicht reingepfuscht... aber sonst wär ich nicht ins Netz gekommen.
Wenns das jetzt gewesen wäre wäre ja super - bin gespannt was die Logs sagen. Kann man Malwarebytes parallel zu Antivir laufen lassen als Sicherheit für die Zukunft?

Erleichterte Grüße, Grisu

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=50d7e66b7a572848b5498984f7400200
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-04 11:24:55
# local_time=2011-12-05 12:24:55 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 4029674 4029674 0 0
# compatibility_mode=5892 16776638 66 100 884139 160568055 0 0
# compatibility_mode=8192 67108863 100 0 3988 3988 0 0
# scanned=198366
# found=0
# cleaned=0
# scan_time=5767
__________________
Angehängte Dateien
Dateityp: txt mbam-log-2011-12-04 (21-56-32).txt (5,6 KB, 166x aufgerufen)

Alt 05.12.2011, 08:44   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet - Standard

Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet



Mach bitte ein neues OTL-Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.12.2011, 09:22   #5
Grisu 35
 
Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet - Standard

Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet



Hallo,

Scan hat geklappt. Ich hoffe inständig das alles weg ist - mal sehen was der Fachmann sagt. Hier das LOGOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.12.2011 09:49:31 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Steffi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1021,38 Mb Total Physical Memory | 544,48 Mb Available Physical Memory | 53,31% Memory free
2,25 Gb Paging File | 1,19 Gb Available in Paging File | 52,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 71,28 Gb Total Space | 14,48 Gb Free Space | 20,31% Space Free | Partition Type: NTFS
Drive D: | 70,94 Gb Total Space | 40,84 Gb Free Space | 57,58% Space Free | Partition Type: NTFS
 
Computer Name: GRISU | User Name: Steffi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.03 13:50:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Steffi\Desktop\OTL.exe
PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.08.31 09:43:46 | 000,241,664 | ---- | M] () -- C:\Programme\Join Air\AssistantServices.exe
PRC - [2009.08.31 09:43:14 | 000,132,608 | ---- | M] () -- C:\Programme\Join Air\UIExec.exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.16 16:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.10.16 15:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.04.14 15:45:22 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Steffi\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2006.12.08 13:35:24 | 000,614,400 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2006.12.01 09:34:16 | 000,131,072 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2006.12.01 06:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.11.30 18:39:10 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2006.11.30 16:48:26 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006.11.23 15:24:46 | 000,319,488 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2006.11.20 20:43:08 | 000,118,784 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2006.11.20 20:04:18 | 000,720,896 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2006.11.17 07:26:58 | 000,453,120 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2006.11.16 15:35:18 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2006.11.12 23:13:10 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2006.11.12 11:35:58 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.01 10:42:08 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011.12.01 10:40:11 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll
MOD - [2011.12.01 10:40:02 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011.12.01 10:39:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011.12.01 10:39:36 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011.12.01 10:37:57 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011.12.01 10:37:34 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011.12.01 10:37:23 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011.12.01 10:36:03 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011.12.01 10:35:52 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.03.27 21:11:04 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2009.08.31 09:43:14 | 000,132,608 | ---- | M] () -- C:\Programme\Join Air\UIExec.exe
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2006.11.30 20:56:32 | 000,696,320 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll
MOD - [2006.11.30 20:56:32 | 000,036,864 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll
MOD - [2006.11.23 18:14:32 | 000,245,760 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
MOD - [2006.11.23 15:24:42 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
MOD - [2006.11.23 15:24:26 | 000,020,480 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
MOD - [2006.11.20 20:04:16 | 000,237,568 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
MOD - [2006.11.16 15:34:54 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
MOD - [2006.11.16 12:20:46 | 000,172,032 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\eDSplugin.dll
MOD - [2006.11.16 12:19:10 | 000,037,376 | ---- | M] () -- C:\Windows\System32\MSNChatHook.dll
MOD - [2006.11.16 12:18:50 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll
MOD - [2006.11.12 23:13:14 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
MOD - [2006.11.12 23:13:14 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll
MOD - [2006.11.12 23:13:00 | 000,010,752 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll
MOD - [2006.11.12 23:12:58 | 000,126,976 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
MOD - [2006.11.12 23:12:56 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
MOD - [2006.11.12 23:12:46 | 000,540,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
MOD - [2006.09.04 09:41:14 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2006.08.08 10:11:06 | 000,073,216 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\Wlan.dll
MOD - [2003.06.07 06:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (CLTNetCnService)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.08.31 09:43:46 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Programme\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2008.12.01 20:48:19 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.10.16 16:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.10.16 15:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2006.12.01 09:34:16 | 000,131,072 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006.11.30 18:39:10 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006.11.20 20:43:08 | 000,118,784 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2006.11.16 15:35:18 | 000,045,056 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006.11.12 23:13:10 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.10.11 14:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.07.20 13:44:58 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.22 15:35:04 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.02.02 17:14:20 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.02.02 17:14:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.02.02 17:14:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008.11.17 06:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.11.08 09:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.04.10 09:00:00 | 000,389,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2006.12.20 20:50:00 | 004,448,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.11.22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006.11.02 14:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.10.30 02:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.10.25 07:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006.10.25 07:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006.10.25 07:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006.10.18 15:44:30 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2006.08.04 10:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005.01.13 13:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.94
FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.71
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 56040
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Programme\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Steffi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.26 19:07:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.26 14:15:41 | 000,000,000 | ---D | M]
 
[2008.12.21 12:16:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi\AppData\Roaming\mozilla\Extensions
[2011.12.04 12:35:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi\AppData\Roaming\mozilla\Firefox\Profiles\iv44ljhc.default\extensions
[2010.07.13 06:33:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Steffi\AppData\Roaming\mozilla\Firefox\Profiles\iv44ljhc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.02 18:18:22 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Users\Steffi\AppData\Roaming\mozilla\Firefox\Profiles\iv44ljhc.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2011.11.26 19:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\STEFFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IV44LJHC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.26 19:07:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.27 12:08:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.27 12:08:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.27 12:08:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.27 12:08:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.27 12:08:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.27 12:08:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Join Air\UIExec.exe ()
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\Run: [捁牥吠畯r]  File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1F831FA3-42FC-11D4-95A6-0080AD30DCE1} file:///C:/Programme/AutoCAD%202002%20Deu/InstFred.ocx (InstaFred)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Programme/AutoCAD%202002%20Deu/AcDcToday.ocx (AcDcToday-Steuerung)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AE563724-B4F5-11D4-A415-00108302FDFD} file:///C:/Programme/AutoCAD%202002%20Deu/InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Programme/AutoCAD%202002%20Deu/AcPreview.ocx (AcPreview-Steuerung)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{599E380C-9F2F-41D6-914C-38FBA143A0A4}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.12.05 03:24:29 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0c0265da-89ca-11de-8f48-0016d46869d2}\Shell - "" = AutoRun
O33 - MountPoints2\{0c0265da-89ca-11de-8f48-0016d46869d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0c0265f9-89ca-11de-8f48-0016d46869d2}\Shell - "" = AutoRun
O33 - MountPoints2\{0c0265f9-89ca-11de-8f48-0016d46869d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{48a114c8-a91b-11de-9021-0016d46869d2}\Shell - "" = AutoRun
O33 - MountPoints2\{48a114c8-a91b-11de-9021-0016d46869d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{48a114ca-a91b-11de-9021-0016d46869d2}\Shell - "" = AutoRun
O33 - MountPoints2\{48a114ca-a91b-11de-9021-0016d46869d2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6b068047-9898-11de-a14d-0016d46869d2}\Shell - "" = AutoRun
O33 - MountPoints2\{6b068047-9898-11de-a14d-0016d46869d2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6b068049-9898-11de-a14d-0016d46869d2}\Shell - "" = AutoRun
O33 - MountPoints2\{6b068049-9898-11de-a14d-0016d46869d2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fe3e9f66-9d70-11de-ad97-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fe3e9f66-9d70-11de-ad97-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: 捁牥吠畯⁲敒業摮牥 - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {76E7A40E-A6D8-0D3A-A2C5-04CBB4C2F830} - Themes Setup
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.04 22:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.12.04 19:56:11 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\Malwarebytes
[2011.12.04 19:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.04 19:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.04 19:54:57 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.04 19:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.04 19:53:37 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Steffi\Desktop\esetsmartinstaller_enu.exe
[2011.12.04 19:52:55 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Steffi\Desktop\mbam-setup-1.51.2.1300.exe
[2011.12.03 13:50:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Steffi\Desktop\OTL.exe
[2011.12.02 23:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.01 09:49:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.11.24 18:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011.11.24 17:14:30 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\9F2CC
[2011.11.24 17:13:52 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\2839F
[2011.11.23 17:04:21 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Local\Unity
[2011.11.20 16:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ovis
[2011.11.20 16:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Ovis
[2011.11.17 17:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011.11.17 14:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[2011.11.14 13:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.08 12:06:09 | 000,000,000 | --SD | C] -- C:\Users\Steffi\Documents\Eigene Datenquellen
[2011.11.06 11:39:26 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\dvdcss
[2007.04.14 15:55:35 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2006.12.05 03:31:45 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.05 09:20:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.05 09:20:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.05 09:04:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.05 07:30:25 | 000,049,528 | ---- | M] () -- C:\Users\Steffi\AppData\Roaming\nvModes.001
[2011.12.05 07:29:49 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.05 07:24:43 | 000,633,580 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.05 07:24:43 | 000,600,138 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.05 07:24:43 | 000,128,796 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.05 07:24:43 | 000,106,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.05 07:20:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.05 07:20:12 | 1071,767,552 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.04 19:55:03 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.04 19:53:38 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Steffi\Desktop\esetsmartinstaller_enu.exe
[2011.12.04 19:53:03 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Steffi\Desktop\mbam-setup-1.51.2.1300.exe
[2011.12.04 19:24:08 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{02450484-794A-42CC-8D18-CF725362E277}.job
[2011.12.03 19:16:52 | 000,049,528 | ---- | M] () -- C:\Users\Steffi\AppData\Roaming\nvModes.dat
[2011.12.03 16:12:59 | 000,008,708 | ---- | M] () -- C:\Users\Steffi\Desktop\Extrasundgmer.zip
[2011.12.03 14:07:24 | 000,000,000 | ---- | M] () -- C:\Users\Steffi\defogger_reenable
[2011.12.03 13:58:31 | 000,302,592 | ---- | M] () -- C:\Users\Steffi\Desktop\bv6lfwgn.exe
[2011.12.03 13:50:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Steffi\Desktop\OTL.exe
[2011.12.03 13:49:19 | 000,050,477 | ---- | M] () -- C:\Users\Steffi\Desktop\Defogger.exe
[2011.12.02 23:26:37 | 001,666,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.02 17:19:36 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2011.12.01 09:59:44 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011.11.30 19:23:36 | 000,044,032 | ---- | M] () -- C:\Users\Steffi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.24 18:13:05 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011.11.20 16:28:01 | 000,000,973 | ---- | M] () -- C:\Users\Steffi\Desktop\pdf-Recover.lnk
[2011.11.17 14:13:03 | 000,001,906 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
 
========== Files Created - No Company Name ==========
 
[2011.12.04 19:55:03 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.03 16:12:59 | 000,008,708 | ---- | C] () -- C:\Users\Steffi\Desktop\Extrasundgmer.zip
[2011.12.03 14:07:24 | 000,000,000 | ---- | C] () -- C:\Users\Steffi\defogger_reenable
[2011.12.03 13:58:30 | 000,302,592 | ---- | C] () -- C:\Users\Steffi\Desktop\bv6lfwgn.exe
[2011.12.03 13:49:16 | 000,050,477 | ---- | C] () -- C:\Users\Steffi\Desktop\Defogger.exe
[2011.12.01 14:49:19 | 1071,767,552 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.01 09:59:44 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.11.24 18:12:12 | 000,000,388 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011.11.20 16:28:01 | 000,000,973 | ---- | C] () -- C:\Users\Steffi\Desktop\pdf-Recover.lnk
[2011.11.17 14:13:03 | 000,001,906 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
[2010.07.20 13:44:58 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2010.07.19 17:45:10 | 000,079,360 | ---- | C] () -- C:\Windows\System32\acdbres.dll
[2010.07.13 14:59:07 | 000,004,096 | -H-- | C] () -- C:\Users\Steffi\AppData\Local\keyfile3.drm
[2010.07.02 10:59:39 | 000,000,983 | ---- | C] () -- C:\Users\Steffi\AppData\Local\upayuwaxohesewe.dll
[2010.04.30 23:27:19 | 000,000,680 | ---- | C] () -- C:\Users\Steffi\AppData\Local\d3d9caps.dat
[2009.11.18 08:51:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.11.17 14:01:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.11.17 14:01:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.02 12:04:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.12.03 12:27:57 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2007.07.23 21:02:49 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.07.07 14:22:12 | 000,044,032 | ---- | C] () -- C:\Users\Steffi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.04.15 15:14:04 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2007.04.15 14:49:41 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.04.14 16:42:31 | 000,049,528 | ---- | C] () -- C:\Users\Steffi\AppData\Roaming\nvModes.001
[2007.04.14 16:42:30 | 000,049,528 | ---- | C] () -- C:\Users\Steffi\AppData\Roaming\nvModes.dat
[2007.04.14 15:55:35 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007.04.14 15:54:55 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007.04.14 15:54:55 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007.04.14 15:54:01 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007.04.14 15:47:25 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.DAT
[2007.04.14 15:43:22 | 000,000,037 | ---- | C] () -- C:\Windows\Acer.ini
[2006.12.24 14:28:29 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2006.12.05 12:27:19 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2006.12.05 10:40:19 | 000,000,101 | ---- | C] () -- C:\Windows\Alaunch.ini
[2006.12.05 10:40:08 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006.12.05 03:35:42 | 000,198,144 | ---- | C] () -- C:\Windows\System32\_psisdecd.dll
[2006.12.05 03:31:50 | 000,319,488 | ---- | C] () -- C:\Windows\System32\SysMonitor.exe
[2006.12.05 03:31:48 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2006.12.05 03:24:47 | 000,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys
[2006.12.05 03:17:47 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2006.11.16 12:20:38 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2006.11.16 12:20:20 | 000,200,704 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2006.11.16 12:20:10 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2006.11.16 12:19:10 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MSNChatHook.dll
[2006.11.16 12:19:04 | 000,123,904 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2006.11.16 12:18:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2006.11.16 12:18:50 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006.11.16 12:18:06 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006.11.13 04:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006.11.02 16:33:31 | 000,633,580 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,128,796 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 001,666,376 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,600,138 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,106,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[2001.04.30 09:36:36 | 000,045,056 | ---- | C] () -- C:\Windows\System32\mtstack.exe
[2000.09.19 00:50:28 | 000,202,752 | ---- | C] () -- C:\Windows\System32\zlib.dll
 
========== LOP Check ==========
 
[2011.12.04 21:56:32 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\2839F
[2011.12.04 21:56:32 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\9F2CC
[2010.07.19 17:58:28 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Autodesk
[2011.05.09 19:59:50 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\FileZilla
[2010.05.01 00:28:24 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\GARMIN
[2011.03.15 08:19:36 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\IcoFX
[2010.07.20 14:29:06 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Nemetschek
[2011.11.24 18:13:05 | 000,000,388 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011.12.05 00:54:21 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.12.04 19:24:08 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{02450484-794A-42CC-8D18-CF725362E277}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.04 21:56:32 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\2839F
[2011.12.04 21:56:32 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\9F2CC
[2011.11.13 16:35:56 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Adobe
[2008.12.11 13:58:53 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\AdobeAUM
[2007.04.16 21:13:41 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\AdobeUM
[2010.07.19 17:58:28 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Autodesk
[2011.10.19 07:28:57 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Avira
[2007.08.31 16:32:35 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\CyberLink
[2011.11.06 11:39:26 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\dvdcss
[2011.05.09 19:59:50 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\FileZilla
[2010.05.01 00:28:24 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\GARMIN
[2011.02.22 13:22:32 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Google
[2011.03.15 08:19:36 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\IcoFX
[2007.04.14 15:43:51 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Identities
[2009.08.02 09:49:18 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Intel
[2007.04.14 15:43:27 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Macromedia
[2011.12.04 19:56:11 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Media Center Programs
[2011.12.04 19:21:38 | 000,000,000 | --SD | M] -- C:\Users\Steffi\AppData\Roaming\Microsoft
[2008.12.21 12:16:14 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Mozilla
[2010.07.20 14:29:06 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Nemetschek
[2011.09.09 11:20:56 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Skype
[2010.11.30 16:20:01 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\skypePM
[2011.05.08 12:39:13 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\U3
[2011.08.23 18:48:58 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2008.05.04 15:02:26 | 004,603,904 | ---- | M] () -- C:\Users\Steffi\AppData\Roaming\U3\057330140BD2F734\LaunchPad.exe
[2007.10.23 08:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Steffi\AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 09:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\Steffi\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.04.03 15:25:40 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.04.03 15:25:40 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.04.03 15:25:40 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.04.14 15:44:43 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.04.14 15:44:44 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009.03.08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 577 bytes -> C:\Users\Steffi\Documents\Herzlichen Glückwunsch.eml:OECustomProperty
@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:88E3B9B6
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:BD4CC9FB
@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:70B3C619

< End of report >
         
--- --- ---


Danke fürs schnelle reagieren!!

Grüße, Stephanie


Alt 05.12.2011, 13:12   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet - Standard

Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://de.rd.yahoo.com/customize/ycomp/defaults/sp/*http://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.google.de"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 56040
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKCU..\Run: [????r]  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.12.05 03:24:29 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0c0265da-89ca-11de-8f48-0016d46869d2}\Shell - "" = AutoRun
O33 - MountPoints2\{0c0265da-89ca-11de-8f48-0016d46869d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0c0265f9-89ca-11de-8f48-0016d46869d2}\Shell - "" = AutoRun
O33 - MountPoints2\{0c0265f9-89ca-11de-8f48-0016d46869d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{48a114c8-a91b-11de-9021-0016d46869d2}\Shell - "" = AutoRun
O33 - MountPoints2\{48a114c8-a91b-11de-9021-0016d46869d2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{48a114ca-a91b-11de-9021-0016d46869d2}\Shell - "" = AutoRun
O33 - MountPoints2\{48a114ca-a91b-11de-9021-0016d46869d2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6b068047-9898-11de-a14d-0016d46869d2}\Shell - "" = AutoRun
O33 - MountPoints2\{6b068047-9898-11de-a14d-0016d46869d2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{6b068049-9898-11de-a14d-0016d46869d2}\Shell - "" = AutoRun
O33 - MountPoints2\{6b068049-9898-11de-a14d-0016d46869d2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fe3e9f66-9d70-11de-ad97-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fe3e9f66-9d70-11de-ad97-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
MsConfig - StartUpReg: ????????? - hkey= - key= -  File not found
[2011.11.24 18:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011.11.24 17:14:30 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\9F2CC
[2011.11.24 17:13:52 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\2839F
[2011.11.24 18:13:05 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\At1.job
@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:88E3B9B6
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:BD4CC9FB
@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:70B3C619
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
--> Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet

Alt 05.12.2011, 14:17   #7
Grisu 35
 
Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet - Standard

Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet



Hallo Arne,

ich habe es gemäß deiner Anleitung gemacht, beim ersten Mal lief alles durch, dann waren nur noch die beiden Einträge am Ende in den eckigen Klammern in diesem Fenster übrig, alle Sachen vom Desktop weg und er ist anscheinend stecken geblieben- hat nach einer Weile gesagt wegen unbekanntem Fehler gehts nicht mehr - hab per Austaste nen Warmstart gemacht und das ganze wiederholt. Ging diesmal ganz schnell und nach dem Autoneustart kam das Log- Fenster, hier der Text.

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SEARCH PAGE| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Bing" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.google.de" removed from browser.startup.homepage
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 56040 removed from network.proxy.http_port
Prefs.js: "*.local" removed from network.proxy.no_proxies_on
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}\ not found.
File C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found.
File C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477e-A7DD-396DB0476E29}\ not found.
File C:\Windows\System32\eDStoolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found.
File C:\Windows\System32\eDStoolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found.
File C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found.
File C:\Windows\System32\eDStoolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\????r not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c0265da-89ca-11de-8f48-0016d46869d2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c0265da-89ca-11de-8f48-0016d46869d2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c0265da-89ca-11de-8f48-0016d46869d2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c0265da-89ca-11de-8f48-0016d46869d2}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c0265f9-89ca-11de-8f48-0016d46869d2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c0265f9-89ca-11de-8f48-0016d46869d2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c0265f9-89ca-11de-8f48-0016d46869d2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c0265f9-89ca-11de-8f48-0016d46869d2}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48a114c8-a91b-11de-9021-0016d46869d2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48a114c8-a91b-11de-9021-0016d46869d2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48a114c8-a91b-11de-9021-0016d46869d2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48a114c8-a91b-11de-9021-0016d46869d2}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48a114ca-a91b-11de-9021-0016d46869d2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48a114ca-a91b-11de-9021-0016d46869d2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48a114ca-a91b-11de-9021-0016d46869d2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48a114ca-a91b-11de-9021-0016d46869d2}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b068047-9898-11de-a14d-0016d46869d2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b068047-9898-11de-a14d-0016d46869d2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b068047-9898-11de-a14d-0016d46869d2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b068047-9898-11de-a14d-0016d46869d2}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b068049-9898-11de-a14d-0016d46869d2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b068049-9898-11de-a14d-0016d46869d2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b068049-9898-11de-a14d-0016d46869d2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b068049-9898-11de-a14d-0016d46869d2}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe3e9f66-9d70-11de-ad97-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe3e9f66-9d70-11de-ad97-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe3e9f66-9d70-11de-ad97-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe3e9f66-9d70-11de-ad97-806e6f6e6963}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\?????????\ not found.
Folder C:\Program Files\LP\ not found.
Folder C:\Users\Steffi\AppData\Roaming\9F2CC\ not found.
Folder C:\Users\Steffi\AppData\Roaming\2839F\ not found.
File C:\Windows\tasks\At1.job not found.
Unable to delete ADS C:\ProgramData\TEMP:88E3B9B6 .
Unable to delete ADS C:\ProgramData\TEMP:BD4CC9FB .
Unable to delete ADS C:\ProgramData\TEMP:70B3C619 .
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Holger
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Steffi
->Temp folder emptied: 241587 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6185485 bytes
->Flash cache emptied: 337845 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 274607775 bytes
RecycleBin emptied: 5288706014 bytes

Total Files Cleaned = 5.312,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12052011_150000

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Dazu ne Frage, ich versteh ja nix davon, hab nur gesehn das PDF-creator gefixt wurde ? Ist das Programm schlecht? Ich benutze es sehr gerne weil es kostenlos ist und aus allen Programmen pdfs druckt...is freeware, glaube ich von Chip runter geladen..

Ansonsten schon mal tausend Dank fürs Fix schreiben. Sobald ich das go kriege das alles oK ist trau ich mich wieder in Paypal und geh bei Euch spenden! (Nach den neuen Passworten, die wahrscheinlich ja fällig sind) Aber ich wart erst mal auf deine Anweisungen.

Danke!!

Stephanie

Alt 05.12.2011, 14:47   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet - Standard

Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.12.2011, 15:05   #9
Grisu 35
 
Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet - Standard

Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet



Hallo,

jetzt das ganze noch mal richtig. Ich versuch mal das alte Log gegen das neue zu tauschen, hoffe das geht mit dem Editierdings.
Icons oder Dateien/Zugriffmöglichkeiten fehlen meines Erachtens nicht, ich benutze die User-Ordner aber auch fast nie, hab meine eigene Struktur. Komme in die Dokumente, Eigene Bilder etc. Ordner unter User Steffi ohne Meckern rein, die meinst Du doch?

Hier der zweite LOG mit allem angehakt:

15:58:43.0870 4820 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
15:58:43.0893 4820 ============================================================
15:58:43.0893 4820 Current date / time: 2011/12/05 15:58:43.0893
15:58:43.0893 4820 SystemInfo:
15:58:43.0893 4820
15:58:43.0893 4820 OS Version: 6.0.6002 ServicePack: 2.0
15:58:43.0893 4820 Product type: Workstation
15:58:43.0893 4820 ComputerName: GRISU
15:58:43.0894 4820 UserName: Steffi
15:58:43.0894 4820 Windows directory: C:\Windows
15:58:43.0894 4820 System windows directory: C:\Windows
15:58:43.0894 4820 Processor architecture: Intel x86
15:58:43.0894 4820 Number of processors: 2
15:58:43.0894 4820 Page size: 0x1000
15:58:43.0894 4820 Boot type: Normal boot
15:58:43.0894 4820 ============================================================
15:58:46.0627 4820 Initialize success
15:58:53.0396 3008 ============================================================
15:58:53.0396 3008 Scan started
15:58:53.0396 3008 Mode: Manual;
15:58:53.0396 3008 ============================================================
15:58:56.0506 3008 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:58:56.0525 3008 ACPI - ok
15:58:57.0073 3008 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
15:58:57.0092 3008 adp94xx - ok
15:58:57.0127 3008 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
15:58:57.0134 3008 adpahci - ok
15:58:57.0164 3008 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
15:58:57.0172 3008 adpu160m - ok
15:58:57.0196 3008 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
15:58:57.0201 3008 adpu320 - ok
15:58:57.0298 3008 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:58:57.0310 3008 AFD - ok
15:58:57.0341 3008 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
15:58:57.0343 3008 agp440 - ok
15:58:57.0371 3008 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:58:57.0374 3008 aic78xx - ok
15:58:57.0405 3008 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
15:58:57.0419 3008 aliide - ok
15:58:57.0456 3008 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
15:58:57.0458 3008 amdagp - ok
15:58:57.0483 3008 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
15:58:57.0484 3008 amdide - ok
15:58:57.0511 3008 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
15:58:57.0513 3008 AmdK7 - ok
15:58:57.0535 3008 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
15:58:57.0537 3008 AmdK8 - ok
15:58:57.0601 3008 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
15:58:57.0603 3008 arc - ok
15:58:57.0639 3008 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
15:58:57.0642 3008 arcsas - ok
15:58:57.0703 3008 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:58:57.0705 3008 AsyncMac - ok
15:58:57.0762 3008 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:58:57.0763 3008 atapi - ok
15:58:57.0837 3008 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
15:58:57.0840 3008 avgntflt - ok
15:58:57.0878 3008 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\Windows\system32\DRIVERS\avipbb.sys
15:58:57.0882 3008 avipbb - ok
15:58:57.0899 3008 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
15:58:57.0902 3008 avkmgr - ok
15:58:57.0956 3008 b57nd60x (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:58:57.0961 3008 b57nd60x - ok
15:58:58.0019 3008 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
15:58:58.0021 3008 bcm4sbxp - ok
15:58:58.0066 3008 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:58:58.0068 3008 Beep - ok
15:58:58.0096 3008 blbdrive - ok
15:58:58.0173 3008 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:58:58.0182 3008 bowser - ok
15:58:58.0227 3008 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:58:58.0229 3008 BrFiltLo - ok
15:58:58.0252 3008 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:58:58.0254 3008 BrFiltUp - ok
15:58:58.0286 3008 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:58:58.0289 3008 Brserid - ok
15:58:58.0308 3008 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:58:58.0310 3008 BrSerWdm - ok
15:58:58.0350 3008 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:58:58.0353 3008 BrUsbMdm - ok
15:58:58.0373 3008 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:58:58.0375 3008 BrUsbSer - ok
15:58:58.0400 3008 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:58:58.0402 3008 BTHMODEM - ok
15:58:58.0470 3008 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:58:58.0482 3008 cdfs - ok
15:58:58.0528 3008 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:58:58.0531 3008 cdrom - ok
15:58:58.0555 3008 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
15:58:58.0557 3008 circlass - ok
15:58:58.0614 3008 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:58:58.0627 3008 CLFS - ok
15:58:58.0694 3008 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:58:58.0695 3008 CmBatt - ok
15:58:58.0719 3008 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
15:58:58.0721 3008 cmdide - ok
15:58:58.0807 3008 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:58:58.0808 3008 Compbatt - ok
15:58:58.0829 3008 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
15:58:58.0831 3008 crcdisk - ok
15:58:58.0860 3008 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
15:58:58.0861 3008 Crusoe - ok
15:58:58.0965 3008 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:58:58.0983 3008 DfsC - ok
15:58:59.0073 3008 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:58:59.0089 3008 disk - ok
15:58:59.0139 3008 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
15:58:59.0141 3008 DKbFltr - ok
15:58:59.0285 3008 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
15:58:59.0288 3008 DritekPortIO - ok
15:58:59.0351 3008 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:58:59.0364 3008 drmkaud - ok
15:58:59.0522 3008 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:58:59.0540 3008 DXGKrnl - ok
15:58:59.0571 3008 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:58:59.0575 3008 E1G60 - ok
15:58:59.0649 3008 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:58:59.0653 3008 Ecache - ok
15:58:59.0817 3008 eeCtrl (2d401f82d4e81aaf89daaa45f04782a2) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:58:59.0827 3008 eeCtrl - ok
15:59:00.0120 3008 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
15:59:00.0139 3008 elxstor - ok
15:59:00.0187 3008 EMSCR (1fa3f9df8983873746fa6b72dd7e3c2c) C:\Windows\system32\DRIVERS\EMS7SK.sys
15:59:00.0189 3008 EMSCR - ok
15:59:00.0231 3008 ESDCR (9c7487253aad6bf61f9bc83d50e32ccc) C:\Windows\system32\DRIVERS\ESD7SK.sys
15:59:00.0233 3008 ESDCR - ok
15:59:00.0272 3008 ESMCR (99589d975da04f8bd31f124428fcc797) C:\Windows\system32\DRIVERS\ESM7SK.sys
15:59:00.0275 3008 ESMCR - ok
15:59:00.0370 3008 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:59:00.0378 3008 exfat - ok
15:59:00.0445 3008 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:59:00.0454 3008 fastfat - ok
15:59:00.0471 3008 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
15:59:00.0473 3008 fdc - ok
15:59:00.0551 3008 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:59:00.0561 3008 FileInfo - ok
15:59:00.0616 3008 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:59:00.0618 3008 Filetrace - ok
15:59:00.0664 3008 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
15:59:00.0665 3008 flpydisk - ok
15:59:00.0738 3008 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:59:00.0752 3008 FltMgr - ok
15:59:00.0788 3008 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:59:00.0791 3008 Fs_Rec - ok
15:59:00.0810 3008 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
15:59:00.0812 3008 gagp30kx - ok
15:59:00.0910 3008 Hardlock (d95554949082fd29a04d351b58396718) C:\Windows\system32\drivers\hardlock.sys
15:59:00.0929 3008 Hardlock - ok
15:59:00.0987 3008 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\Windows\system32\drivers\Haspnt.sys
15:59:01.0000 3008 Haspnt - ok
15:59:01.0043 3008 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
15:59:01.0049 3008 HdAudAddService - ok
15:59:01.0107 3008 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:59:01.0120 3008 HDAudBus - ok
15:59:01.0143 3008 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:59:01.0144 3008 HidBth - ok
15:59:01.0170 3008 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:59:01.0172 3008 HidIr - ok
15:59:01.0233 3008 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:59:01.0246 3008 HidUsb - ok
15:59:01.0277 3008 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
15:59:01.0279 3008 HpCISSs - ok
15:59:01.0326 3008 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:59:01.0332 3008 HSFHWAZL - ok
15:59:01.0385 3008 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:59:01.0418 3008 HSF_DPV - ok
15:59:01.0463 3008 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:59:01.0468 3008 HSXHWAZL - ok
15:59:01.0613 3008 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:59:01.0623 3008 HTTP - ok
15:59:01.0694 3008 hwdatacard (1720966d9c7ea5e2d78b6db92d2f9171) C:\Windows\system32\DRIVERS\ewusbmdm.sys
15:59:01.0704 3008 hwdatacard - ok
15:59:01.0755 3008 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
15:59:01.0773 3008 i2omp - ok
15:59:01.0849 3008 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:59:01.0852 3008 i8042prt - ok
15:59:01.0882 3008 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
15:59:01.0887 3008 iaStorV - ok
15:59:01.0927 3008 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:59:01.0934 3008 iirsp - ok
15:59:02.0062 3008 int15 (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Acer\Empowering Technology\eRecovery\int15.sys
15:59:02.0146 3008 int15 - ok
15:59:02.0715 3008 IntcAzAudAddService (04bef1c4aa990e0d5851c7532fc8642c) C:\Windows\system32\drivers\RTKVHDA.sys
15:59:02.0771 3008 IntcAzAudAddService - ok
15:59:02.0972 3008 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
15:59:02.0983 3008 intelide - ok
15:59:03.0063 3008 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:59:03.0065 3008 intelppm - ok
15:59:03.0130 3008 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:59:03.0140 3008 IpFilterDriver - ok
15:59:03.0159 3008 IpInIp - ok
15:59:03.0195 3008 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
15:59:03.0197 3008 IPMIDRV - ok
15:59:03.0249 3008 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:59:03.0274 3008 IPNAT - ok
15:59:03.0338 3008 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
15:59:03.0342 3008 irda - ok
15:59:03.0395 3008 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:59:03.0397 3008 IRENUM - ok
15:59:03.0438 3008 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
15:59:03.0440 3008 isapnp - ok
15:59:03.0528 3008 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:59:03.0533 3008 iScsiPrt - ok
15:59:03.0556 3008 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:59:03.0558 3008 iteatapi - ok
15:59:03.0583 3008 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:59:03.0584 3008 iteraid - ok
15:59:03.0646 3008 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:59:03.0648 3008 kbdclass - ok
15:59:03.0672 3008 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
15:59:03.0674 3008 kbdhid - ok
15:59:03.0743 3008 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
15:59:03.0756 3008 KSecDD - ok
15:59:03.0969 3008 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:59:03.0972 3008 lltdio - ok
15:59:04.0008 3008 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
15:59:04.0010 3008 LSI_FC - ok
15:59:04.0033 3008 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
15:59:04.0036 3008 LSI_SAS - ok
15:59:04.0067 3008 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
15:59:04.0070 3008 LSI_SCSI - ok
15:59:04.0120 3008 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:59:04.0124 3008 luafv - ok
15:59:04.0191 3008 massfilter (567d3cbc0ba3332887d091a237d4fd3c) C:\Windows\system32\drivers\massfilter.sys
15:59:04.0193 3008 massfilter - ok
15:59:04.0206 3008 MBAMSwissArmy - ok
15:59:04.0239 3008 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:59:04.0241 3008 mdmxsdk - ok
15:59:04.0265 3008 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
15:59:04.0267 3008 megasas - ok
15:59:04.0338 3008 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:59:04.0340 3008 Modem - ok
15:59:04.0397 3008 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:59:04.0399 3008 monitor - ok
15:59:04.0452 3008 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:59:04.0454 3008 mouclass - ok
15:59:04.0473 3008 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:59:04.0475 3008 mouhid - ok
15:59:04.0525 3008 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:59:04.0527 3008 MountMgr - ok
15:59:04.0571 3008 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
15:59:04.0574 3008 mpio - ok
15:59:04.0622 3008 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:59:04.0625 3008 mpsdrv - ok
15:59:04.0651 3008 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:59:04.0654 3008 Mraid35x - ok
15:59:04.0718 3008 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:59:04.0722 3008 MRxDAV - ok
15:59:04.0777 3008 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:59:04.0780 3008 mrxsmb - ok
15:59:04.0847 3008 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:59:04.0852 3008 mrxsmb10 - ok
15:59:04.0874 3008 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:59:04.0877 3008 mrxsmb20 - ok
15:59:04.0906 3008 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
15:59:04.0908 3008 msahci - ok
15:59:04.0927 3008 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
15:59:04.0930 3008 msdsm - ok
15:59:04.0986 3008 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:59:05.0001 3008 Msfs - ok
15:59:05.0062 3008 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:59:05.0079 3008 msisadrv - ok
15:59:05.0138 3008 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:59:05.0141 3008 MSKSSRV - ok
15:59:05.0188 3008 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:59:05.0191 3008 MSPCLOCK - ok
15:59:05.0241 3008 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:59:05.0253 3008 MSPQM - ok
15:59:05.0302 3008 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:59:05.0306 3008 MsRPC - ok
15:59:05.0366 3008 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:59:05.0368 3008 mssmbios - ok
15:59:05.0390 3008 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:59:05.0392 3008 MSTEE - ok
15:59:05.0417 3008 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:59:05.0419 3008 Mup - ok
15:59:05.0525 3008 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:59:05.0534 3008 NativeWifiP - ok
15:59:05.0638 3008 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:59:05.0653 3008 NDIS - ok
15:59:05.0717 3008 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:59:05.0719 3008 NdisTapi - ok
15:59:05.0775 3008 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:59:05.0777 3008 Ndisuio - ok
15:59:05.0834 3008 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:59:05.0854 3008 NdisWan - ok
15:59:05.0906 3008 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:59:05.0909 3008 NDProxy - ok
15:59:05.0969 3008 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:59:05.0972 3008 NetBIOS - ok
15:59:06.0004 3008 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:59:06.0010 3008 netbt - ok
15:59:06.0202 3008 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys
15:59:06.0254 3008 NETw3v32 - ok
15:59:06.0771 3008 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
15:59:06.0877 3008 NETw5v32 - ok
15:59:07.0225 3008 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:59:07.0234 3008 nfrd960 - ok
15:59:07.0284 3008 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:59:07.0295 3008 Npfs - ok
15:59:07.0340 3008 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:59:07.0342 3008 nsiproxy - ok
15:59:07.0422 3008 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:59:07.0456 3008 Ntfs - ok
15:59:07.0480 3008 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
15:59:07.0497 3008 NTIDrvr - ok
15:59:07.0624 3008 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:59:07.0640 3008 ntrigdigi - ok
15:59:07.0671 3008 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:59:07.0672 3008 Null - ok
15:59:08.0159 3008 nvlddmkm (dcb0f735bb78497f6076177eb7d20214) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:59:08.0285 3008 nvlddmkm - ok
15:59:08.0636 3008 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
15:59:08.0658 3008 nvraid - ok
15:59:08.0682 3008 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
15:59:08.0685 3008 nvstor - ok
15:59:08.0717 3008 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
15:59:08.0720 3008 nv_agp - ok
15:59:08.0734 3008 NwlnkFlt - ok
15:59:08.0751 3008 NwlnkFwd - ok
15:59:08.0796 3008 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
15:59:08.0798 3008 ohci1394 - ok
15:59:08.0859 3008 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:59:08.0862 3008 Parport - ok
15:59:08.0908 3008 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
15:59:08.0911 3008 partmgr - ok
15:59:08.0927 3008 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:59:08.0929 3008 Parvdm - ok
15:59:08.0988 3008 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:59:09.0011 3008 pci - ok
15:59:09.0048 3008 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys
15:59:09.0050 3008 pciide - ok
15:59:09.0105 3008 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
15:59:09.0110 3008 pcmcia - ok
15:59:09.0274 3008 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:59:09.0304 3008 PEAUTH - ok
15:59:09.0389 3008 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:59:09.0392 3008 PptpMiniport - ok
15:59:09.0417 3008 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
15:59:09.0420 3008 Processor - ok
15:59:09.0509 3008 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:59:09.0528 3008 PSched - ok
15:59:09.0567 3008 PSDFilter (88b72d2a800300eb05c69f3c6c3180f2) C:\Windows\system32\DRIVERS\psdfilter.sys
15:59:09.0569 3008 PSDFilter - ok
15:59:09.0587 3008 PSDNServ (9649e11fc5459bf6b2c9e8e327e45c3a) C:\Windows\system32\drivers\PSDNServ.sys
15:59:09.0589 3008 PSDNServ - ok
15:59:09.0628 3008 psdvdisk (3d0be1373b9dfe9fc7b64f090e4d59e3) C:\Windows\system32\drivers\psdvdisk.sys
15:59:09.0630 3008 psdvdisk - ok
15:59:09.0694 3008 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
15:59:09.0725 3008 ql2300 - ok
15:59:09.0753 3008 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:59:09.0756 3008 ql40xx - ok
15:59:09.0807 3008 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:59:09.0809 3008 QWAVEdrv - ok
15:59:09.0854 3008 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:59:09.0857 3008 RasAcd - ok
15:59:09.0944 3008 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:59:09.0965 3008 Rasl2tp - ok
15:59:10.0019 3008 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:59:10.0021 3008 RasPppoe - ok
15:59:10.0082 3008 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:59:10.0106 3008 RasSstp - ok
15:59:10.0161 3008 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:59:10.0177 3008 rdbss - ok
15:59:10.0217 3008 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:59:10.0219 3008 RDPCDD - ok
15:59:10.0256 3008 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
15:59:10.0263 3008 rdpdr - ok
15:59:10.0305 3008 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:59:10.0307 3008 RDPENCDD - ok
15:59:10.0341 3008 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
15:59:10.0346 3008 RDPWD - ok
15:59:10.0455 3008 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:59:10.0458 3008 rspndr - ok
15:59:10.0489 3008 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:59:10.0493 3008 sbp2port - ok
15:59:10.0598 3008 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
15:59:10.0601 3008 sdbus - ok
15:59:10.0633 3008 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:59:10.0635 3008 secdrv - ok
15:59:10.0673 3008 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:59:10.0675 3008 Serenum - ok
15:59:10.0700 3008 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:59:10.0703 3008 Serial - ok
15:59:10.0760 3008 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:59:10.0780 3008 sermouse - ok
15:59:10.0820 3008 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
15:59:10.0822 3008 sffdisk - ok
15:59:10.0851 3008 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
15:59:10.0853 3008 sffp_mmc - ok
15:59:10.0871 3008 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
15:59:10.0873 3008 sffp_sd - ok
15:59:10.0901 3008 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:59:10.0903 3008 sfloppy - ok
15:59:10.0931 3008 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
15:59:10.0934 3008 sisagp - ok
15:59:10.0956 3008 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
15:59:10.0958 3008 SiSRaid2 - ok
15:59:10.0986 3008 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
15:59:10.0989 3008 SiSRaid4 - ok
15:59:11.0052 3008 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:59:11.0056 3008 Smb - ok
15:59:11.0081 3008 SMSCIRDA (ced16c76469ba00e2ab310857cd4c767) C:\Windows\system32\DRIVERS\SMSCirda.sys
15:59:11.0084 3008 SMSCIRDA - ok
15:59:11.0140 3008 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:59:11.0161 3008 spldr - ok
15:59:11.0230 3008 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:59:11.0257 3008 srv - ok
15:59:11.0314 3008 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:59:11.0318 3008 srv2 - ok
15:59:11.0369 3008 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:59:11.0393 3008 srvnet - ok
15:59:11.0436 3008 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
15:59:11.0438 3008 ssmdrv - ok
15:59:11.0513 3008 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:59:11.0515 3008 swenum - ok
15:59:11.0546 3008 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:59:11.0560 3008 Symc8xx - ok
15:59:11.0595 3008 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:59:11.0597 3008 Sym_hi - ok
15:59:11.0622 3008 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:59:11.0624 3008 Sym_u3 - ok
15:59:11.0666 3008 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys
15:59:11.0671 3008 SynTP - ok
15:59:11.0763 3008 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
15:59:11.0796 3008 Tcpip - ok
15:59:11.0832 3008 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
15:59:11.0840 3008 Tcpip6 - ok
15:59:11.0973 3008 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
15:59:11.0998 3008 tcpipreg - ok
15:59:12.0040 3008 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:59:12.0042 3008 TDPIPE - ok
15:59:12.0070 3008 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:59:12.0073 3008 TDTCP - ok
15:59:12.0132 3008 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:59:12.0135 3008 tdx - ok
15:59:12.0188 3008 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:59:12.0191 3008 TermDD - ok
15:59:12.0246 3008 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:59:12.0264 3008 tssecsrv - ok
15:59:12.0312 3008 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:59:12.0314 3008 tunmp - ok
15:59:12.0366 3008 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:59:12.0368 3008 tunnel - ok
15:59:12.0389 3008 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
15:59:12.0392 3008 uagp35 - ok
15:59:12.0414 3008 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\Windows\system32\drivers\UBHelper.sys
15:59:12.0415 3008 UBHelper - ok
15:59:12.0553 3008 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:59:12.0571 3008 udfs - ok
15:59:12.0804 3008 UIUSys - ok
15:59:13.0034 3008 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
15:59:13.0052 3008 uliagpkx - ok
15:59:13.0096 3008 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
15:59:13.0102 3008 uliahci - ok
15:59:13.0123 3008 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:59:13.0126 3008 UlSata - ok
15:59:13.0152 3008 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:59:13.0155 3008 ulsata2 - ok
15:59:13.0211 3008 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:59:13.0213 3008 umbus - ok
15:59:13.0293 3008 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:59:13.0296 3008 usbccgp - ok
15:59:13.0319 3008 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:59:13.0322 3008 usbcir - ok
15:59:13.0382 3008 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:59:13.0385 3008 usbehci - ok
15:59:13.0415 3008 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:59:13.0420 3008 usbhub - ok
15:59:13.0449 3008 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:59:13.0454 3008 usbohci - ok
15:59:13.0476 3008 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
15:59:13.0478 3008 usbprint - ok
15:59:13.0524 3008 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:59:13.0526 3008 USBSTOR - ok
15:59:13.0572 3008 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:59:13.0596 3008 usbuhci - ok
15:59:13.0654 3008 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
15:59:13.0656 3008 vga - ok
15:59:13.0711 3008 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:59:13.0736 3008 VgaSave - ok
15:59:13.0768 3008 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
15:59:13.0771 3008 viaagp - ok
15:59:13.0789 3008 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
15:59:13.0791 3008 ViaC7 - ok
15:59:13.0858 3008 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
15:59:13.0860 3008 viaide - ok
15:59:13.0882 3008 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:59:13.0886 3008 volmgr - ok
15:59:13.0954 3008 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:59:13.0961 3008 volmgrx - ok
15:59:14.0018 3008 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:59:14.0043 3008 volsnap - ok
15:59:14.0080 3008 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
15:59:14.0084 3008 vsmraid - ok
15:59:14.0118 3008 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:59:14.0120 3008 WacomPen - ok
15:59:14.0178 3008 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:59:14.0180 3008 Wanarp - ok
15:59:14.0195 3008 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:59:14.0198 3008 Wanarpv6 - ok
15:59:14.0233 3008 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
15:59:14.0235 3008 Wd - ok
15:59:14.0427 3008 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:59:14.0456 3008 Wdf01000 - ok
15:59:14.0535 3008 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:59:14.0555 3008 winachsf - ok
15:59:14.0685 3008 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:59:14.0704 3008 WmiAcpi - ok
15:59:14.0819 3008 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
15:59:14.0821 3008 WpdUsb - ok
15:59:14.0871 3008 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:59:14.0873 3008 ws2ifsl - ok
15:59:14.0965 3008 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:59:14.0968 3008 WUDFRd - ok
15:59:15.0000 3008 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
15:59:15.0002 3008 XAudio - ok
15:59:15.0062 3008 ZTEusbmdm6k (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
15:59:15.0065 3008 ZTEusbmdm6k - ok
15:59:15.0095 3008 ZTEusbnmea (f16ce3c7690ab7426dc96520d54a737e) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
15:59:15.0098 3008 ZTEusbnmea - ok
15:59:15.0140 3008 ZTEusbser6k (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
15:59:15.0144 3008 ZTEusbser6k - ok
15:59:15.0175 3008 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
15:59:16.0206 3008 \Device\Harddisk0\DR0 - ok
15:59:16.0232 3008 Boot (0x1200) (014ca19c129256f8eab2549c3f889605) \Device\Harddisk0\DR0\Partition0
15:59:16.0249 3008 \Device\Harddisk0\DR0\Partition0 - ok
15:59:16.0285 3008 Boot (0x1200) (8ce178f40e5b9798b87d7a3dceaa5180) \Device\Harddisk0\DR0\Partition1
15:59:16.0301 3008 \Device\Harddisk0\DR0\Partition1 - ok
15:59:16.0304 3008 ============================================================
15:59:16.0304 3008 Scan finished
15:59:16.0304 3008 ============================================================
15:59:16.0323 5284 Detected object count: 0
15:59:16.0323 5284 Actual detected object count: 0
16:12:53.0159 0452 ============================================================
16:12:53.0159 0452 Scan started
16:12:53.0159 0452 Mode: Manual; SigCheck; TDLFS;
16:12:53.0159 0452 ============================================================
16:12:54.0553 0452 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:12:54.0766 0452 ACPI - ok
16:12:55.0013 0452 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
16:12:55.0103 0452 adp94xx - ok
16:12:55.0587 0452 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
16:12:55.0606 0452 adpahci - ok
16:12:55.0923 0452 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
16:12:55.0938 0452 adpu160m - ok
16:12:56.0200 0452 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
16:12:56.0215 0452 adpu320 - ok
16:12:56.0287 0452 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:12:56.0491 0452 AFD - ok
16:12:56.0622 0452 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
16:12:56.0635 0452 agp440 - ok
16:12:56.0763 0452 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:12:56.0777 0452 aic78xx - ok
16:12:56.0819 0452 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
16:12:56.0832 0452 aliide - ok
16:12:56.0848 0452 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
16:12:56.0862 0452 amdagp - ok
16:12:56.0897 0452 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
16:12:56.0910 0452 amdide - ok
16:12:56.0937 0452 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
16:12:57.0194 0452 AmdK7 - ok
16:12:57.0227 0452 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
16:12:57.0356 0452 AmdK8 - ok
16:12:57.0649 0452 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
16:12:57.0662 0452 arc - ok
16:12:57.0720 0452 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
16:12:57.0734 0452 arcsas - ok
16:12:57.0806 0452 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:12:58.0018 0452 AsyncMac - ok
16:12:58.0087 0452 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
16:12:58.0103 0452 atapi - ok
16:12:58.0196 0452 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
16:12:58.0269 0452 avgntflt - ok
16:12:58.0301 0452 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\Windows\system32\DRIVERS\avipbb.sys
16:12:58.0317 0452 avipbb - ok
16:12:58.0502 0452 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
16:12:58.0516 0452 avkmgr - ok
16:12:58.0815 0452 b57nd60x (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:12:58.0922 0452 b57nd60x - ok
16:12:59.0177 0452 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
16:12:59.0261 0452 bcm4sbxp - ok
16:12:59.0302 0452 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:12:59.0359 0452 Beep - ok
16:12:59.0381 0452 blbdrive - ok
16:12:59.0465 0452 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:12:59.0582 0452 bowser - ok
16:12:59.0607 0452 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:12:59.0766 0452 BrFiltLo - ok
16:12:59.0788 0452 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:12:59.0848 0452 BrFiltUp - ok
16:12:59.0878 0452 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:12:59.0963 0452 Brserid - ok
16:12:59.0989 0452 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:13:00.0080 0452 BrSerWdm - ok
16:13:00.0109 0452 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:13:00.0207 0452 BrUsbMdm - ok
16:13:00.0298 0452 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:13:00.0397 0452 BrUsbSer - ok
16:13:00.0425 0452 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:13:00.0502 0452 BTHMODEM - ok
16:13:00.0628 0452 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:13:00.0700 0452 cdfs - ok
16:13:00.0742 0452 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:13:00.0800 0452 cdrom - ok
16:13:00.0836 0452 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
16:13:00.0901 0452 circlass - ok
16:13:01.0027 0452 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:13:01.0048 0452 CLFS - ok
16:13:01.0130 0452 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:13:01.0210 0452 CmBatt - ok
16:13:01.0233 0452 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
16:13:01.0245 0452 cmdide - ok
16:13:01.0343 0452 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:13:01.0356 0452 Compbatt - ok
16:13:01.0388 0452 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
16:13:01.0400 0452 crcdisk - ok
16:13:01.0484 0452 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
16:13:01.0585 0452 Crusoe - ok
16:13:01.0701 0452 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:13:01.0781 0452 DfsC - ok
16:13:01.0842 0452 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:13:01.0869 0452 disk - ok
16:13:01.0897 0452 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
16:13:01.0910 0452 DKbFltr - ok
16:13:02.0043 0452 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
16:13:02.0056 0452 DritekPortIO - ok
16:13:02.0164 0452 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:13:02.0238 0452 drmkaud - ok
16:13:02.0319 0452 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:13:02.0366 0452 DXGKrnl - ok
16:13:02.0396 0452 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:13:02.0502 0452 E1G60 - ok
16:13:02.0552 0452 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:13:02.0569 0452 Ecache - ok
16:13:02.0952 0452 eeCtrl (2d401f82d4e81aaf89daaa45f04782a2) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:13:03.0015 0452 eeCtrl - ok
16:13:03.0166 0452 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
16:13:03.0186 0452 elxstor - ok
16:13:03.0278 0452 EMSCR (1fa3f9df8983873746fa6b72dd7e3c2c) C:\Windows\system32\DRIVERS\EMS7SK.sys
16:13:03.0361 0452 EMSCR - ok
16:13:03.0389 0452 ESDCR (9c7487253aad6bf61f9bc83d50e32ccc) C:\Windows\system32\DRIVERS\ESD7SK.sys
16:13:03.0433 0452 ESDCR - ok
16:13:03.0463 0452 ESMCR (99589d975da04f8bd31f124428fcc797) C:\Windows\system32\DRIVERS\ESM7SK.sys
16:13:03.0485 0452 ESMCR - ok
16:13:03.0579 0452 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:13:03.0635 0452 exfat - ok
16:13:03.0734 0452 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:13:03.0786 0452 fastfat - ok
16:13:03.0840 0452 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
16:13:03.0924 0452 fdc - ok
16:13:04.0020 0452 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:13:04.0034 0452 FileInfo - ok
16:13:04.0141 0452 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:13:04.0212 0452 Filetrace - ok
16:13:04.0244 0452 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
16:13:04.0322 0452 flpydisk - ok
16:13:04.0473 0452 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:13:04.0492 0452 FltMgr - ok
16:13:04.0613 0452 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:13:04.0679 0452 Fs_Rec - ok
16:13:04.0724 0452 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
16:13:04.0738 0452 gagp30kx - ok
16:13:05.0056 0452 Hardlock (d95554949082fd29a04d351b58396718) C:\Windows\system32\drivers\hardlock.sys
16:13:05.0197 0452 Hardlock - ok
16:13:05.0321 0452 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\Windows\system32\drivers\Haspnt.sys
16:13:05.0367 0452 Haspnt ( UnsignedFile.Multi.Generic ) - warning
16:13:05.0368 0452 Haspnt - detected UnsignedFile.Multi.Generic (1)
16:13:05.0400 0452 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:13:05.0483 0452 HdAudAddService - ok
16:13:05.0707 0452 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:13:05.0852 0452 HDAudBus - ok
16:13:05.0920 0452 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:13:06.0020 0452 HidBth - ok
16:13:06.0059 0452 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:13:06.0159 0452 HidIr - ok
16:13:06.0266 0452 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:13:06.0339 0452 HidUsb - ok
16:13:06.0366 0452 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
16:13:06.0379 0452 HpCISSs - ok
16:13:06.0504 0452 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:13:06.0544 0452 HSFHWAZL - ok
16:13:06.0818 0452 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:13:06.0948 0452 HSF_DPV - ok
16:13:07.0030 0452 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:13:07.0074 0452 HSXHWAZL - ok
16:13:07.0246 0452 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
16:13:07.0410 0452 HTTP - ok
16:13:07.0504 0452 hwdatacard (1720966d9c7ea5e2d78b6db92d2f9171) C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:13:07.0550 0452 hwdatacard - ok
16:13:07.0588 0452 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
16:13:07.0601 0452 i2omp - ok
16:13:07.0682 0452 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:13:07.0741 0452 i8042prt - ok
16:13:07.0803 0452 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
16:13:07.0820 0452 iaStorV - ok
16:13:08.0126 0452 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:13:08.0139 0452 iirsp - ok
16:13:08.0306 0452 int15 (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Acer\Empowering Technology\eRecovery\int15.sys
16:13:08.0332 0452 int15 ( UnsignedFile.Multi.Generic ) - warning
16:13:08.0332 0452 int15 - detected UnsignedFile.Multi.Generic (1)
16:13:08.0567 0452 IntcAzAudAddService (04bef1c4aa990e0d5851c7532fc8642c) C:\Windows\system32\drivers\RTKVHDA.sys
16:13:08.0729 0452 IntcAzAudAddService - ok
16:13:08.0927 0452 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
16:13:08.0949 0452 intelide - ok
16:13:09.0184 0452 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:13:09.0231 0452 intelppm - ok
16:13:09.0508 0452 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:13:09.0559 0452 IpFilterDriver - ok
16:13:09.0812 0452 IpInIp - ok
16:13:09.0883 0452 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
16:13:09.0979 0452 IPMIDRV - ok
16:13:10.0026 0452 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:13:10.0090 0452 IPNAT - ok
16:13:10.0326 0452 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
16:13:10.0394 0452 irda - ok
16:13:10.0605 0452 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:13:10.0642 0452 IRENUM - ok
16:13:10.0792 0452 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
16:13:10.0807 0452 isapnp - ok
16:13:10.0883 0452 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:13:10.0914 0452 iScsiPrt - ok
16:13:10.0945 0452 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:13:10.0958 0452 iteatapi - ok
16:13:10.0982 0452 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:13:10.0996 0452 iteraid - ok
16:13:11.0056 0452 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:13:11.0071 0452 kbdclass - ok
16:13:11.0094 0452 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
16:13:11.0176 0452 kbdhid - ok
16:13:11.0420 0452 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
16:13:11.0465 0452 KSecDD - ok
16:13:11.0535 0452 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:13:11.0606 0452 lltdio - ok
16:13:11.0784 0452 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
16:13:11.0816 0452 LSI_FC - ok
16:13:11.0843 0452 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
16:13:11.0859 0452 LSI_SAS - ok
16:13:11.0955 0452 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
16:13:11.0980 0452 LSI_SCSI - ok
16:13:12.0063 0452 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:13:12.0132 0452 luafv - ok
16:13:12.0190 0452 massfilter (567d3cbc0ba3332887d091a237d4fd3c) C:\Windows\system32\drivers\massfilter.sys
16:13:12.0239 0452 massfilter - ok
16:13:12.0251 0452 MBAMSwissArmy - ok
16:13:12.0315 0452 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:13:12.0362 0452 mdmxsdk - ok
16:13:12.0386 0452 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
16:13:12.0399 0452 megasas - ok
16:13:12.0482 0452 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:13:12.0523 0452 Modem - ok
16:13:12.0607 0452 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:13:12.0682 0452 monitor - ok
16:13:12.0718 0452 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:13:12.0737 0452 mouclass - ok
16:13:12.0772 0452 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:13:12.0833 0452 mouhid - ok
16:13:13.0001 0452 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:13:13.0020 0452 MountMgr - ok
16:13:13.0059 0452 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
16:13:13.0087 0452 mpio - ok
16:13:13.0121 0452 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:13:13.0170 0452 mpsdrv - ok
16:13:13.0217 0452 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:13:13.0233 0452 Mraid35x - ok
16:13:13.0306 0452 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:13:13.0396 0452 MRxDAV - ok
16:13:13.0465 0452 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:13:13.0527 0452 mrxsmb - ok
16:13:13.0591 0452 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:13:13.0649 0452 mrxsmb10 - ok
16:13:13.0673 0452 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:13:13.0733 0452 mrxsmb20 - ok
16:13:13.0771 0452 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
16:13:13.0798 0452 msahci - ok
16:13:13.0837 0452 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
16:13:13.0858 0452 msdsm - ok
16:13:13.0952 0452 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:13:14.0010 0452 Msfs - ok
16:13:14.0072 0452 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:13:14.0085 0452 msisadrv - ok
16:13:14.0159 0452 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:13:14.0220 0452 MSKSSRV - ok
16:13:14.0265 0452 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:13:14.0316 0452 MSPCLOCK - ok
16:13:14.0373 0452 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:13:14.0421 0452 MSPQM - ok
16:13:14.0522 0452 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:13:14.0548 0452 MsRPC - ok
16:13:14.0608 0452 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:13:14.0639 0452 mssmbios - ok
16:13:14.0687 0452 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:13:14.0755 0452 MSTEE - ok
16:13:14.0848 0452 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:13:14.0903 0452 Mup - ok
16:13:14.0996 0452 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:13:15.0049 0452 NativeWifiP - ok
16:13:15.0176 0452 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:13:15.0249 0452 NDIS - ok
16:13:15.0336 0452 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:13:15.0383 0452 NdisTapi - ok
16:13:15.0450 0452 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:13:15.0517 0452 Ndisuio - ok
16:13:15.0587 0452 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:13:15.0625 0452 NdisWan - ok
16:13:15.0681 0452 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:13:15.0747 0452 NDProxy - ok
16:13:15.0789 0452 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:13:15.0841 0452 NetBIOS - ok
16:13:15.0966 0452 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:13:16.0070 0452 netbt - ok
16:13:16.0476 0452 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys
16:13:16.0632 0452 NETw3v32 - ok
16:13:16.0990 0452 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
16:13:17.0325 0452 NETw5v32 ( UnsignedFile.Multi.Generic ) - warning
16:13:17.0325 0452 NETw5v32 - detected UnsignedFile.Multi.Generic (1)
16:13:17.0645 0452 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:13:17.0672 0452 nfrd960 - ok
16:13:17.0827 0452 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:13:17.0875 0452 Npfs - ok
16:13:17.0938 0452 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:13:17.0987 0452 nsiproxy - ok
16:13:18.0187 0452 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:13:18.0302 0452 Ntfs - ok
16:13:18.0724 0452 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
16:13:18.0755 0452 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
16:13:18.0755 0452 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
16:13:18.0779 0452 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:13:18.0861 0452 ntrigdigi - ok
16:13:18.0968 0452 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:13:19.0025 0452 Null - ok
16:13:19.0658 0452 nvlddmkm (dcb0f735bb78497f6076177eb7d20214) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:13:20.0000 0452 nvlddmkm - ok
16:13:20.0268 0452 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
16:13:20.0299 0452 nvraid - ok
16:13:20.0326 0452 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
16:13:20.0340 0452 nvstor - ok
16:13:20.0360 0452 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
16:13:20.0390 0452 nv_agp - ok
16:13:20.0403 0452 NwlnkFlt - ok
16:13:20.0420 0452 NwlnkFwd - ok
16:13:20.0450 0452 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
16:13:20.0537 0452 ohci1394 - ok
16:13:20.0580 0452 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:13:20.0670 0452 Parport - ok
16:13:20.0940 0452 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:13:20.0980 0452 partmgr - ok
16:13:21.0370 0452 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:13:21.0474 0452 Parvdm - ok
16:13:21.0841 0452 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:13:21.0864 0452 pci - ok
16:13:21.0935 0452 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys
16:13:21.0970 0452 pciide - ok
16:13:22.0104 0452 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
16:13:22.0142 0452 pcmcia - ok
16:13:22.0278 0452 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:13:22.0463 0452 PEAUTH - ok
16:13:22.0821 0452 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:13:22.0872 0452 PptpMiniport - ok
16:13:23.0182 0452 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
16:13:23.0275 0452 Processor - ok
16:13:23.0552 0452 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:13:23.0617 0452 PSched - ok
16:13:23.0887 0452 PSDFilter (88b72d2a800300eb05c69f3c6c3180f2) C:\Windows\system32\DRIVERS\psdfilter.sys
16:13:23.0918 0452 PSDFilter ( UnsignedFile.Multi.Generic ) - warning
16:13:23.0918 0452 PSDFilter - detected UnsignedFile.Multi.Generic (1)
16:13:24.0072 0452 PSDNServ (9649e11fc5459bf6b2c9e8e327e45c3a) C:\Windows\system32\drivers\PSDNServ.sys
16:13:24.0079 0452 PSDNServ ( UnsignedFile.Multi.Generic ) - warning
16:13:24.0079 0452 PSDNServ - detected UnsignedFile.Multi.Generic (1)
16:13:24.0104 0452 psdvdisk (3d0be1373b9dfe9fc7b64f090e4d59e3) C:\Windows\system32\drivers\psdvdisk.sys
16:13:24.0126 0452 psdvdisk ( UnsignedFile.Multi.Generic ) - warning
16:13:24.0126 0452 psdvdisk - detected UnsignedFile.Multi.Generic (1)
16:13:24.0181 0452 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
16:13:24.0287 0452 ql2300 - ok
16:13:24.0328 0452 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:13:24.0345 0452 ql40xx - ok
16:13:24.0393 0452 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:13:24.0464 0452 QWAVEdrv - ok
16:13:24.0508 0452 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:13:24.0568 0452 RasAcd - ok
16:13:24.0620 0452 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:13:24.0667 0452 Rasl2tp - ok
16:13:24.0728 0452 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:13:24.0775 0452 RasPppoe - ok
16:13:24.0847 0452 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:13:24.0882 0452 RasSstp - ok
16:13:24.0937 0452 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:13:25.0008 0452 rdbss - ok
16:13:25.0060 0452 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:13:25.0115 0452 RDPCDD - ok
16:13:25.0223 0452 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
16:13:25.0437 0452 rdpdr - ok
16:13:25.0747 0452 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:13:25.0816 0452 RDPENCDD - ok
16:13:26.0073 0452 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:13:26.0147 0452 RDPWD - ok
16:13:26.0408 0452 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:13:26.0481 0452 rspndr - ok
16:13:26.0698 0452 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:13:26.0722 0452 sbp2port - ok
16:13:26.0851 0452 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
16:13:26.0917 0452 sdbus - ok
16:13:26.0986 0452 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:13:27.0073 0452 secdrv - ok
16:13:27.0126 0452 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:13:27.0212 0452 Serenum - ok
16:13:27.0242 0452 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:13:27.0331 0452 Serial - ok
16:13:27.0391 0452 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:13:27.0452 0452 sermouse - ok
16:13:27.0606 0452 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
16:13:27.0695 0452 sffdisk - ok
16:13:27.0893 0452 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
16:13:27.0979 0452 sffp_mmc - ok
16:13:28.0013 0452 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
16:13:28.0089 0452 sffp_sd - ok
16:13:28.0120 0452 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:13:28.0199 0452 sfloppy - ok
16:13:28.0251 0452 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
16:13:28.0269 0452 sisagp - ok
16:13:28.0288 0452 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
16:13:28.0319 0452 SiSRaid2 - ok
16:13:28.0361 0452 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
16:13:28.0385 0452 SiSRaid4 - ok
16:13:28.0472 0452 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:13:28.0529 0452 Smb - ok
16:13:28.0556 0452 SMSCIRDA (ced16c76469ba00e2ab310857cd4c767) C:\Windows\system32\DRIVERS\SMSCirda.sys
16:13:28.0600 0452 SMSCIRDA - ok
16:13:28.0693 0452 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:13:28.0707 0452 spldr - ok
16:13:28.0772 0452 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:13:28.0876 0452 srv - ok
16:13:28.0944 0452 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:13:29.0008 0452 srv2 - ok
16:13:29.0078 0452 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:13:29.0150 0452 srvnet - ok
16:13:29.0200 0452 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
16:13:29.0223 0452 ssmdrv - ok
16:13:29.0288 0452 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:13:29.0302 0452 swenum - ok
16:13:29.0343 0452 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:13:29.0357 0452 Symc8xx - ok
16:13:29.0382 0452 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:13:29.0396 0452 Sym_hi - ok
16:13:29.0420 0452 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:13:29.0441 0452 Sym_u3 - ok
16:13:29.0463 0452 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys
16:13:29.0483 0452 SynTP - ok
16:13:29.0727 0452 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
16:13:29.0856 0452 Tcpip - ok
16:13:30.0415 0452 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
16:13:30.0559 0452 Tcpip6 - ok
16:13:30.0903 0452 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
16:13:31.0073 0452 tcpipreg - ok
16:13:31.0559 0452 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:13:31.0652 0452 TDPIPE - ok
16:13:31.0934 0452 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:13:31.0971 0452 TDTCP - ok
16:13:32.0151 0452 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
16:13:32.0201 0452 tdx - ok
16:13:32.0284 0452 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:13:32.0321 0452 TermDD - ok
16:13:32.0453 0452 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:13:32.0525 0452 tssecsrv - ok
16:13:32.0576 0452 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:13:32.0662 0452 tunmp - ok
16:13:32.0707 0452 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:13:32.0733 0452 tunnel - ok
16:13:32.0775 0452 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
16:13:32.0790 0452 uagp35 - ok
16:13:32.0822 0452 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\Windows\system32\drivers\UBHelper.sys
16:13:32.0863 0452 UBHelper ( UnsignedFile.Multi.Generic ) - warning
16:13:32.0863 0452 UBHelper - detected UnsignedFile.Multi.Generic (1)
16:13:32.0926 0452 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:13:32.0962 0452 udfs - ok
16:13:33.0046 0452 UIUSys - ok
16:13:33.0175 0452 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
16:13:33.0197 0452 uliagpkx - ok
16:13:33.0227 0452 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
16:13:33.0247 0452 uliahci - ok
16:13:33.0286 0452 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:13:33.0302 0452 UlSata - ok
16:13:33.0326 0452 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:13:33.0360 0452 ulsata2 - ok
16:13:33.0408 0452 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:13:33.0461 0452 umbus - ok
16:13:33.0590 0452 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:13:33.0634 0452 usbccgp - ok
16:13:33.0683 0452 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:13:33.0769 0452 usbcir - ok
16:13:33.0823 0452 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:13:33.0868 0452 usbehci - ok
16:13:33.0900 0452 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:13:33.0945 0452 usbhub - ok
16:13:33.0979 0452 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:13:34.0058 0452 usbohci - ok
16:13:34.0084 0452 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
16:13:34.0161 0452 usbprint - ok
16:13:34.0465 0452 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:13:34.0507 0452 USBSTOR - ok
16:13:34.0580 0452 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:13:34.0626 0452 usbuhci - ok
16:13:34.0684 0452 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
16:13:34.0762 0452 vga - ok
16:13:34.0808 0452 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:13:34.0856 0452 VgaSave - ok
16:13:34.0887 0452 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
16:13:34.0914 0452 viaagp - ok
16:13:34.0941 0452 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
16:13:35.0025 0452 ViaC7 - ok
16:13:35.0144 0452 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
16:13:35.0217 0452 viaide - ok
16:13:35.0278 0452 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:13:35.0302 0452 volmgr - ok
16:13:35.0405 0452 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:13:35.0454 0452 volmgrx - ok
16:13:35.0504 0452 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:13:35.0526 0452 volsnap - ok
16:13:35.0566 0452 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
16:13:35.0593 0452 vsmraid - ok
16:13:35.0625 0452 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:13:35.0701 0452 WacomPen - ok
16:13:35.0752 0452 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:13:35.0786 0452 Wanarp - ok
16:13:35.0795 0452 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:13:35.0829 0452 Wanarpv6 - ok
16:13:35.0996 0452 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
16:13:36.0010 0452 Wd - ok
16:13:36.0122 0452 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:13:36.0181 0452 Wdf01000 - ok
16:13:36.0264 0452 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:13:36.0307 0452 winachsf - ok
16:13:36.0514 0452 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:13:36.0554 0452 WmiAcpi - ok
16:13:36.0638 0452 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:13:36.0731 0452 WpdUsb - ok
16:13:36.0789 0452 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:13:36.0828 0452 ws2ifsl - ok
16:13:36.0994 0452 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:13:37.0043 0452 WUDFRd - ok
16:13:37.0562 0452 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
16:13:37.0594 0452 XAudio - ok
16:13:37.0823 0452 ZTEusbmdm6k (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
16:13:37.0877 0452 ZTEusbmdm6k - ok
16:13:37.0945 0452 ZTEusbnmea (f16ce3c7690ab7426dc96520d54a737e) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
16:13:37.0995 0452 ZTEusbnmea - ok
16:13:38.0024 0452 ZTEusbser6k (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
16:13:38.0042 0452 ZTEusbser6k - ok
16:13:38.0081 0452 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
16:13:40.0872 0452 \Device\Harddisk0\DR0 - ok
16:13:40.0916 0452 Boot (0x1200) (014ca19c129256f8eab2549c3f889605) \Device\Harddisk0\DR0\Partition0
16:13:40.0926 0452 \Device\Harddisk0\DR0\Partition0 - ok
16:13:40.0991 0452 Boot (0x1200) (8ce178f40e5b9798b87d7a3dceaa5180) \Device\Harddisk0\DR0\Partition1
16:13:41.0019 0452 \Device\Harddisk0\DR0\Partition1 - ok
16:13:41.0020 0452 ============================================================
16:13:41.0020 0452 Scan finished
16:13:41.0020 0452 ============================================================
16:13:41.0039 4236 Detected object count: 8
16:13:41.0039 4236 Actual detected object count: 8
16:14:01.0783 4236 Haspnt ( UnsignedFile.Multi.Generic ) - skipped by user
16:14:01.0784 4236 Haspnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:14:01.0787 4236 int15 ( UnsignedFile.Multi.Generic ) - skipped by user
16:14:01.0787 4236 int15 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:14:01.0792 4236 NETw5v32 ( UnsignedFile.Multi.Generic ) - skipped by user
16:14:01.0792 4236 NETw5v32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:14:01.0794 4236 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
16:14:01.0794 4236 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:14:01.0797 4236 PSDFilter ( UnsignedFile.Multi.Generic ) - skipped by user
16:14:01.0797 4236 PSDFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:14:01.0800 4236 PSDNServ ( UnsignedFile.Multi.Generic ) - skipped by user
16:14:01.0800 4236 PSDNServ ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:14:01.0803 4236 psdvdisk ( UnsignedFile.Multi.Generic ) - skipped by user
16:14:01.0803 4236 psdvdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:14:01.0806 4236 UBHelper ( UnsignedFile.Multi.Generic ) - skipped by user
16:14:01.0806 4236 UBHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip



Grüße,

Stephanie

Geändert von Grisu 35 (05.12.2011 um 15:18 Uhr) Grund: Falsche Einstellungen, Log ausgetauscht

Alt 05.12.2011, 17:40   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet - Standard

Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.12.2011, 19:00   #11
Grisu 35
 
Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet - Standard

Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet



Hallo,

ich hatte nach dem Neustart Probleme das Log von Combofix zu finden. Ich hoffe das ist das richtige, ansonsten habe ich hier noch eine Quarantäne.txt von Combofix, soll die auch mit rein?

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-12-05.02 - Steffi 05.12.2011  19:26:37.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.1021.479 [GMT 1:00]
ausgeführt von:: c:\users\Steffi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-05 bis 2011-12-05  ))))))))))))))))))))))))))))))
.
.
2011-12-05 13:44 . 2011-12-05 13:44	--------	d-----w-	C:\_OTL
2011-12-04 21:42 . 2011-12-04 21:42	--------	d-----w-	c:\program files\ESET
2011-12-04 18:56 . 2011-12-04 18:56	--------	d-----w-	c:\users\Steffi\AppData\Roaming\Malwarebytes
2011-12-04 18:55 . 2011-12-04 18:55	--------	d-----w-	c:\programdata\Malwarebytes
2011-12-04 18:54 . 2011-12-04 18:55	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-12-04 18:54 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-01 08:44 . 2011-09-06 13:30	2043392	----a-w-	c:\windows\system32\win32k.sys
2011-12-01 08:42 . 2011-10-17 11:41	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-12-01 08:42 . 2011-08-13 04:43	6144	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2011-12-01 08:42 . 2011-08-25 16:15	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2011-12-01 08:42 . 2011-08-25 16:14	238080	----a-w-	c:\windows\system32\oleacc.dll
2011-12-01 08:42 . 2011-08-25 16:14	563712	----a-w-	c:\windows\system32\oleaut32.dll
2011-12-01 08:42 . 2011-08-25 13:31	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2011-12-01 08:42 . 2011-09-20 21:02	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-12-01 08:42 . 2011-09-30 15:57	707584	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-12-01 07:04 . 2011-12-01 07:05	143	----a-w-	c:\users\Steffi\AppData\Roaming\Microsoft\1EE2\bl124753_64.bat
2011-11-23 16:04 . 2011-11-23 16:04	--------	d-----w-	c:\users\Steffi\AppData\Local\Unity
2011-11-22 08:00 . 2011-10-07 03:48	6668624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{36C02AD1-5ADE-4505-8102-8954AB4AE60B}\mpengine.dll
2011-11-20 15:27 . 2011-11-20 15:27	--------	d-----w-	c:\program files\Ovis
2011-11-17 17:09 . 2003-11-10 17:13	69715	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-11-17 17:09 . 2003-11-10 17:12	266240	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-11-17 17:09 . 2003-11-10 17:12	192512	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-11-17 17:09 . 2003-11-10 17:11	5632	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-11-17 17:09 . 2003-11-10 17:14	729088	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-11-17 17:09 . 2011-11-17 17:09	188548	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-11-17 17:09 . 2011-11-17 17:09	311428	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-11-17 16:50 . 2011-11-17 16:50	--------	d-----w-	c:\program files\SystemRequirementsLab
2011-11-06 10:39 . 2011-11-06 10:39	--------	d-----w-	c:\users\Steffi\AppData\Roaming\dvdcss
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-17 07:16 . 2011-07-25 06:12	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 13:00 . 2011-10-19 06:27	74640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-19 06:27	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-10-11 13:00 . 2011-10-19 06:27	134344	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-11-26 18:07 . 2011-05-09 19:04	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"UIExec"="c:\program files\Join Air\UIExec.exe" [2009-08-31 132608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-12-24 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-20 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-20 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-20 81920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-4-15 110592]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-5 528384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]
??????????????e [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59	937920	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44	248552	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 136176]
R2 UI Assistant Service;UI Assistant Service;c:\program files\Join Air\AssistantServices.exe [2009-08-31 241664]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-04-22 9728]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 35413875
*Deregistered* - 35413875
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 10:39]
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 10:39]
.
2011-12-05 c:\windows\Tasks\User_Feed_Synchronization-{02450484-794A-42CC-8D18-CF725362E277}.job
- c:\windows\system32\msfeedssync.exe [2011-12-01 21:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uSearchMigratedDefaultURL = 
mStart Page = 
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Steffi\AppData\Roaming\Mozilla\Firefox\Profiles\iv44ljhc.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - 
FF - user.js: yahoo.homepage.dontask - true
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-eRecoveryService - (no file)
AddRemove-Volo View Express - c:\windows\unin0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-05 19:36
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-12-05  19:40:52
ComboFix-quarantined-files.txt  2011-12-05 18:40
.
Vor Suchlauf: 12 Verzeichnis(se), 22.781.526.016 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 22.600.491.008 Bytes frei
.
- - End Of File - - 348B78B02606BFED0AFD4E0A74679EE2
         
--- --- ---


Grüße, Stephanie

Alt 05.12.2011, 19:43   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet - Standard

Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.12.2011, 20:33   #13
Grisu 35
 
Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet - Standard

Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet



Hallo Arne,

hat etwas gedauert bis die Log geschrieben war..

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-12-05.02 - Steffi 05.12.2011  20:54:02.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.1021.364 [GMT 1:00]
ausgeführt von:: c:\users\Steffi\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Steffi\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infizierte Kopie von c:\windows\system32\user32.dll wurde gefunden und desinfiziert 
Kopie von - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!user32.dll wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-05 bis 2011-12-05  ))))))))))))))))))))))))))))))
.
.
2011-12-05 20:05 . 2011-12-05 20:17	--------	d-----w-	c:\users\Steffi\AppData\Local\temp
2011-12-05 20:05 . 2011-12-05 20:05	--------	d-----w-	c:\users\Holger\AppData\Local\temp
2011-12-05 20:05 . 2011-12-05 20:05	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-05 13:44 . 2011-12-05 13:44	--------	d-----w-	C:\_OTL
2011-12-04 21:42 . 2011-12-04 21:42	--------	d-----w-	c:\program files\ESET
2011-12-04 18:56 . 2011-12-04 18:56	--------	d-----w-	c:\users\Steffi\AppData\Roaming\Malwarebytes
2011-12-04 18:55 . 2011-12-04 18:55	--------	d-----w-	c:\programdata\Malwarebytes
2011-12-04 18:54 . 2011-12-04 18:55	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-12-04 18:54 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-01 08:44 . 2011-09-06 13:30	2043392	----a-w-	c:\windows\system32\win32k.sys
2011-12-01 08:42 . 2011-10-17 11:41	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-12-01 08:42 . 2011-08-13 04:43	6144	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2011-12-01 08:42 . 2011-08-25 16:15	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2011-12-01 08:42 . 2011-08-25 16:14	238080	----a-w-	c:\windows\system32\oleacc.dll
2011-12-01 08:42 . 2011-08-25 16:14	563712	----a-w-	c:\windows\system32\oleaut32.dll
2011-12-01 08:42 . 2011-08-25 13:31	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2011-12-01 08:42 . 2011-09-20 21:02	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-12-01 08:42 . 2011-09-30 15:57	707584	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-12-01 07:04 . 2011-12-01 07:05	143	----a-w-	c:\users\Steffi\AppData\Roaming\Microsoft\1EE2\bl124753_64.bat
2011-11-23 16:04 . 2011-11-23 16:04	--------	d-----w-	c:\users\Steffi\AppData\Local\Unity
2011-11-22 08:00 . 2011-10-07 03:48	6668624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{36C02AD1-5ADE-4505-8102-8954AB4AE60B}\mpengine.dll
2011-11-20 15:27 . 2011-11-20 15:27	--------	d-----w-	c:\program files\Ovis
2011-11-17 17:09 . 2003-11-10 17:13	69715	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-11-17 17:09 . 2003-11-10 17:12	266240	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-11-17 17:09 . 2003-11-10 17:12	192512	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-11-17 17:09 . 2003-11-10 17:11	5632	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-11-17 17:09 . 2003-11-10 17:14	729088	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-11-17 17:09 . 2011-11-17 17:09	188548	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-11-17 17:09 . 2011-11-17 17:09	311428	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-11-17 16:50 . 2011-11-17 16:50	--------	d-----w-	c:\program files\SystemRequirementsLab
2011-11-06 10:39 . 2011-11-06 10:39	--------	d-----w-	c:\users\Steffi\AppData\Roaming\dvdcss
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-17 07:16 . 2011-07-25 06:12	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 13:00 . 2011-10-19 06:27	74640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-19 06:27	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-10-11 13:00 . 2011-10-19 06:27	134344	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-11-26 18:07 . 2011-05-09 19:04	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"UIExec"="c:\program files\Join Air\UIExec.exe" [2009-08-31 132608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-12-24 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-20 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-20 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-20 81920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-4-15 110592]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-5 528384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]
??????????????e [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59	937920	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44	248552	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 136176]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-04-22 9728]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 UI Assistant Service;UI Assistant Service;c:\program files\Join Air\AssistantServices.exe [2009-08-31 241664]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 10:39]
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-26 10:39]
.
2011-12-05 c:\windows\Tasks\User_Feed_Synchronization-{02450484-794A-42CC-8D18-CF725362E277}.job
- c:\windows\system32\msfeedssync.exe [2011-12-01 21:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uSearchMigratedDefaultURL = 
mStart Page = 
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Steffi\AppData\Roaming\Mozilla\Firefox\Profiles\iv44ljhc.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - 
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4748)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\ShowErrMsg.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\System32\rundll32.exe
c:\acer\Empowering Technology\ENET\ENMTRAY.EXE
c:\windows\ehome\ehmsas.exe
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\users\Steffi\AppData\Local\Temp\RtkBtMnt.exe
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\program files\avira\antivir desktop\ipmGui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-05  21:26:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-12-05 20:23
ComboFix2.txt  2011-12-05 18:40
.
Vor Suchlauf: 15 Verzeichnis(se), 22.512.340.992 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 22.465.036.288 Bytes frei
.
- - End Of File - - F567D1EC70BEC5433964165A4504A52F
         
--- --- ---

Grüße, Stephanie

Alt 05.12.2011, 21:36   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet - Standard

Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.12.2011, 08:44   #15
Grisu 35
 
Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet - Standard

Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet



Einen schönen Nikolausmorgen :-)

Hier die drei Scans.
GMER

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-06 09:07:42
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVS-22RST0 rev.04.01G04
Running: bv6lfwgn.exe; Driver: C:\Users\Steffi\AppData\Local\Temp\kgtdqpoc.sys


---- System - GMER 1.0.15 ----

SSDT                                                                                                                                  87D0EB1E                                                                                             ZwCreateSection
SSDT                                                                                                                                  87D0EB28                                                                                             ZwRequestWaitReplyPort
SSDT                                                                                                                                  87D0EB23                                                                                             ZwSetContextThread
SSDT                                                                                                                                  87D0EB2D                                                                                             ZwSetSecurityObject
SSDT                                                                                                                                  87D0EB32                                                                                             ZwSystemDebugControl
SSDT                                                                                                                                  87D0EABF                                                                                             ZwTerminateProcess

INT 0x06                                                                                                                              \??\C:\Windows\system32\drivers\Haspnt.sys                                                           9A10A16D
INT 0x0E                                                                                                                              \??\C:\Windows\system32\drivers\Haspnt.sys                                                           9A109FC2

---- Kernel code sections - GMER 1.0.15 ----

.text                                                                                                                                 ntkrnlpa.exe!KeSetEvent + 215                                                                        828E7998 4 Bytes  [1E, EB, D0, 87]
.text                                                                                                                                 ntkrnlpa.exe!KeSetEvent + 539                                                                        828E7CBC 4 Bytes  [28, EB, D0, 87]
.text                                                                                                                                 ntkrnlpa.exe!KeSetEvent + 56D                                                                        828E7CF0 4 Bytes  [23, EB, D0, 87]
.text                                                                                                                                 ntkrnlpa.exe!KeSetEvent + 5D1                                                                        828E7D54 4 Bytes  [2D, EB, D0, 87]
.text                                                                                                                                 ntkrnlpa.exe!KeSetEvent + 619                                                                        828E7D9C 4 Bytes  [32, EB, D0, 87]
.text                                                                                                                                 ...                                                                                                  
.text                                                                                                                                 C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                             section is writeable [0x8AC0B340, 0x2932D7, 0xE8000020]
.text                                                                                                                                 C:\Windows\system32\drivers\hardlock.sys                                                             section is writeable [0x9A129400, 0x87EE2, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9A1CD620]  C:\Windows\system32\drivers\hardlock.sys                                                             entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9A1CD620]
.protectÿÿÿÿhardlockunknown last code section [0x9A1CD400, 0x5126, 0xE0000020]                                                        C:\Windows\system32\drivers\hardlock.sys                                                             unknown last code section [0x9A1CD400, 0x5126, 0xE0000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT                                                                                                                                   C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [73FA7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [73FFA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [73FABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [73F9F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [73FA75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [73F9E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [73FD8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [73FADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [73F9FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [73F9FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [73F971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [7402CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [73FCC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [73F9D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [73F96853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [73F9687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[3944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [73FA2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT                                                                                                                                   C:\Windows\Explorer.EXE[3944] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free]                      [6276F3FB] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice                                                                                                                        \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\kbdclass \Device\KeyboardClass1                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice                                                                                                                        \FileSystem\fastfat \Fat                                                                             fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
--- --- ---

OSAM:

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 09:17:00 on 06.12.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 8.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
"plotman.cpl" - "Autodesk, Inc." - C:\Windows\system32\plotman.cpl
"styleman.cpl" - "Autodesk, Inc." - C:\Windows\system32\styleman.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"AdobeGamma" - ? - %CommonFiles%\Adobe\Callibration\Adobe Gamma.cpl  (File not found)
"PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Conexant Setup API" (UIUSys) - ? - C:\Windows\System32\DRIVERS\UIUSYS.SYS  (File not found)
"Dritek General Port I/O" (DritekPortIO) - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\DPortIO.sys
"Haspnt" (Haspnt) - "Aladdin Knowledge Systems" - C:\Windows\system32\drivers\Haspnt.sys
"int15" (int15) - ? - C:\Acer\Empowering Technology\eRecovery\int15.sys  (File found, but it contains no detailed information)
"Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit" (NETw5v32) - "Intel Corporation" - C:\Windows\System32\DRIVERS\NETw5v32.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kgtdqpoc" (kgtdqpoc) - ? - C:\Users\Steffi\AppData\Local\Temp\kgtdqpoc.sys  (Hidden registry entry, rootkit activity | File not found)
"MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\Windows\system32\drivers\mbamswissarmy.sys  (File not found)
"PSDFilter" (PSDFilter) - "HiTRUST" - C:\Windows\System32\DRIVERS\psdfilter.sys
"PSDNSERVER" (PSDNServ) - "HiTRUST" - C:\Windows\System32\drivers\PSDNServ.sys
"psdvdisk" (psdvdisk) - "HiTRUST" - C:\Windows\System32\drivers\psdvdisk.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
"UBHelper" (UBHelper) - ? - C:\Windows\system32\drivers\UBHelper.sys  (File found, but it contains no detailed information)
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll  (File not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} "AcDcToday-Steuerung" - "Autodesk" - C:\Windows\DOWNLO~1\ACDCTO~1.OCX / file:///C:/Programme/AutoCAD%202002%20Deu/AcDcToday.ocx
{F281A59C-7B65-11D3-8617-0010830243BD} "AcPreview-Steuerung" - "Autodesk" - C:\Windows\DOWNLO~1\ACPREV~1.OCX / file:///C:/Programme/AutoCAD%202002%20Deu/AcPreview.ocx
{1F831FA3-42FC-11D4-95A6-0080AD30DCE1} "InstaFred" - "Autodesk, Inc." - C:\Windows\DOWNLO~1\InstFred.ocx / file:///C:/Programme/AutoCAD%202002%20Deu/InstFred.ocx
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{AE563724-B4F5-11D4-A415-00108302FDFD} "NOXLATE-BANR" - "Autodesk, Inc." - C:\Windows\DOWNLO~1\InstBanr.ocx / file:///C:/Programme/AutoCAD%202002%20Deu/InstBanr.ocx
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "ShowBarObj Class" - "HiTRUST" - C:\Windows\system32\ActiveToolBand.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Empowering Technology Launcher.lnk" - "Acer Inc." - C:\Acer\Empowering Technology\eAPLauncher.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"eDataSecurity Loader" - "HiTRUST" - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
"LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe
"QuickTime Task" - "Apple Computer, Inc." - "C:\Program Files\QuickTime\qttask.exe" -atboottime
"UIExec" - ? - "C:\Program Files\Join Air\UIExec.exe"  (File found, but it contains no detailed information)
"WarReg_PopUp" - "Acer Inc." - C:\Acer\WR_PopUp\WarReg_PopUp.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" (Bonjour Service) - "Apple Computer, Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"eLock Service" (eLockService) - "Acer Inc." - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
"eNet Service" (eNet Service) - "Acer Inc." - C:\Acer\Empowering Technology\eNet\eNet Service.exe
"ePower Service" (WMIService) - "acer" - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
"eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
"eSettings Service" (eSettingsService) - ? - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Symantec Lic NetConnect service" (CLTNetCnService) - ? - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon  (File not found)
"UI Assistant Service" (UI Assistant Service) - ? - C:\Program Files\Join Air\AssistantServices.exe  (File found, but it contains no detailed information)

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - ? - C:\Windows\Acer.scr  (File found, but it contains no detailed information)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Computer, Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

ASW:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-06 09:17:49
-----------------------------
09:17:49.677 OS Version: Windows 6.0.6002 Service Pack 2
09:17:49.677 Number of processors: 2 586 0xE08
09:17:49.678 ComputerName: GRISU UserName:
09:18:05.739 Initialize success
09:20:19.386 AVAST engine defs: 11120501
09:20:29.183 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:20:29.243 Disk 0 Vendor: WDC_WD1600BEVS-22RST0 04.01G04 Size: 152627MB BusType: 3
09:20:31.448 Disk 0 MBR read successfully
09:20:31.451 Disk 0 MBR scan
09:20:31.594 Disk 0 unknown MBR code
09:20:31.656 Disk 0 scanning sectors +312576705
09:20:32.155 Disk 0 scanning C:\Windows\system32\drivers
09:22:17.462 Service scanning
09:22:20.793 Modules scanning
09:23:51.698 Disk 0 trace - called modules:
09:23:51.724 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
09:23:51.729 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858f32c8]
09:23:51.734 3 CLASSPNP.SYS[86fb48b3] -> nt!IofCallDriver -> [0x852eb4c8]
09:23:51.741 5 acpi.sys[82e9b6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x852eb030]
09:23:53.272 AVAST engine scan C:\Windows
09:24:12.396 AVAST engine scan C:\Windows\system32
09:29:32.037 AVAST engine scan C:\Windows\system32\drivers
09:29:53.887 AVAST engine scan C:\Users\Steffi
09:35:45.632 AVAST engine scan C:\ProgramData
09:37:37.681 Scan finished successfully
09:38:35.527 Disk 0 MBR has been saved successfully to "C:\Users\Steffi\Desktop\MBR.dat"
09:38:35.535 The log file has been saved successfully to "C:\Users\Steffi\Desktop\aswMBR.txt"


Grüße,

Stephanie

Antwort

Themen zu Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet
0x00000001, alternate, antivir, autorun, avira, bho, bonjour, boot-cd, c:\windows\system32\rundll32.exe, computer, error, excel, excel.exe, firefox, format, google, google earth, helper, home, hängt, launch, nvlddmkm.sys, popup, problem, realtek, registry, required, rundll, senden, sketchup, software, starten, symantec, version=1.0, virus, virus ?, vista



Ähnliche Themen: Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet


  1. Windows 7: C: Festplatte wir immer voller obwohl ich nichts mache!
    Log-Analyse und Auswertung - 30.01.2015 (12)
  2. Windows 7 Meldung Win32/Small-CA Virus entfernen, AntiVir findet nichts, Windows Update und Defender funktionieren nicht mehr
    Log-Analyse und Auswertung - 20.11.2013 (15)
  3. system neu aufgesetzt,trojaner symptome immer noch da
    Log-Analyse und Auswertung - 10.09.2013 (1)
  4. Google redirect Virus und nichts hilft scheinbar
    Plagegeister aller Art und deren Bekämpfung - 12.02.2013 (18)
  5. Virus "exp/cve-2012-1723.A.597" von antivir gefunden; malware-bytes findet nichts
    Plagegeister aller Art und deren Bekämpfung - 12.12.2012 (29)
  6. AntiVir Echtzeit Scanner meldete Trojaner, findet jetzt aber nichts mehr
    Log-Analyse und Auswertung - 23.11.2012 (16)
  7. Virus vernichtet Antivir-Programm und lässt nichts neues Installieren, alles mögliche erfordert immer Neustart des Pc's
    Log-Analyse und Auswertung - 21.09.2012 (3)
  8. AntiVir findet nichts doch Malwarebytes findet 22 infizierte Dateien
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (21)
  9. Antivir findet 9 Viren, malware findet nichts mehr
    Plagegeister aller Art und deren Bekämpfung - 28.05.2012 (18)
  10. Google redirect Virus, werde bei den Suchergebnissen immer auf rocketnews.com weitergeleitet
    Plagegeister aller Art und deren Bekämpfung - 27.05.2012 (6)
  11. Windows recovery Virus - bekämpft, aber noch Symptome
    Log-Analyse und Auswertung - 21.06.2011 (17)
  12. Nach Installation von AntiVir geht nichts mehr. Heftiger Virus?
    Plagegeister aller Art und deren Bekämpfung - 21.09.2010 (5)
  13. Gehackt Antivir findet nichts
    Plagegeister aller Art und deren Bekämpfung - 16.05.2010 (17)
  14. Virusbefall? Im normalen Modus nichts mehr möglich; Antivir sagt nichts
    Plagegeister aller Art und deren Bekämpfung - 30.11.2009 (0)
  15. AntiVir findet inzwischen nichts mehr
    Log-Analyse und Auswertung - 13.02.2009 (4)
  16. kein windows & antivir update mehr möglich - antivir findet nichts "böses"
    Plagegeister aller Art und deren Bekämpfung - 02.12.2008 (1)
  17. ständig popup, obwohl ich nichts mehr finden kann
    Log-Analyse und Auswertung - 07.04.2005 (1)

Zum Thema Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet - Hallo, ich habe versucht alle Logfiles zu erstellen und hoffe es ist richtig so. Zu meinem Problem: Seit ca. 4 Tagen konnte Antivir nicht mehr auto-updaten. Außerdem bin ich bei - Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet...
Archiv
Du betrachtest: Google redirect Virus ? Immer noch Symptome obwohl Antivir nichts mehr findet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.