Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 07.01.2012, 15:09   #1
Cam´ron
 
Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten! - Standard

Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten!



Guten Tag an alle,

habe ein Problem Malwarebytes identifiziert PUP.VShareRedir als infizierte Regdatei. Was kann das sein? Was kann ich tun? ... Ich nutze Windows 7 SP1 und habe als Antivirlösung Avira und halte meine Software mit Secunia Up to Date. Ebenso ist wie schon bemerkt Malwarebytes im Einsatz. Hier mein OTL Log:

OTL logfile created on: 07.01.2012 13:58:14 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\****\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,97 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 60,28% Memory free
5,93 Gb Paging File | 4,69 Gb Available in Paging File | 79,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40,09 Gb Total Space | 8,10 Gb Free Space | 20,20% Space Free | Partition Type: NTFS
Drive D: | 245,00 Gb Total Space | 26,63 Gb Free Space | 10,87% Space Free | Partition Type: NTFS

Computer Name: ****-PC | User Name: ****| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - D:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - D:\Programme\WINRAR\RarExt.dll ()
MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Microsoft Office Groove Audit Service) -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.26 12:01:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011.12.01 12:55:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2011.12.26 12:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.17 06:09:01 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.17 02:38:42 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011.12.17 02:25:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.17 02:38:42 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011.12.17 02:38:42 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011.12.17 02:38:42 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GrooveMonitor] D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\OFFICE~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Games\poker2\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - D:\Games\poker\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 78.42.43.62 82.212.62.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B11D610-01F6-4AAB-B0AF-233A52D16215}: DhcpNameServer = 192.168.0.1 78.42.43.62 82.212.62.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1161126A-9E83-4B0A-8005-392BF17A62E6}: DhcpNameServer = 192.168.0.1 78.42.43.62 82.212.62.62
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Programme\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Programme\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8222de6c-5002-11df-ba60-001377febcec}\Shell - "" = AutoRun
O33 - MountPoints2\{8222de6c-5002-11df-ba60-001377febcec}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{eee052c5-306c-11df-9967-001377febcec}\Shell - "" = AutoRun
O33 - MountPoints2\{eee052c5-306c-11df-9967-001377febcec}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: hpqSRMon - hkey= - key= - C:\Programme\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - File not found
MsConfig - StartUpReg: Linkury Chrome Smartbar - hkey= - key= - C:\Program Files\Linkury\Linkury.exe (Linkury)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: nmapp - hkey= - key= - File not found
MsConfig - StartUpReg: nmctxth - hkey= - key= - File not found
MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012.01.07 13:03:55 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\backups
[2012.01.07 12:59:28 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\****\Desktop\HiJackThis204.exe
[2012.01.04 13:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012.01.04 13:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012.01.04 13:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012.01.03 21:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter
[2012.01.03 21:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Free M4a to MP3 Converter
[2012.01.02 18:34:26 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\WindowsUpdate
[2011.12.18 15:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARIS Business Performance Edition
[2011.12.18 15:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\ARIS7.1
[2011.12.18 13:59:30 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\ARIS710_PLATFORM_501900
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\****\Desktop\*.tmp files -> C:\Users\****\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.01.07 14:02:09 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.07 14:02:09 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.07 13:58:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.07 13:58:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.07 13:54:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.07 13:54:17 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.07 13:53:20 | 000,000,020 | ---- | M] () -- C:\Users\****\defogger_reenable
[2012.01.07 13:51:18 | 000,302,592 | ---- | M] () -- C:\Users\****\Desktop\v7h3t9bo.exe
[2012.01.07 13:51:10 | 000,050,477 | ---- | M] () -- C:\Users\****\Desktop\Defogger.exe
[2012.01.07 12:59:28 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\****\Desktop\HiJackThis204.exe
[2012.01.07 11:55:25 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.07 11:55:25 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.07 11:55:25 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.07 11:55:25 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.04 13:26:51 | 002,086,240 | ---- | M] () -- C:\Users\****\Desktop\SecurityTaskManager_Setup.exe
[2012.01.03 21:49:24 | 000,001,027 | ---- | M] () -- C:\Users\****\Desktop\Free M4a to MP3 Converter.lnk
[2012.01.03 12:54:49 | 003,477,536 | ---- | M] () -- C:\Users\****\Desktop\WRT160Nv3_0_03_003.code1.bin
[2012.01.03 12:13:35 | 000,416,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.26 12:14:37 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.12.26 12:01:17 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.12.18 15:14:45 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\ARIS Business Architect 7.1.lnk
[2011.12.18 15:12:29 | 000,021,617 | ---- | M] () -- C:\Windows\System32\drivers\etc\services
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\****\Desktop\*.tmp files -> C:\Users\****\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.01.07 13:53:06 | 000,000,020 | ---- | C] () -- C:\Users\****\defogger_reenable
[2012.01.07 13:51:18 | 000,302,592 | ---- | C] () -- C:\Users\****\Desktop\v7h3t9bo.exe
[2012.01.07 13:51:10 | 000,050,477 | ---- | C] () -- C:\Users\****\Desktop\Defogger.exe
[2012.01.04 13:26:50 | 002,086,240 | ---- | C] () -- C:\Users\****\Desktop\SecurityTaskManager_Setup.exe
[2012.01.03 21:49:24 | 000,001,027 | ---- | C] () -- C:\Users\****\Desktop\Free M4a to MP3 Converter.lnk
[2012.01.03 12:54:49 | 003,477,536 | ---- | C] () -- C:\Users\****\Desktop\WRT160Nv3_0_03_003.code1.bin
[2011.12.26 12:14:37 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.12.26 12:01:17 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.12.18 15:14:45 | 000,002,124 | ---- | C] () -- C:\Users\Public\Desktop\ARIS Business Architect 7.1.lnk
[2011.11.03 19:26:42 | 001,064,960 | ---- | C] () -- C:\Windows\System32\h5krnl32.dll
[2011.11.03 19:26:42 | 000,188,928 | ---- | C] () -- C:\Windows\System32\h5icon32.dll
[2011.11.03 19:26:42 | 000,175,616 | ---- | C] () -- C:\Windows\System32\h5menu32.dll
[2011.11.03 19:26:42 | 000,095,744 | ---- | C] () -- C:\Windows\System32\h5rtf32.dll
[2011.11.03 19:26:42 | 000,051,200 | ---- | C] () -- C:\Windows\System32\h5tool32.dll
[2011.05.31 20:41:40 | 000,000,000 | ---- | C] () -- C:\Users\****\AppData\Local\{09C41884-1F45-41E1-8676-A7BCD1DF561F}
[2010.11.27 01:20:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.25 01:47:52 | 000,000,614 | ---- | C] () -- C:\Windows\eReg.dat
[2010.04.24 19:56:04 | 000,000,273 | ---- | C] () -- C:\Windows\game.ini
[2010.03.21 19:13:45 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.03.16 18:54:10 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb
[2010.03.16 18:49:09 | 000,000,133 | ---- | C] () -- C:\Users\****\AppData\Roaming\burnaware.ini
[2010.03.16 09:13:28 | 000,226,695 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010.03.16 09:13:28 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2010.03.11 13:11:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.09.30 04:14:28 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.09.30 04:14:28 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.09.30 04:14:28 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.09.30 04:14:28 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,416,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.02.18 17:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.02.03 20:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe

========== LOP Check ==========

[2010.03.15 20:26:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Alle meine Passworte
[2011.07.16 22:49:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\avidemux
[2010.03.16 18:38:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe Limited
[2010.04.25 01:37:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2010.03.26 17:01:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\GetRightToGo
[2011.12.19 14:10:22 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ
[2010.03.23 13:53:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\NCH Swift Sound
[2011.11.06 15:26:55 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenCandy
[2010.05.25 17:05:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera
[2011.01.12 15:26:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\pschmid.net
[2011.12.22 16:02:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SAP
[2010.03.23 13:54:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\streamripper
[2011.01.25 22:34:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TS3Client
[2011.11.17 13:52:59 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2011.11.30 09:21:44 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.07.31 12:25:01 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache
[2011.09.30 13:51:13 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.01.06 20:10:45 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2009.10.04 11:20:23 | 000,000,000 | ---D | M] -- C:\divx
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.07.04 10:47:45 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.08.14 11:49:49 | 000,000,000 | ---D | M] -- C:\Downloads
[2009.04.28 09:11:03 | 000,000,000 | ---D | M] -- C:\Intel
[2009.09.19 13:16:19 | 000,000,000 | ---D | M] -- C:\KM900
[2011.07.14 13:05:52 | 000,000,000 | ---D | M] -- C:\Neuer Ordner
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.07 12:45:46 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.04 13:27:35 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.07.04 10:47:45 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.03.11 13:28:37 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.11.04 08:18:29 | 000,000,000 | ---D | M] -- C:\SAP
[2010.07.27 09:46:40 | 000,000,000 | ---D | M] -- C:\swsetup
[2012.01.07 14:01:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.11.30 09:21:26 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.06 10:37:34 | 000,000,000 | ---D | M] -- C:\Windows
[2010.04.22 19:29:06 | 000,000,000 | ---D | M] -- C:\Windows.old
[2011.07.15 11:29:50 | 000,000,000 | ---D | M] -- C:\WinSetupFromUSB

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >


< MD5 for: AFD.SYS >
[2011.04.25 03:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2010.11.20 09:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys
[2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011.04.25 03:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011.04.25 04:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2009.07.14 00:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
[2008.04.14 07:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\Neuer Ordner\I386\REGEDIT.EXE
[2008.04.14 07:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\Users\****\Desktop\Neuer Ordner\I386\REGEDIT.EXE

< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WININIT.EXE >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-06 09:42:36

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:15D5AA51
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP31BE97C
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:260575F1

< End of report >




Ich danke euch schonmal im Voraus für eure Hilfe!
Angehängte Dateien
Dateityp: zip gmer.zip (1,3 KB, 62x aufgerufen)

Alt 07.01.2012, 16:57   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten! - Standard

Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten!



Zitat:
Was kann das sein?
Können wir die nicht sagen weil das Log von Malwarebytes nicht gepostet wurde

Immer alle Logs davon posten!!

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 07.01.2012, 17:19   #3
Cam´ron
 
Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten! - Standard

Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten!



Hier die MB Logs:

Code:
ATTFilter
 Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8096

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

06.11.2011 12:46:27
mbam-log-2011-11-06 (12-46-27).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 174890
Laufzeit: 6 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Code:
ATTFilter
 Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8096

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

07.11.2011 22:14:23
mbam-log-2011-11-07 (22-14-23).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 176182
Laufzeit: 8 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Code:
ATTFilter
 Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8251

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

27.11.2011 11:29:19
mbam-log-2011-11-27 (11-29-19).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 174413
Laufzeit: 6 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.07.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jan :: JAN-PC [Administrator]

Schutz: Aktiviert

07.01.2012 12:43:02
mbam-log-2012-01-07 (12-43-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 0
Laufzeit: 5 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.07.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jan :: JAN-PC [Administrator]

Schutz: Aktiviert

07.01.2012 15:25:01
mbam-log-2012-01-07 (15-25-01).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 370937
Laufzeit: 1 Stunde(n), 33 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
__________________

Alt 07.01.2012, 17:22   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten! - Standard

Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten!



Ah, das scheint von vShare TV Plugin zu sein. Haste sowas installiert (gehabt)?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.01.2012, 17:29   #5
Cam´ron
 
Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten! - Standard

Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten!



ist gut möglich aber wäre dann schon länger her. Deswegen erscheint es mir auch komisch, dass MB es erst jetzt anzeigt. wie sieht es mit meinem OTL log aus kannst du mir dazu was sagen ob der sauber ist?


Alt 07.01.2012, 17:49   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten! - Standard

Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten!



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
--> Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten!

Alt 08.01.2012, 12:33   #7
Cam´ron
 
Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten! - Standard

Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten!



Hiho..

also ich will mich bis hierhin ersteinmal recht herzlich für die strukturierte Hilfe bedanken. Es ist sicherlich nicht selbstverständlich, dass hier freiwillig so viel Zeit für die Pc Wehwechen anderer eingesetzt wird.

Der Virenscan kommt, habe ihn leider unterschätzt läuft jetzt schon 2.5h und kein Ende in Sicht .

Alt 08.01.2012, 14:21   #8
Cam´ron
 
Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten! - Standard

Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten!



Hmm und das ist alles ? ... ESEt hat 5mal win32/toolbar linkury als infiziert entdeckt sonst nichts.

Code:
ATTFilter
 ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
         

Alt 08.01.2012, 17:15   #9
Cam´ron
 
Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten! - Standard

Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten!



Sorry ... habs das erstemal ohne Adminrechte ausgeführt... hier das ausführliche LOG.

Code:
ATTFilter
 ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a18822e12e657243813aeb9350fb5e86
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-08 03:57:51
# local_time=2012-01-08 04:57:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 100 507665 101540849 8045 0
# compatibility_mode=5893 16776573 100 94 19917 77660333 0 0
# compatibility_mode=8192 67108863 100 0 77196 77196 0 0
# scanned=184365
# found=5
# cleaned=0
# scan_time=9128
C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_5.dll	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_6.dll	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_7.dll	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Users\****\AppData\Roaming\OpenCandy\1489F122F0C64AD99FB499332F35AE4B\LinkuryInstaller.msi	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
C:\Windows\Installer\f174e7.msi	Win32/Toolbar.Linkury application (unable to clean)	00000000000000000000000000000000	I
         

Alt 08.01.2012, 21:05   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten! - Standard

Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten!



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.01.2012, 21:27   #11
Cam´ron
 
Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten! - Standard

Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten!



Hier der aktuelle Log::

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.01.2012 21:09:54 - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\**** \Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 73,86% Memory free
5,93 Gb Paging File | 4,96 Gb Available in Paging File | 83,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40,09 Gb Total Space | 7,81 Gb Free Space | 19,48% Space Free | Partition Type: NTFS
Drive D: | 245,00 Gb Total Space | 25,27 Gb Free Space | 10,31% Space Free | Partition Type: NTFS
 
Computer Name: **** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Users\**** \Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - D:\Programme\WINRAR\RarExt.dll ()
MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Microsoft Office Groove Audit Service) -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.26 12:01:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.12.01 12:55:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**** \AppData\Roaming\mozilla\Extensions
[2011.12.26 12:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.17 06:09:01 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.17 02:38:42 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011.12.17 02:25:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.17 02:38:42 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011.12.17 02:38:42 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011.12.17 02:38:42 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GrooveMonitor] D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\OFFICE~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Games\poker2\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - D:\Games\poker\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 78.42.43.62 82.212.62.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B11D610-01F6-4AAB-B0AF-233A52D16215}: DhcpNameServer = 192.168.0.1 78.42.43.62 82.212.62.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1161126A-9E83-4B0A-8005-392BF17A62E6}: DhcpNameServer = 192.168.0.1 78.42.43.62 82.212.62.62
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Programme\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Programme\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8222de6c-5002-11df-ba60-001377febcec}\Shell - "" = AutoRun
O33 - MountPoints2\{8222de6c-5002-11df-ba60-001377febcec}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{eee052c5-306c-11df-9967-001377febcec}\Shell - "" = AutoRun
O33 - MountPoints2\{eee052c5-306c-11df-9967-001377febcec}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: hpqSRMon - hkey= - key= - C:\Programme\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig - StartUpReg: Linkury Chrome Smartbar - hkey= - key= - C:\Program Files\Linkury\Linkury.exe (Linkury)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: nmapp - hkey= - key= -  File not found
MsConfig - StartUpReg: nmctxth - hkey= - key= -  File not found
MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.07 17:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.01.07 13:03:55 | 000,000,000 | ---D | C] -- C:\Users\**** \Desktop\backups
[2012.01.07 12:59:28 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\**** \Desktop\HiJackThis204.exe
[2012.01.04 13:35:58 | 001,076,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.01.04 13:35:57 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.01.04 13:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012.01.04 13:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012.01.04 13:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012.01.03 21:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter
[2012.01.03 21:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Free M4a to MP3 Converter
[2012.01.02 18:46:35 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2012.01.02 18:46:31 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2012.01.02 18:46:30 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2012.01.02 18:45:53 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2012.01.02 18:45:53 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2012.01.02 18:45:52 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2012.01.02 18:45:52 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2012.01.02 18:45:52 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2012.01.02 18:45:52 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2012.01.02 18:45:50 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012.01.02 18:45:49 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.01.02 18:45:45 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2012.01.02 18:45:44 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012.01.02 18:45:42 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2012.01.02 18:45:42 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2012.01.02 18:44:56 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2012.01.02 18:42:03 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2012.01.02 18:34:26 | 000,000,000 | ---D | C] -- C:\Users\**** \AppData\Local\WindowsUpdate
[2011.12.18 15:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARIS Business Performance Edition
[2011.12.18 15:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\ARIS7.1
[2011.12.18 13:59:30 | 000,000,000 | ---D | C] -- C:\Users\**** \Desktop\ARIS710_PLATFORM_501900
[2011.12.16 16:32:14 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.16 16:32:13 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.12.16 16:32:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.16 16:32:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.16 16:32:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.16 16:32:09 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.16 08:26:31 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.16 08:26:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.16 08:26:16 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.16 08:26:15 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.16 08:26:13 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.16 08:26:12 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\**** \Desktop\*.tmp files -> C:\Users\**** \Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.08 20:58:04 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.08 20:50:18 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.08 20:50:18 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.08 20:42:59 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.08 20:42:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.08 20:42:37 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.07 15:08:34 | 000,001,284 | ---- | M] () -- C:\Users\**** \Desktop\gmer.zip
[2012.01.07 13:53:20 | 000,000,020 | ---- | M] () -- C:\Users\**** \defogger_reenable
[2012.01.07 13:51:18 | 000,302,592 | ---- | M] () -- C:\Users\**** \Desktop\v7h3t9bo.exe
[2012.01.07 13:51:10 | 000,050,477 | ---- | M] () -- C:\Users\**** \Desktop\Defogger.exe
[2012.01.07 12:59:28 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\**** \Desktop\HiJackThis204.exe
[2012.01.07 11:55:25 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.07 11:55:25 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.07 11:55:25 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.07 11:55:25 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.04 13:26:51 | 002,086,240 | ---- | M] () -- C:\Users\**** \Desktop\SecurityTaskManager_Setup.exe
[2012.01.03 21:49:24 | 000,001,027 | ---- | M] () -- C:\Users\**** \Desktop\Free M4a to MP3 Converter.lnk
[2012.01.03 12:54:49 | 003,477,536 | ---- | M] () -- C:\Users\**** \Desktop\WRT160Nv3_0_03_003.code1.bin
[2012.01.03 12:13:35 | 000,416,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.26 12:14:37 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.12.26 12:01:17 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.12.18 15:14:45 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\ARIS Business Architect 7.1.lnk
[2011.12.18 15:12:29 | 000,021,617 | ---- | M] () -- C:\Windows\System32\drivers\etc\services
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\**** \Desktop\*.tmp files -> C:\Users\**** \Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.07 15:08:34 | 000,001,284 | ---- | C] () -- C:\Users\**** \Desktop\gmer.zip
[2012.01.07 13:53:06 | 000,000,020 | ---- | C] () -- C:\Users\**** \defogger_reenable
[2012.01.07 13:51:18 | 000,302,592 | ---- | C] () -- C:\Users\**** \Desktop\v7h3t9bo.exe
[2012.01.07 13:51:10 | 000,050,477 | ---- | C] () -- C:\Users\**** \Desktop\Defogger.exe
[2012.01.04 13:26:50 | 002,086,240 | ---- | C] () -- C:\Users\**** \Desktop\SecurityTaskManager_Setup.exe
[2012.01.03 21:49:24 | 000,001,027 | ---- | C] () -- C:\Users\**** \Desktop\Free M4a to MP3 Converter.lnk
[2012.01.03 12:54:49 | 003,477,536 | ---- | C] () -- C:\Users\**** \Desktop\WRT160Nv3_0_03_003.code1.bin
[2011.12.26 12:14:37 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.12.26 12:01:17 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.12.18 15:14:45 | 000,002,124 | ---- | C] () -- C:\Users\Public\Desktop\ARIS Business Architect 7.1.lnk
[2011.11.03 19:26:42 | 001,064,960 | ---- | C] () -- C:\Windows\System32\h5krnl32.dll
[2011.11.03 19:26:42 | 000,188,928 | ---- | C] () -- C:\Windows\System32\h5icon32.dll
[2011.11.03 19:26:42 | 000,175,616 | ---- | C] () -- C:\Windows\System32\h5menu32.dll
[2011.11.03 19:26:42 | 000,095,744 | ---- | C] () -- C:\Windows\System32\h5rtf32.dll
[2011.11.03 19:26:42 | 000,051,200 | ---- | C] () -- C:\Windows\System32\h5tool32.dll
[2011.05.31 20:41:40 | 000,000,000 | ---- | C] () -- C:\Users\**** \AppData\Local\{09C41884-1F45-41E1-8676-A7BCD1DF561F}
[2010.11.27 01:20:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.25 01:47:52 | 000,000,614 | ---- | C] () -- C:\Windows\eReg.dat
[2010.04.24 19:56:04 | 000,000,273 | ---- | C] () -- C:\Windows\game.ini
[2010.03.21 19:13:45 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.03.16 18:54:10 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb
[2010.03.16 18:49:09 | 000,000,133 | ---- | C] () -- C:\Users\**** \AppData\Roaming\burnaware.ini
[2010.03.16 09:13:28 | 000,226,695 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010.03.16 09:13:28 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2010.03.11 13:11:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.09.30 04:14:28 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.09.30 04:14:28 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.09.30 04:14:28 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.09.30 04:14:28 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,416,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.02.18 17:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.02.03 20:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.03.14 19:26:07 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\Adobe
[2010.03.15 20:26:18 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\Alle meine Passworte
[2010.11.03 23:30:15 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\Apple Computer
[2011.07.16 22:49:28 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\avidemux
[2010.03.16 18:38:07 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\Canneverbe Limited
[2010.04.25 01:37:52 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\DAEMON Tools Lite
[2011.10.20 18:46:18 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\dvdcss
[2010.03.26 17:01:56 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\GetRightToGo
[2010.03.24 08:51:14 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\HP
[2011.12.19 14:10:22 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\ICQ
[2010.03.11 13:29:01 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\Identities
[2010.03.11 14:16:34 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\Macromedia
[2010.11.05 14:43:30 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\Malwarebytes
[2009.07.14 08:48:18 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\Media Center Programs
[2011.10.14 19:50:12 | 000,000,000 | --SD | M] -- C:\Users\**** \AppData\Roaming\Microsoft
[2011.11.21 20:24:20 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\mIRC
[2011.12.01 12:55:00 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\Mozilla
[2010.03.19 16:04:02 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\NCH Software
[2010.03.23 13:53:26 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\NCH Swift Sound
[2011.11.06 15:26:55 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\OpenCandy
[2010.05.25 17:05:01 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\Opera
[2011.01.12 15:26:39 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\pschmid.net
[2011.12.22 16:02:11 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\SAP
[2011.04.12 22:57:05 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\Skype
[2011.04.12 21:01:32 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\skypePM
[2010.03.23 13:54:34 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\streamripper
[2011.01.25 22:34:49 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\TS3Client
[2012.01.08 17:14:57 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\vlc
[2010.03.11 13:45:46 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\winamp
[2010.03.16 13:34:45 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\winamp)
[2010.03.13 23:16:33 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.03.21 19:15:07 | 000,010,134 | R--- | M] () -- C:\Users\**** \AppData\Roaming\Microsoft\Installer\{3EB37B26-432C-467C-9FBC-9BDA0E6FBDD7}\ARPPRODUCTICON.exe
[2010.12.28 12:06:33 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\**** \AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2011.11.06 15:27:06 | 005,750,064 | ---- | M] () -- C:\Users\**** \AppData\Roaming\OpenCandy\1489F122F0C64AD99FB499332F35AE4B\LinkuryInstaller_p1v6.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2011.06.14 19:26:00 | 017,826,376 | ---- | M] () .cab file -- C:\Neuer Ordner\I386\sp3.cab:AGP440.sys
[2011.06.14 19:26:00 | 017,826,376 | ---- | M] () .cab file -- C:\Users\**** \Desktop\Neuer Ordner\I386\sp3.cab:AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2011.06.14 19:26:00 | 017,826,376 | ---- | M] () .cab file -- C:\Neuer Ordner\I386\sp3.cab:atapi.sys
[2011.06.14 19:26:00 | 017,826,376 | ---- | M] () .cab file -- C:\Users\**** \Desktop\Neuer Ordner\I386\sp3.cab:atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:15D5AA51
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D31BE97C
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:260575F1

< End of report >
         
--- --- ---
[/code]

Alt 08.01.2012, 22:03   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten! - Standard

Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten!



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8222de6c-5002-11df-ba60-001377febcec}\Shell - "" = AutoRun
O33 - MountPoints2\{8222de6c-5002-11df-ba60-001377febcec}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{eee052c5-306c-11df-9967-001377febcec}\Shell - "" = AutoRun
O33 - MountPoints2\{eee052c5-306c-11df-9967-001377febcec}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:15D5AA51
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D31BE97C
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:260575F1
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.01.2012, 22:20   #13
Cam´ron
 
Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten! - Standard

Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten!



Und hier der neue Log :

Code:
ATTFilter
 All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8222de6c-5002-11df-ba60-001377febcec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8222de6c-5002-11df-ba60-001377febcec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8222de6c-5002-11df-ba60-001377febcec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8222de6c-5002-11df-ba60-001377febcec}\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eee052c5-306c-11df-9967-001377febcec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eee052c5-306c-11df-9967-001377febcec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eee052c5-306c-11df-9967-001377febcec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eee052c5-306c-11df-9967-001377febcec}\ not found.
File I:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\LaunchU3.exe -a not found.
ADS C:\ProgramData\TEMP:15D5AA51 deleted successfully.
ADS C:\ProgramData\TEMP:D31BE97C deleted successfully.
ADS C:\ProgramData\TEMP:260575F1 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: FH
->Temp folder emptied: 13789485 bytes
->Temporary Internet Files folder emptied: 22237064 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 24417622 bytes
->Flash cache emptied: 4978 bytes
 
User: ****
->Temp folder emptied: 204178393 bytes
->Temporary Internet Files folder emptied: 226894608 bytes
->Java cache emptied: 9720888 bytes
->FireFox cache emptied: 213052942 bytes
->Opera cache emptied: 27369596 bytes
->Flash cache emptied: 727 bytes
 
User: Public
 
User: Xtix
->Temp folder emptied: 38577794 bytes
->Temporary Internet Files folder emptied: 2672011 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 12949987 bytes
->Flash cache emptied: 611 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 50752195 bytes
RecycleBin emptied: 2050325 bytes
 
Total Files Cleaned = 809,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01082012_221424

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 08.01.2012, 22:27   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten! - Standard

Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten!



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.01.2012, 22:37   #15
Cam´ron
 
Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten! - Standard

Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten!



Und weiter gehts

Code:
ATTFilter
 22:33:15.0846 3532	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
22:33:15.0911 3532	============================================================
22:33:15.0911 3532	Current date / time: 2012/01/08 22:33:15.0911
22:33:15.0911 3532	SystemInfo:
22:33:15.0911 3532	
22:33:15.0911 3532	OS Version: 6.1.7601 ServicePack: 1.0
22:33:15.0911 3532	Product type: Workstation
22:33:15.0913 3532	ComputerName: ***-PC
22:33:15.0913 3532	UserName: ****
22:33:15.0913 3532	Windows directory: C:\Windows
22:33:15.0913 3532	System windows directory: C:\Windows
22:33:15.0913 3532	Processor architecture: Intel x86
22:33:15.0913 3532	Number of processors: 2
22:33:15.0913 3532	Page size: 0x1000
22:33:15.0913 3532	Boot type: Normal boot
22:33:15.0913 3532	============================================================
22:33:17.0538 3532	Initialize success
22:34:00.0249 0984	============================================================
22:34:00.0249 0984	Scan started
22:34:00.0249 0984	Mode: Manual; SigCheck; TDLFS; 
22:34:00.0249 0984	============================================================
22:34:00.0814 0984	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
22:34:00.0931 0984	1394ohci - ok
22:34:00.0994 0984	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
22:34:01.0011 0984	ACPI - ok
22:34:01.0059 0984	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
22:34:01.0086 0984	AcpiPmi - ok
22:34:01.0206 0984	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:34:01.0226 0984	adp94xx - ok
22:34:01.0429 0984	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:34:01.0449 0984	adpahci - ok
22:34:01.0474 0984	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:34:01.0486 0984	adpu320 - ok
22:34:01.0561 0984	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
22:34:01.0679 0984	AFD - ok
22:34:01.0726 0984	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
22:34:01.0741 0984	agp440 - ok
22:34:01.0789 0984	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:34:01.0801 0984	aic78xx - ok
22:34:01.0901 0984	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
22:34:01.0919 0984	aliide - ok
22:34:01.0959 0984	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
22:34:01.0969 0984	amdagp - ok
22:34:02.0001 0984	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
22:34:02.0014 0984	amdide - ok
22:34:02.0111 0984	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:34:02.0181 0984	AmdK8 - ok
22:34:02.0214 0984	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:34:02.0241 0984	AmdPPM - ok
22:34:02.0289 0984	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
22:34:02.0301 0984	amdsata - ok
22:34:02.0331 0984	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:34:02.0344 0984	amdsbs - ok
22:34:02.0361 0984	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
22:34:02.0371 0984	amdxata - ok
22:34:02.0516 0984	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
22:34:02.0556 0984	AppID - ok
22:34:02.0601 0984	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:34:02.0614 0984	arc - ok
22:34:02.0636 0984	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:34:02.0649 0984	arcsas - ok
22:34:02.0691 0984	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:34:02.0824 0984	AsyncMac - ok
22:34:03.0034 0984	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
22:34:03.0046 0984	atapi - ok
22:34:03.0131 0984	athr            (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
22:34:03.0196 0984	athr - ok
22:34:03.0391 0984	atikmdag        (745c79700646c3f285cd09775618a04b) C:\Windows\system32\DRIVERS\atikmdag.sys
22:34:03.0521 0984	atikmdag - ok
22:34:03.0631 0984	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
22:34:03.0644 0984	avgio - ok
22:34:03.0769 0984	avgntflt        (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
22:34:03.0814 0984	avgntflt - ok
22:34:03.0839 0984	avipbb          (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys
22:34:03.0854 0984	avipbb - ok
22:34:03.0936 0984	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:34:03.0976 0984	b06bdrv - ok
22:34:04.0059 0984	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:34:04.0091 0984	b57nd60x - ok
22:34:04.0131 0984	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:34:04.0181 0984	Beep - ok
22:34:04.0221 0984	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:34:04.0261 0984	blbdrive - ok
22:34:04.0309 0984	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
22:34:04.0349 0984	bowser - ok
22:34:04.0384 0984	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:34:04.0429 0984	BrFiltLo - ok
22:34:04.0641 0984	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:34:04.0689 0984	BrFiltUp - ok
22:34:04.0726 0984	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:34:04.0759 0984	Brserid - ok
22:34:04.0791 0984	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:34:04.0819 0984	BrSerWdm - ok
22:34:04.0854 0984	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:34:04.0909 0984	BrUsbMdm - ok
22:34:04.0941 0984	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:34:04.0991 0984	BrUsbSer - ok
22:34:05.0019 0984	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:34:05.0059 0984	BTHMODEM - ok
22:34:05.0101 0984	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:34:05.0146 0984	cdfs - ok
22:34:05.0219 0984	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
22:34:05.0251 0984	cdrom - ok
22:34:05.0294 0984	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:34:05.0334 0984	circlass - ok
22:34:05.0384 0984	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:34:05.0399 0984	CLFS - ok
22:34:05.0469 0984	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:34:05.0496 0984	CmBatt - ok
22:34:05.0541 0984	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
22:34:05.0551 0984	cmdide - ok
22:34:05.0581 0984	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
22:34:05.0601 0984	CNG - ok
22:34:05.0624 0984	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:34:05.0634 0984	Compbatt - ok
22:34:05.0676 0984	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
22:34:05.0691 0984	CompositeBus - ok
22:34:05.0726 0984	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:34:05.0736 0984	crcdisk - ok
22:34:05.0816 0984	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
22:34:05.0874 0984	DfsC - ok
22:34:05.0896 0984	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:34:05.0946 0984	discache - ok
22:34:05.0991 0984	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:34:06.0004 0984	Disk - ok
22:34:06.0066 0984	Dot4            (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
22:34:06.0099 0984	Dot4 - ok
22:34:06.0221 0984	Dot4Print       (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
22:34:06.0281 0984	Dot4Print - ok
22:34:06.0366 0984	dot4usb         (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
22:34:06.0411 0984	dot4usb - ok
22:34:06.0526 0984	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:34:06.0556 0984	drmkaud - ok
22:34:06.0614 0984	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
22:34:06.0644 0984	DXGKrnl - ok
22:34:06.0774 0984	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:34:06.0864 0984	ebdrv - ok
22:34:06.0909 0984	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:34:06.0927 0984	elxstor - ok
22:34:06.0969 0984	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
22:34:06.0999 0984	ErrDev - ok
22:34:07.0042 0984	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:34:07.0089 0984	exfat - ok
22:34:07.0119 0984	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:34:07.0172 0984	fastfat - ok
22:34:07.0212 0984	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:34:07.0239 0984	fdc - ok
22:34:07.0269 0984	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:34:07.0282 0984	FileInfo - ok
22:34:07.0307 0984	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:34:07.0357 0984	Filetrace - ok
22:34:07.0389 0984	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:34:07.0424 0984	flpydisk - ok
22:34:07.0477 0984	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:34:07.0494 0984	FltMgr - ok
22:34:07.0524 0984	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:34:07.0537 0984	FsDepends - ok
22:34:07.0564 0984	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
22:34:07.0577 0984	Fs_Rec - ok
22:34:07.0642 0984	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
22:34:07.0659 0984	fvevol - ok
22:34:07.0729 0984	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:34:07.0744 0984	gagp30kx - ok
22:34:07.0829 0984	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:34:07.0859 0984	hcw85cir - ok
22:34:07.0917 0984	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
22:34:07.0954 0984	HdAudAddService - ok
22:34:08.0009 0984	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
22:34:08.0044 0984	HDAudBus - ok
22:34:08.0082 0984	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:34:08.0114 0984	HidBatt - ok
22:34:08.0149 0984	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:34:08.0192 0984	HidBth - ok
22:34:08.0232 0984	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:34:08.0259 0984	HidIr - ok
22:34:08.0322 0984	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
22:34:08.0359 0984	HidUsb - ok
22:34:08.0447 0984	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
22:34:08.0462 0984	HpSAMD - ok
22:34:08.0539 0984	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
22:34:08.0594 0984	HTTP - ok
22:34:08.0647 0984	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
22:34:08.0659 0984	hwpolicy - ok
22:34:08.0704 0984	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
22:34:08.0747 0984	i8042prt - ok
22:34:08.0809 0984	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
22:34:08.0827 0984	iaStorV - ok
22:34:08.0874 0984	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:34:08.0887 0984	iirsp - ok
22:34:08.0917 0984	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
22:34:08.0927 0984	intelide - ok
22:34:08.0969 0984	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:34:08.0984 0984	intelppm - ok
22:34:09.0182 0984	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:34:09.0239 0984	IpFilterDriver - ok
22:34:09.0287 0984	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
22:34:09.0302 0984	IPMIDRV - ok
22:34:09.0372 0984	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:34:09.0419 0984	IPNAT - ok
22:34:09.0459 0984	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:34:09.0499 0984	IRENUM - ok
22:34:09.0539 0984	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
22:34:09.0549 0984	isapnp - ok
22:34:09.0594 0984	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
22:34:09.0609 0984	iScsiPrt - ok
22:34:09.0664 0984	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
22:34:09.0682 0984	kbdclass - ok
22:34:09.0727 0984	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
22:34:09.0742 0984	kbdhid - ok
22:34:09.0797 0984	KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
22:34:09.0809 0984	KSecDD - ok
22:34:09.0849 0984	KSecPkg         (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
22:34:09.0862 0984	KSecPkg - ok
22:34:09.0907 0984	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:34:09.0962 0984	lltdio - ok
22:34:10.0017 0984	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:34:10.0029 0984	LSI_FC - ok
22:34:10.0059 0984	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:34:10.0072 0984	LSI_SAS - ok
22:34:10.0099 0984	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:34:10.0109 0984	LSI_SAS2 - ok
22:34:10.0297 0984	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:34:10.0312 0984	LSI_SCSI - ok
22:34:10.0352 0984	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:34:10.0397 0984	luafv - ok
22:34:10.0484 0984	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
22:34:10.0497 0984	MBAMProtector - ok
22:34:10.0564 0984	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:34:10.0577 0984	megasas - ok
22:34:10.0779 0984	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:34:10.0794 0984	MegaSR - ok
22:34:10.0842 0984	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:34:10.0907 0984	Modem - ok
22:34:10.0944 0984	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:34:10.0977 0984	monitor - ok
22:34:11.0034 0984	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
22:34:11.0049 0984	mouclass - ok
22:34:11.0082 0984	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:34:11.0114 0984	mouhid - ok
22:34:11.0167 0984	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
22:34:11.0179 0984	mountmgr - ok
22:34:11.0227 0984	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
22:34:11.0239 0984	mpio - ok
22:34:11.0257 0984	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:34:11.0307 0984	mpsdrv - ok
22:34:11.0382 0984	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
22:34:11.0424 0984	MRxDAV - ok
22:34:11.0582 0984	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:34:11.0624 0984	mrxsmb - ok
22:34:11.0667 0984	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:34:11.0682 0984	mrxsmb10 - ok
22:34:11.0724 0984	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:34:11.0739 0984	mrxsmb20 - ok
22:34:11.0784 0984	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
22:34:11.0799 0984	msahci - ok
22:34:11.0842 0984	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
22:34:11.0854 0984	msdsm - ok
22:34:11.0927 0984	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:34:11.0982 0984	Msfs - ok
22:34:12.0012 0984	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:34:12.0052 0984	mshidkmdf - ok
22:34:12.0099 0984	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
22:34:12.0112 0984	msisadrv - ok
22:34:12.0159 0984	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:34:12.0209 0984	MSKSSRV - ok
22:34:12.0239 0984	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:34:12.0284 0984	MSPCLOCK - ok
22:34:12.0317 0984	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:34:12.0349 0984	MSPQM - ok
22:34:12.0379 0984	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:34:12.0392 0984	MsRPC - ok
22:34:12.0419 0984	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
22:34:12.0429 0984	mssmbios - ok
22:34:12.0614 0984	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:34:12.0659 0984	MSTEE - ok
22:34:12.0859 0984	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:34:12.0902 0984	MTConfig - ok
22:34:12.0924 0984	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:34:12.0934 0984	Mup - ok
22:34:12.0984 0984	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:34:13.0004 0984	NativeWifiP - ok
22:34:13.0079 0984	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
22:34:13.0102 0984	NDIS - ok
22:34:13.0127 0984	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:34:13.0172 0984	NdisCap - ok
22:34:13.0212 0984	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:34:13.0262 0984	NdisTapi - ok
22:34:13.0319 0984	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
22:34:13.0367 0984	Ndisuio - ok
22:34:13.0422 0984	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
22:34:13.0472 0984	NdisWan - ok
22:34:13.0519 0984	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
22:34:13.0574 0984	NDProxy - ok
22:34:13.0649 0984	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:34:13.0707 0984	NetBIOS - ok
22:34:13.0759 0984	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
22:34:13.0817 0984	NetBT - ok
22:34:13.0902 0984	netr28u         (9067a7689d108c4f15ed2fcf2c572b5c) C:\Windows\system32\DRIVERS\netr28u.sys
22:34:13.0922 0984	netr28u - ok
22:34:13.0982 0984	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:34:13.0994 0984	nfrd960 - ok
22:34:14.0029 0984	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:34:14.0077 0984	Npfs - ok
22:34:14.0107 0984	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:34:14.0159 0984	nsiproxy - ok
22:34:14.0242 0984	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
22:34:14.0274 0984	Ntfs - ok
22:34:14.0292 0984	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:34:14.0344 0984	Null - ok
22:34:14.0397 0984	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
22:34:14.0409 0984	nvraid - ok
22:34:14.0444 0984	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
22:34:14.0457 0984	nvstor - ok
22:34:14.0509 0984	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
22:34:14.0524 0984	nv_agp - ok
22:34:14.0737 0984	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
22:34:14.0772 0984	ohci1394 - ok
22:34:14.0832 0984	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:34:14.0874 0984	Parport - ok
22:34:14.0927 0984	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
22:34:14.0939 0984	partmgr - ok
22:34:15.0049 0984	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:34:15.0084 0984	Parvdm - ok
22:34:15.0137 0984	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
22:34:15.0149 0984	pci - ok
22:34:15.0184 0984	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
22:34:15.0197 0984	pciide - ok
22:34:15.0234 0984	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:34:15.0249 0984	pcmcia - ok
22:34:15.0272 0984	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:34:15.0284 0984	pcw - ok
22:34:15.0322 0984	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:34:15.0384 0984	PEAUTH - ok
22:34:15.0492 0984	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:34:15.0632 0984	PptpMiniport - ok
22:34:15.0662 0984	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:34:15.0692 0984	Processor - ok
22:34:15.0737 0984	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:34:15.0799 0984	Psched - ok
22:34:15.0894 0984	PSI             (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
22:34:15.0907 0984	PSI - ok
22:34:15.0967 0984	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:34:15.0999 0984	ql2300 - ok
22:34:16.0032 0984	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:34:16.0044 0984	ql40xx - ok
22:34:16.0072 0984	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:34:16.0087 0984	QWAVEdrv - ok
22:34:16.0184 0984	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:34:16.0234 0984	RasAcd - ok
22:34:16.0297 0984	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:34:16.0334 0984	RasAgileVpn - ok
22:34:16.0359 0984	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:34:16.0387 0984	Rasl2tp - ok
22:34:16.0434 0984	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:34:16.0479 0984	RasPppoe - ok
22:34:16.0502 0984	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:34:16.0552 0984	RasSstp - ok
22:34:16.0602 0984	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
22:34:16.0669 0984	rdbss - ok
22:34:16.0854 0984	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:34:16.0872 0984	rdpbus - ok
22:34:16.0919 0984	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:34:16.0967 0984	RDPCDD - ok
22:34:17.0002 0984	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:34:17.0027 0984	RDPENCDD - ok
22:34:17.0052 0984	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:34:17.0097 0984	RDPREFMP - ok
22:34:17.0159 0984	RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
22:34:17.0202 0984	RDPWD - ok
22:34:17.0264 0984	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
22:34:17.0279 0984	rdyboost - ok
22:34:17.0329 0984	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:34:17.0377 0984	rspndr - ok
22:34:17.0462 0984	SABI            (6e5fbb7cbaec47038b945d5e9b144a64) C:\Windows\system32\Drivers\SABI.sys
22:34:17.0472 0984	SABI - ok
22:34:17.0509 0984	SANDRA - ok
22:34:17.0569 0984	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
22:34:17.0582 0984	sbp2port - ok
22:34:17.0634 0984	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
22:34:17.0674 0984	scfilter - ok
22:34:17.0747 0984	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:34:17.0804 0984	secdrv - ok
22:34:17.0879 0984	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:34:17.0904 0984	Serenum - ok
22:34:17.0949 0984	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:34:17.0964 0984	Serial - ok
22:34:18.0009 0984	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:34:18.0042 0984	sermouse - ok
22:34:18.0152 0984	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
22:34:18.0172 0984	sffdisk - ok
22:34:18.0214 0984	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
22:34:18.0239 0984	sffp_mmc - ok
22:34:18.0287 0984	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
22:34:18.0317 0984	sffp_sd - ok
22:34:18.0352 0984	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:34:18.0379 0984	sfloppy - ok
22:34:18.0422 0984	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
22:34:18.0434 0984	sisagp - ok
22:34:18.0502 0984	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:34:18.0517 0984	SiSRaid2 - ok
22:34:18.0549 0984	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:34:18.0562 0984	SiSRaid4 - ok
22:34:18.0612 0984	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:34:18.0654 0984	Smb - ok
22:34:18.0702 0984	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:34:18.0712 0984	spldr - ok
22:34:18.0777 0984	sptd - ok
22:34:18.0824 0984	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
22:34:18.0862 0984	srv - ok
22:34:18.0917 0984	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
22:34:18.0949 0984	srv2 - ok
22:34:18.0972 0984	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
22:34:19.0004 0984	srvnet - ok
22:34:19.0062 0984	ssmdrv          (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:34:19.0074 0984	ssmdrv - ok
22:34:19.0107 0984	StarOpen - ok
22:34:19.0174 0984	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:34:19.0184 0984	stexstor - ok
22:34:19.0227 0984	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
22:34:19.0239 0984	swenum - ok
22:34:19.0319 0984	Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
22:34:19.0352 0984	Tcpip - ok
22:34:19.0394 0984	TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
22:34:19.0424 0984	TCPIP6 - ok
22:34:19.0482 0984	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
22:34:19.0542 0984	tcpipreg - ok
22:34:19.0597 0984	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
22:34:19.0637 0984	TDPIPE - ok
22:34:19.0677 0984	TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
22:34:19.0722 0984	TDTCP - ok
22:34:19.0767 0984	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
22:34:19.0797 0984	tdx - ok
22:34:19.0837 0984	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
22:34:19.0852 0984	TermDD - ok
22:34:19.0892 0984	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:34:19.0934 0984	tssecsrv - ok
22:34:20.0009 0984	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
22:34:20.0037 0984	TsUsbFlt - ok
22:34:20.0109 0984	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
22:34:20.0137 0984	tunnel - ok
22:34:20.0189 0984	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:34:20.0202 0984	uagp35 - ok
22:34:20.0249 0984	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
22:34:20.0294 0984	udfs - ok
22:34:20.0362 0984	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
22:34:20.0374 0984	uliagpkx - ok
22:34:20.0437 0984	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
22:34:20.0474 0984	umbus - ok
22:34:20.0519 0984	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:34:20.0554 0984	UmPass - ok
22:34:20.0774 0984	USBAAPL         (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
22:34:20.0782 0984	USBAAPL ( UnsignedFile.Multi.Generic ) - warning
22:34:20.0782 0984	USBAAPL - detected UnsignedFile.Multi.Generic (1)
22:34:20.0837 0984	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
22:34:21.0037 0984	usbccgp - ok
22:34:21.0249 0984	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
22:34:21.0292 0984	usbcir - ok
22:34:21.0322 0984	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
22:34:21.0354 0984	usbehci - ok
22:34:21.0397 0984	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
22:34:21.0412 0984	usbhub - ok
22:34:21.0439 0984	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
22:34:21.0462 0984	usbohci - ok
22:34:21.0522 0984	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:34:21.0562 0984	usbprint - ok
22:34:21.0634 0984	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
22:34:21.0694 0984	usbscan - ok
22:34:21.0744 0984	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:34:21.0779 0984	USBSTOR - ok
22:34:21.0809 0984	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
22:34:21.0822 0984	usbuhci - ok
22:34:21.0887 0984	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
22:34:21.0909 0984	usbvideo - ok
22:34:21.0969 0984	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
22:34:21.0979 0984	vdrvroot - ok
22:34:22.0039 0984	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:34:22.0089 0984	vga - ok
22:34:22.0114 0984	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:34:22.0144 0984	VgaSave - ok
22:34:22.0352 0984	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
22:34:22.0364 0984	vhdmp - ok
22:34:22.0412 0984	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
22:34:22.0422 0984	viaagp - ok
22:34:22.0447 0984	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:34:22.0484 0984	ViaC7 - ok
22:34:22.0534 0984	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
22:34:22.0547 0984	viaide - ok
22:34:22.0589 0984	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
22:34:22.0602 0984	volmgr - ok
22:34:22.0634 0984	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:34:22.0649 0984	volmgrx - ok
22:34:22.0699 0984	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
22:34:22.0714 0984	volsnap - ok
22:34:22.0762 0984	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:34:22.0774 0984	vsmraid - ok
22:34:22.0804 0984	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
22:34:22.0837 0984	vwifibus - ok
22:34:22.0872 0984	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
22:34:22.0912 0984	vwififlt - ok
22:34:22.0952 0984	vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
22:34:22.0984 0984	vwifimp - ok
22:34:23.0017 0984	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:34:23.0044 0984	WacomPen - ok
22:34:23.0107 0984	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:34:23.0149 0984	WANARP - ok
22:34:23.0154 0984	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:34:23.0182 0984	Wanarpv6 - ok
22:34:23.0224 0984	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:34:23.0237 0984	Wd - ok
22:34:23.0262 0984	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:34:23.0282 0984	Wdf01000 - ok
22:34:23.0334 0984	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:34:23.0362 0984	WfpLwf - ok
22:34:23.0387 0984	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:34:23.0399 0984	WIMMount - ok
22:34:23.0467 0984	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
22:34:23.0482 0984	WinUsb - ok
22:34:23.0517 0984	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
22:34:23.0554 0984	WmiAcpi - ok
22:34:23.0599 0984	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:34:23.0639 0984	ws2ifsl - ok
22:34:23.0704 0984	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
22:34:23.0747 0984	WudfPf - ok
22:34:23.0797 0984	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:34:23.0839 0984	WUDFRd - ok
22:34:23.0919 0984	yukonw7         (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
22:34:23.0937 0984	yukonw7 - ok
22:34:23.0992 0984	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:34:24.0217 0984	\Device\Harddisk0\DR0 - ok
22:34:24.0222 0984	Boot (0x1200)   (ca262f3f563ef38db9441f143d556f6e) \Device\Harddisk0\DR0\Partition0
22:34:24.0224 0984	\Device\Harddisk0\DR0\Partition0 - ok
22:34:24.0274 0984	Boot (0x1200)   (10108195033f5902dacd078f9f60e81e) \Device\Harddisk0\DR0\Partition1
22:34:24.0274 0984	\Device\Harddisk0\DR0\Partition1 - ok
22:34:24.0277 0984	============================================================
22:34:24.0277 0984	Scan finished
22:34:24.0277 0984	============================================================
22:34:24.0289 3720	Detected object count: 1
22:34:24.0289 3720	Actual detected object count: 1
22:36:13.0693 3720	USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
22:36:13.0693 3720	USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Antwort

Themen zu Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten!
78.42.43.62, alternate, auswerten, autorun, avira, bho, defender, error, firefox, format, helper, hijack, hijackthis, home, infizierte, linkury, logfile, mbamservice.exe, mp3, object, problem, pup.vshareredir, registry, required, rundll, scan, secunia psi, security, senden, smartbar, software, taskhost.exe, webcheck, windows



Ähnliche Themen: Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten!


  1. LogFile MalwareBytes, Problem: "Search Assistant"
    Log-Analyse und Auswertung - 17.02.2014 (11)
  2. Malwarebytes bereibigt "PUP.Optional.xxx.A", aber AdwCleaner findet noch was in der Registry
    Log-Analyse und Auswertung - 14.10.2013 (13)
  3. Malwarebytes findet 2 Infektionen "PUP.optional"
    Log-Analyse und Auswertung - 19.09.2013 (3)
  4. ESET findet "multiple threats" trotz grünem Licht von MalwareBytes, AdwCleaner und JRT
    Plagegeister aller Art und deren Bekämpfung - 23.07.2013 (11)
  5. Malwarebytes findet 18 infizierte Dateien: Pup.VShareRedir - was tun?
    Plagegeister aller Art und deren Bekämpfung - 11.02.2013 (10)
  6. Malwarebytes findet "Trojan.Agent" - dieser ist aber nach löschen jedesmal wieder da
    Plagegeister aller Art und deren Bekämpfung - 01.01.2013 (14)
  7. MalwareBytes findet "PUP.VShareRedir"
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (3)
  8. Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix ..
    Plagegeister aller Art und deren Bekämpfung - 27.10.2012 (10)
  9. Langsame Internetverbindung, MalwareBytes liefert "pup.vshareredir"
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (17)
  10. malwarebytes findet 42 "PUP.Blabblers" Viren beim Vollscan
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (1)
  11. Mit BKA-Trojaner infiziert. Malwarebytes hat "PUP.VShareRedir" gefunden.
    Log-Analyse und Auswertung - 08.03.2012 (11)
  12. Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir"
    Log-Analyse und Auswertung - 27.02.2012 (25)
  13. Malwarebytes Logfile: Infizierte File "Rogue.ControlCenter" - was ist das? Bitte um Hilfe!
    Log-Analyse und Auswertung - 03.11.2011 (14)
  14. Malwarebytes Antimalware findet "Trojan.Agent", MBAM/OTL Logs mit dabei
    Log-Analyse und Auswertung - 24.06.2011 (1)
  15. Malwarebytes findet "tyrdwirh.sys" und kann diese nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 25.01.2010 (1)
  16. "TR/Dropper.Gen" wütet im "Eigene Dateien"-Ordner, Hijackthis bitte auswerten!
    Log-Analyse und Auswertung - 10.09.2009 (9)
  17. Logfile auswerten + Fehlerbehebung: "icq hat Problem festgestellt, beendet werden"
    Log-Analyse und Auswertung - 18.07.2008 (0)

Zum Thema Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten! - Guten Tag an alle, habe ein Problem Malwarebytes identifiziert PUP.VShareRedir als infizierte Regdatei. Was kann das sein? Was kann ich tun? ... Ich nutze Windows 7 SP1 und habe als - Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten!...
Archiv
Du betrachtest: Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.