Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 22.02.2012, 21:44   #1
Soapace
 
Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" - Standard

Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir"



Wenn man bei firefox im toolbar integrieten google search was sucht wird man automatisch zu search.searchcompletion.com geleitet. Laut google ist die seite auch mit einem virus verbunden das heimlich auf dem computer installiert wird.

Malwarebytes hat zwei infizierte dateien ausgespuckt:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.

Die aktuelle log datei lautet:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.22.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ich :: ICH-PC [Administrator]

Schutz: Aktiviert

22.02.2012 21:04:10
mbam-log-2012-02-22 (21-08-06).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 200755
Laufzeit: 1 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 22.02.2012, 22:19   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" - Standard

Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir"



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 23.02.2012, 18:39   #3
Soapace
 
Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" - Standard

Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir"



Scan hat ca 19 stunden gedauert aber nichts gefunden.

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3bb0987299cd0c4fa5d247603db6a5ab
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-23 05:25:41
# local_time=2012-02-23 06:25:41 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=768 16777215 100 0 37250267 37250267 0 0
# compatibility_mode=5893 16776574 100 94 86029 81579875 0 0
# compatibility_mode=8192 67108863 100 0 4602 4602 0 0
# scanned=709890
# found=0
# cleaned=0
# scan_time=67916
         
__________________

Alt 23.02.2012, 20:56   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" - Standard

Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir"



Was ist mit dem Vollscan mit Malwarebytes?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.02.2012, 21:30   #5
Soapace
 
Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" - Standard

Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir"



Sind die infizierten windows datei wichtig fürs system?

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.22.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ich :: ICH-PC [Administrator]

Schutz: Aktiviert

22.02.2012 21:09:14
mbam-log-2012-02-22 (22-16-53).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 575651
Laufzeit: 53 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         


Geändert von Soapace (23.02.2012 um 21:44 Uhr)

Alt 23.02.2012, 21:50   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" - Standard

Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir"



Zitat:
Keine Aktion durchgeführt.
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!
__________________
--> Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir"

Alt 23.02.2012, 22:09   #7
Soapace
 
Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" - Standard

Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir"



Dateien wurden jetzt mit WB gelöscht. Man wird aber über den google toolbar noch immer zu search.searchcompletion.com geleitet.

Alt 23.02.2012, 22:16   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" - Standard

Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir"



Ja wir sind ja auch noch nicht durch hier

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.02.2012, 23:19   #9
Soapace
 
Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" - Standard

Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir"



Nach einer Neuinstallation von firefox scheint der google toolbar nicht mehr falsch weiterzuleiten

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.02.2012 22:51:59 - Run 1
OTL by OldTimer - Version 3.2.33.2     Folder = C:\Users\Ich\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
16,00 Gb Total Physical Memory | 14,04 Gb Available Physical Memory | 87,78% Memory free
31,99 Gb Paging File | 29,93 Gb Available in Paging File | 93,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 162,56 Gb Total Space | 80,31 Gb Free Space | 49,40% Space Free | Partition Type: NTFS
Drive D: | 303,10 Gb Total Space | 234,81 Gb Free Space | 77,47% Space Free | Partition Type: NTFS
Drive E: | 1,81 Gb Total Space | 0,42 Gb Free Space | 23,22% Space Free | Partition Type: FAT
Drive G: | 14,44 Gb Total Space | 11,10 Gb Free Space | 76,84% Space Free | Partition Type: FAT32
Drive H: | 149,05 Gb Total Space | 11,73 Gb Free Space | 7,87% Space Free | Partition Type: NTFS
Drive X: | 4,06 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ICH-PC | User Name: Ich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ich\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\afwServ.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\D-Link\DWA-131 revA\wirelesscm.exe (D-Link Corp.)
PRC - C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe ()
PRC - C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe ()
PRC - C:\Program Files (x86)\KatMouse\KatMouse.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\D-Link\DWA-131 revA\WlanDll.dll ()
MOD - C:\Program Files (x86)\KatMouse\KatMouseH.dll ()
MOD - C:\Program Files (x86)\KatMouse\KatMouseS.dll ()
MOD - C:\Program Files (x86)\KatMouse\KatMouse.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (avast! Firewall) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (lxda_device) -- C:\Windows\SysNative\lxdacoms.exe ( )
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Autodesk Licensing Service) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (WlanWpsSvc) -- C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe ()
SRV - (mi-raysat_3dsMax2009_32) -- C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe ()
SRV - (lxda_device) -- C:\Windows\SysWow64\lxdacoms.exe ( )
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswFW) -- C:\Windows\SysNative\drivers\aswFW.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswNdis2) -- C:\Windows\SysNative\drivers\aswNdis2.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\drivers\aswNdis.sys (ALWIL Software)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Dnetr7364) -- C:\Windows\SysNative\drivers\Dnetr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (anodlwf) -- C:\Windows\SysNative\drivers\anodlwfx.sys ()
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4017242201-520085593-3607815517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4017242201-520085593-3607815517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4017242201-520085593-3607815517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\S-1-5-21-4017242201-520085593-3607815517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 DE B7 F4 19 9E CB 01  [binary data]
IE - HKU\S-1-5-21-4017242201-520085593-3607815517-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4017242201-520085593-3607815517-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-4017242201-520085593-3607815517-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-4017242201-520085593-3607815517-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.01.06 18:44:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.28 18:57:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.23 22:30:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.02.23 22:30:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ich\AppData\Roaming\mozilla\Extensions
[2012.02.23 22:30:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.16 15:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 11:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ich\AppData\Local\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ich\AppData\Local\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ich\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ich\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Offline Google Mail = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.13_0\
CHR - Extension: Skype Click to Call = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (no name) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-4017242201-520085593-3607815517-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4017242201-520085593-3607815517-1000..\Run: [Spyware Doctor] D:\Lisa\Desktop\sdsetup_revwire207.exe -min File not found
O4 - HKU\S-1-5-21-4017242201-520085593-3607815517-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4017242201-520085593-3607815517-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KatMouse.lnk = C:\Program Files (x86)\KatMouse\KatMouse.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ich\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ich\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82511DE8-2EE9-4F45-8480-992A63B24536}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skyline - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skyline {3a4f9195-65a8-11d5-85c1-0001023952c1} - C:\Program Files (x86)\Skyline\TerraExplorer\TerraExplorerX.dll File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.12.28 21:37:21 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{4cadffb4-e09c-11e0-8dba-1c6f6582f881}\Shell - "" = AutoRun
O33 - MountPoints2\{4cadffb4-e09c-11e0-8dba-1c6f6582f881}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{6c3e348c-2669-11e1-b685-1c6f6582f881}\Shell - "" = AutoRun
O33 - MountPoints2\{6c3e348c-2669-11e1-b685-1c6f6582f881}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\{d12c0738-111a-11e0-80bd-1c6f6582f881}\Shell - "" = AutoRun
O33 - MountPoints2\{d12c0738-111a-11e0-80bd-1c6f6582f881}\Shell\AutoRun\command - "" = F:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^Users^Ich^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Ich^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeBridge - hkey= - key= - C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe (Adobe Systems, Inc.)
MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe_ID0ENQBO - hkey= - key= - C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: chromium - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Sony Ericsson PC Companion - hkey= - key= - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2E62F19C-0984-0365-7134-22A47B7514B3} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {577BCB9C-2179-1FC5-D3B2-830658F23AC1} - Browser Customizations
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {8CFD4763-D3A5-B4DD-9936-6348479355BB} - Microsoft Windows Media Player
ActiveX:64bit: {8E7D4110-11DC-62BA-475E-9555AE18E7D7} - Browser Customizations
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C794A32D-517E-2119-491F-EB6ADF47FA91} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CB2DB6CC-7369-191C-02D2-E08364ED1B80} - Offline Browsing Pack
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {015D4C68-9359-9217-83D6-24C5163B3758} - Microsoft Windows Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3B636EF0-80FA-6C09-8E75-B8FCCF457C1F} - Internet Explorer
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {971CB01D-12D1-C120-30C1-9BDD2B2DD1B7} - Java (Sun)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E60CD55A-2003-F72D-0E7E-68AED354BA3B} - Microsoft VM
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.23 22:30:23 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Mozilla
[2012.02.23 22:30:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.02.23 20:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012.02.22 23:17:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.02.22 23:10:50 | 002,322,184 | ---- | C] (ESET) -- D:\Lisa\Desktop\esetsmartinstaller_enu.exe
[2012.02.22 20:58:14 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Malwarebytes
[2012.02.22 20:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.22 20:58:06 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.22 20:58:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.21 22:26:51 | 000,000,000 | ---D | C] -- D:\Lisa\Desktop\GrooveDown_Downloads
[2012.02.21 22:25:48 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Groovedown
[2012.02.20 13:29:07 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\ProgSense
[2012.02.20 13:29:00 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\GrabPro
[2012.02.20 13:29:00 | 000,000,000 | ---D | C] -- C:\downloads
[2012.02.20 13:28:58 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Orbit
[2012.02.14 19:28:07 | 000,000,000 | ---D | C] -- D:\Lisa\Eigene Dokumente\OneNote-Notizbücher
[2012.02.14 19:08:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012.02.14 18:09:22 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Local\Apps
[2012.02.13 23:46:45 | 000,000,000 | ---D | C] -- C:\Users\Ich\Calibre Bibliothek
[2012.02.13 23:46:44 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\calibre
[2012.02.13 23:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2012.02.13 23:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2012.02.13 23:34:09 | 000,000,000 | ---D | C] -- D:\Lisa\Eigene Dokumente\Vuze Downloads
[2012.02.13 23:27:17 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Azureus
[2012.02.13 23:26:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2012.02.13 23:12:22 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\eBookConverter
[2012.02.13 23:12:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eBookConverter
[2012.02.13 20:46:31 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\AdobeUM
[2012.02.13 20:38:09 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\GetRightToGo
[2012.02.13 12:37:53 | 000,000,000 | ---D | C] -- D:\Lisa\Eigene Dokumente\My Digital Editions
[2012.02.13 12:35:17 | 000,000,000 | ---D | C] -- D:\Lisa\Eigene Dokumente\E-Books
[2012.01.28 19:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012.01.28 18:58:42 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Local\DDMSettings
[2012.01.28 18:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012.01.28 18:57:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012.01.28 11:03:18 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\RealNetworks
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.23 22:50:33 | 000,015,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.23 22:50:33 | 000,015,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.23 22:47:38 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.23 22:47:38 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.23 22:47:38 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.23 22:47:38 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.23 22:47:38 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.23 22:43:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.23 22:43:07 | 4292,239,358 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.23 22:30:17 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.02.23 20:55:03 | 001,857,954 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012.02.23 19:18:08 | 000,001,615 | ---- | M] () -- D:\Lisa\Desktop\Digital Edition.lnk
[2012.02.23 18:34:40 | 000,230,196 | ---- | M] () -- D:\Lisa\Desktop\screenshot eset finish.jpg
[2012.02.22 23:10:55 | 002,322,184 | ---- | M] (ESET) -- D:\Lisa\Desktop\esetsmartinstaller_enu.exe
[2012.02.22 22:50:29 | 001,101,824 | ---- | M] () -- D:\Lisa\Desktop\Vorlage Blau A4hoch.indd
[2012.02.22 20:58:07 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.21 22:25:51 | 000,000,885 | ---- | M] () -- D:\Lisa\Desktop\Groovedown.lnk
[2012.02.16 10:37:08 | 003,023,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.14 20:56:56 | 000,001,358 | ---- | M] () -- C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2012.02.13 20:49:32 | 000,001,153 | ---- | M] () -- C:\Users\Public\Documents\AcRdS7_0_0.pnd
[2012.02.13 11:21:23 | 000,132,262 | ---- | M] () -- D:\Lisa\Desktop\Entspannung und Streß-Bewältigung.pdf
[2012.01.28 19:58:55 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.23 22:30:17 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.02.23 22:30:17 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.02.23 20:54:56 | 001,857,954 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012.02.23 19:18:08 | 000,001,615 | ---- | C] () -- D:\Lisa\Desktop\Digital Edition.lnk
[2012.02.23 18:34:40 | 000,230,196 | ---- | C] () -- D:\Lisa\Desktop\screenshot eset finish.jpg
[2012.02.22 20:58:07 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.22 00:04:08 | 001,101,824 | ---- | C] () -- D:\Lisa\Desktop\Vorlage Blau A4hoch.indd
[2012.02.21 22:25:51 | 000,000,885 | ---- | C] () -- D:\Lisa\Desktop\Groovedown.lnk
[2012.02.14 20:56:56 | 000,001,358 | ---- | C] () -- C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2012.02.13 23:26:48 | 000,001,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2012.02.13 20:49:32 | 000,001,153 | ---- | C] () -- C:\Users\Public\Documents\AcRdS7_0_0.pnd
[2012.02.13 11:21:23 | 000,132,262 | ---- | C] () -- D:\Lisa\Desktop\Entspannung und Streß-Bewältigung.pdf
[2011.08.11 18:04:31 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011.07.01 14:01:16 | 000,006,144 | ---- | C] () -- C:\Users\Ich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.03 11:19:03 | 000,000,206 | ---- | C] () -- C:\Windows\Lexstat.ini
[2011.01.26 19:24:18 | 000,007,602 | ---- | C] () -- C:\Users\Ich\AppData\Local\Resmon.ResmonCfg
[2011.01.11 20:11:31 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdaserv.dll
[2011.01.11 20:11:31 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdausb1.dll
[2011.01.11 20:11:31 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdahbn3.dll
[2011.01.11 20:11:31 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdacomc.dll
[2011.01.11 20:11:31 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdapmui.dll
[2011.01.11 20:11:31 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdalmpm.dll
[2011.01.11 20:11:31 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdacoms.exe
[2011.01.11 20:11:31 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdacomm.dll
[2011.01.11 20:11:31 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxdautil.dll
[2011.01.11 20:11:31 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdainpa.dll
[2011.01.11 20:11:31 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdaiesc.dll
[2011.01.11 20:11:31 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdaih.exe
[2011.01.11 20:11:31 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdacfg.exe
[2011.01.11 20:11:31 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXDAinst.dll
[2011.01.11 20:11:31 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdappls.exe
[2011.01.11 20:11:31 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdaprox.dll
[2011.01.11 20:11:31 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdapplc.dll
[2010.12.26 22:21:18 | 000,000,000 | ---- | C] () -- C:\Windows\plugin.ini
[2010.12.26 16:59:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.12.18 19:53:39 | 000,000,271 | ---- | C] () -- C:\Windows\lgfwup.ini
 
========== LOP Check ==========
 
[2011.05.25 22:11:47 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\.minecraft
[2010.12.28 22:16:54 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Autodesk
[2012.02.20 17:17:00 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Azureus
[2012.02.14 00:10:27 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\calibre
[2012.02.23 13:48:43 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Canon
[2010.12.26 21:21:32 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\DAEMON Tools Lite
[2012.01.08 19:47:19 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\DVDVideoSoft
[2011.09.15 20:47:59 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.13 23:12:22 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\eBookConverter
[2012.02.13 20:41:36 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\GetRightToGo
[2011.06.18 12:16:45 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\go
[2012.02.20 13:29:00 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\GrabPro
[2012.02.21 22:25:49 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Groovedown
[2011.03.20 23:43:14 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\gtk-2.0
[2012.01.04 16:50:43 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\inkscape
[2012.01.06 15:54:42 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\IrfanView
[2010.12.17 20:26:02 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\JAM Software
[2011.11.21 14:55:21 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Mael
[2011.11.21 14:22:35 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\NetMeter
[2012.01.23 16:24:08 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Notepad++
[2010.12.17 20:33:35 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\OpenOffice.org
[2010.12.17 20:12:10 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Opera
[2012.02.21 18:08:51 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Orbit
[2012.02.20 13:29:07 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\ProgSense
[2010.12.17 20:31:24 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Scribus
[2011.05.16 11:14:45 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Softplicity
[2011.06.15 19:53:38 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\XnView
[2012.01.27 16:39:49 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.05.25 22:11:47 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\.minecraft
[2012.02.13 13:22:15 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Adobe
[2012.02.13 20:46:31 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\AdobeUM
[2010.12.28 22:16:54 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Autodesk
[2012.02.20 17:17:00 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Azureus
[2012.02.14 00:10:27 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\calibre
[2012.02.23 13:48:43 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Canon
[2011.05.19 09:31:47 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\CyberLink
[2010.12.26 21:21:32 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\DAEMON Tools Lite
[2011.03.31 17:08:05 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\DivX
[2012.01.08 19:47:19 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\DVDVideoSoft
[2011.09.15 20:47:59 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.13 23:12:22 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\eBookConverter
[2012.02.13 20:41:36 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\GetRightToGo
[2011.06.18 12:16:45 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\go
[2010.12.26 20:15:36 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Google
[2012.02.20 13:29:00 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\GrabPro
[2012.02.21 22:25:49 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Groovedown
[2011.03.20 23:43:14 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\gtk-2.0
[2010.12.15 01:35:55 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Identities
[2012.01.04 16:50:43 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\inkscape
[2010.12.18 21:07:57 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\InstallShield
[2012.01.06 15:54:42 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\IrfanView
[2010.12.17 20:26:02 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\JAM Software
[2010.12.17 20:19:13 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Macromedia
[2011.11.21 14:55:21 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Mael
[2012.02.22 20:58:14 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Media Center Programs
[2012.01.21 14:56:23 | 000,000,000 | --SD | M] -- C:\Users\Ich\AppData\Roaming\Microsoft
[2012.02.23 22:30:23 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Mozilla
[2011.11.21 14:22:35 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\NetMeter
[2012.01.23 16:24:08 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Notepad++
[2010.12.17 20:33:35 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\OpenOffice.org
[2010.12.17 20:12:10 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Opera
[2012.02.21 18:08:51 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Orbit
[2012.02.20 13:29:07 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\ProgSense
[2012.01.06 19:32:37 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Real
[2012.01.28 11:03:18 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\RealNetworks
[2010.12.17 20:31:24 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Scribus
[2012.02.23 22:51:48 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Skype
[2011.05.28 15:01:58 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\skypePM
[2011.05.16 11:14:45 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Softplicity
[2012.01.06 19:33:59 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\vlc
[2012.02.22 00:39:09 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Winamp
[2011.06.15 19:53:38 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\XnView
 
< %APPDATA%\*.exe /s >
[2012.02.13 23:28:08 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Ich\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2012.02.21 22:25:49 | 000,903,168 | ---- | M] () -- C:\Users\Ich\AppData\Roaming\Groovedown\GrooveDown_Start.exe
[2008.05.29 07:03:08 | 000,037,176 | ---- | M] () -- C:\Users\Ich\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.02.13 12:36:27 | 000,117,427 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Ich\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe
[2011.10.25 13:31:31 | 008,107,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Ich\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2010.12.26 21:44:48 | 000,010,134 | R--- | M] () -- C:\Users\Ich\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011.12.07 21:09:56 | 000,315,512 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Ich\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.01\pnup0.exe
[2011.11.27 20:30:58 | 000,315,512 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Ich\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.01\rnupgagent.exe
[2011.12.14 16:38:14 | 026,922,432 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Ich\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.01\stub_data\RealPlayer.exe
[2011.11.28 10:08:55 | 000,713,472 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Ich\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.01\stub_exe\RealPlayer.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 246 bytes -> C:\ProgramData\Temp:9A870F8B
@Alternate Data Stream - 177 bytes -> C:\Users\Ich\AppData\Local\Temp:SL_{42726572-7361-6369-352e-30312e303032}
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
         
--- --- ---

Geändert von Soapace (23.02.2012 um 23:28 Uhr)

Alt 24.02.2012, 10:59   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" - Standard

Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir"



Zitat:
O2 - BHO: (DivX Plus Web Player HTML5 <video>)
Gehörst du auch zur der Fraktion, die sich Serien und Kinofilme über dubiose Portale anschaut?
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 24.02.2012, 11:31   #11
Soapace
 
Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" - Standard

Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir"



Ich sag mal nicht das ichs mach, aber rein theoretisch könnte es sein das es ansonsten für bestimmte sachen keine legale alternative gibt in europa. Aber ich werde ein auge darauf werfen.

Sollte der pc jetzt wieder sauber und sicher sein? Danke für die hilfe bis jetzt.

Alt 24.02.2012, 12:01   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" - Standard

Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir"



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4017242201-520085593-3607815517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://at.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4017242201-520085593-3607815517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\S-1-5-21-4017242201-520085593-3607815517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 DE B7 F4 19 9E CB 01  [binary data]
IE - HKU\S-1-5-21-4017242201-520085593-3607815517-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (no name) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O4 - HKU\S-1-5-21-4017242201-520085593-3607815517-1000..\Run: [Spyware Doctor] D:\Lisa\Desktop\sdsetup_revwire207.exe -min File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4017242201-520085593-3607815517-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.12.28 21:37:21 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{4cadffb4-e09c-11e0-8dba-1c6f6582f881}\Shell - "" = AutoRun
O33 - MountPoints2\{4cadffb4-e09c-11e0-8dba-1c6f6582f881}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{6c3e348c-2669-11e1-b685-1c6f6582f881}\Shell - "" = AutoRun
O33 - MountPoints2\{6c3e348c-2669-11e1-b685-1c6f6582f881}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\{d12c0738-111a-11e0-80bd-1c6f6582f881}\Shell - "" = AutoRun
O33 - MountPoints2\{d12c0738-111a-11e0-80bd-1c6f6582f881}\Shell\AutoRun\command - "" = F:\Setup.exe
@Alternate Data Stream - 246 bytes -> C:\ProgramData\Temp:9A870F8B
@Alternate Data Stream - 177 bytes -> C:\Users\Ich\AppData\Local\Temp:SL_{42726572-7361-6369-352e-30312e303032}
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 24.02.2012, 13:41   #13
Soapace
 
Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" - Standard

Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir"



Weisst du zufällig ob die "contribute.dll" datei von adobe wichtig ist?
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully.
C:\Program Files (x86)\Winload\prxtbWinl.dll moved successfully.
HKU\S-1-5-21-4017242201-520085593-3607815517-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-4017242201-520085593-3607815517-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-4017242201-520085593-3607815517-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-4017242201-520085593-3607815517-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files (x86)\Winload\prxtbWinl.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{074C1DC5-9320-4A9A-947D-C042949C6216}\ deleted successfully.
C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files (x86)\Winload\prxtbWinl.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files (x86)\Winload\prxtbWinl.dll not found.
Registry value HKEY_USERS\S-1-5-21-4017242201-520085593-3607815517-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Spyware Doctor deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4017242201-520085593-3607815517-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File  not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cadffb4-e09c-11e0-8dba-1c6f6582f881}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4cadffb4-e09c-11e0-8dba-1c6f6582f881}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cadffb4-e09c-11e0-8dba-1c6f6582f881}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4cadffb4-e09c-11e0-8dba-1c6f6582f881}\ not found.
File "E:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c3e348c-2669-11e1-b685-1c6f6582f881}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c3e348c-2669-11e1-b685-1c6f6582f881}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c3e348c-2669-11e1-b685-1c6f6582f881}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c3e348c-2669-11e1-b685-1c6f6582f881}\ not found.
File E:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d12c0738-111a-11e0-80bd-1c6f6582f881}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d12c0738-111a-11e0-80bd-1c6f6582f881}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d12c0738-111a-11e0-80bd-1c6f6582f881}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d12c0738-111a-11e0-80bd-1c6f6582f881}\ not found.
File F:\Setup.exe not found.
ADS C:\ProgramData\Temp:9A870F8B deleted successfully.
ADS C:\Users\Ich\AppData\Local\Temp:SL_{42726572-7361-6369-352e-30312e303032} deleted successfully.
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Ich
->Temp folder emptied: 8317788 bytes
->Temporary Internet Files folder emptied: 1340749 bytes
->Java cache emptied: 563964 bytes
->FireFox cache emptied: 91211662 bytes
->Google Chrome cache emptied: 40851771 bytes
->Opera cache emptied: 208 bytes
->Flash cache emptied: 8275051 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 537520 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1116360 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50568 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 145,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.33.2 log created on 02242012_131954

Files\Folders moved on Reboot...
C:\Users\Ich\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Alt 24.02.2012, 15:27   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" - Standard

Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir"



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 24.02.2012, 16:55   #15
Soapace
 
Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" - Standard

Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir"



Code:
ATTFilter
17:10:11.0724 4608	TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
17:10:11.0818 4608	============================================================
17:10:11.0818 4608	Current date / time: 2012/02/24 17:10:11.0818
17:10:11.0818 4608	SystemInfo:
17:10:11.0818 4608	
17:10:11.0818 4608	OS Version: 6.1.7601 ServicePack: 1.0
17:10:11.0818 4608	Product type: Workstation
17:10:11.0818 4608	ComputerName: ICH-PC
17:10:11.0818 4608	UserName: Ich
17:10:11.0818 4608	Windows directory: C:\Windows
17:10:11.0818 4608	System windows directory: C:\Windows
17:10:11.0818 4608	Running under WOW64
17:10:11.0818 4608	Processor architecture: Intel x64
17:10:11.0818 4608	Number of processors: 4
17:10:11.0818 4608	Page size: 0x1000
17:10:11.0818 4608	Boot type: Normal boot
17:10:11.0818 4608	============================================================
17:10:12.0832 4608	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:10:12.0832 4608	Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:10:16.0529 4608	\Device\Harddisk0\DR0:
17:10:16.0545 4608	MBR used
17:10:16.0545 4608	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:10:16.0545 4608	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1451E000
17:10:16.0545 4608	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x14550800, BlocksNum 0x25E34800
17:10:16.0545 4608	\Device\Harddisk1\DR1:
17:10:16.0545 4608	MBR used
17:10:16.0545 4608	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
17:10:16.0654 4608	Initialize success
17:10:16.0654 4608	============================================================
17:11:15.0481 5096	============================================================
17:11:15.0481 5096	Scan started
17:11:15.0481 5096	Mode: Manual; SigCheck; TDLFS; 
17:11:15.0481 5096	============================================================
17:11:16.0074 5096	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:11:16.0183 5096	1394ohci - ok
17:11:16.0215 5096	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:11:16.0246 5096	ACPI - ok
17:11:16.0293 5096	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:11:16.0324 5096	AcpiPmi - ok
17:11:16.0371 5096	adfs            (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
17:11:16.0417 5096	adfs - ok
17:11:16.0449 5096	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:11:16.0464 5096	adp94xx - ok
17:11:16.0480 5096	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:11:16.0480 5096	adpahci - ok
17:11:16.0511 5096	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:11:16.0542 5096	adpu320 - ok
17:11:16.0589 5096	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:11:16.0636 5096	AFD - ok
17:11:16.0683 5096	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:11:16.0714 5096	agp440 - ok
17:11:16.0745 5096	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:11:16.0761 5096	aliide - ok
17:11:16.0792 5096	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:11:16.0807 5096	amdide - ok
17:11:16.0839 5096	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:11:16.0870 5096	AmdK8 - ok
17:11:16.0870 5096	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:11:16.0901 5096	AmdPPM - ok
17:11:16.0932 5096	amdsata         (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
17:11:16.0963 5096	amdsata - ok
17:11:16.0979 5096	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:11:16.0995 5096	amdsbs - ok
17:11:17.0026 5096	amdxata         (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
17:11:17.0026 5096	amdxata - ok
17:11:17.0057 5096	anodlwf         (4ccf421e6c4b2a4cbce000715911f7cc) C:\Windows\system32\DRIVERS\anodlwfx.sys
17:11:17.0088 5096	anodlwf - ok
17:11:17.0151 5096	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:11:17.0213 5096	AppID - ok
17:11:17.0244 5096	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:11:17.0260 5096	arc - ok
17:11:17.0275 5096	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:11:17.0291 5096	arcsas - ok
17:11:17.0307 5096	aswFsBlk        (c7c69ed14a7ddecaf58e3dfd1fca6d37) C:\Windows\system32\drivers\aswFsBlk.sys
17:11:17.0322 5096	aswFsBlk - ok
17:11:17.0369 5096	aswFW           (baa236e2e146b864803c9b4a5aa65816) C:\Windows\system32\drivers\aswFW.sys
17:11:17.0385 5096	aswFW - ok
17:11:17.0431 5096	aswKbd          (29ec2fb2d3a5d2177ef6ba600e0305ae) C:\Windows\system32\drivers\aswKbd.sys
17:11:17.0447 5096	aswKbd - ok
17:11:17.0494 5096	aswMonFlt       (ad5276449159ba8d5206c6094c764249) C:\Windows\system32\drivers\aswMonFlt.sys
17:11:17.0509 5096	aswMonFlt - ok
17:11:17.0556 5096	aswNdis         (518b8d447a1975ab46da093a2e743256) C:\Windows\system32\DRIVERS\aswNdis.sys
17:11:17.0556 5096	aswNdis - ok
17:11:17.0587 5096	aswNdis2        (b33e66eb8b76a818aee08e4e6d9a11ea) C:\Windows\system32\drivers\aswNdis2.sys
17:11:17.0603 5096	aswNdis2 - ok
17:11:17.0619 5096	aswRdr          (1e5ca4c89227df49c5fc779e7848ae8b) C:\Windows\System32\Drivers\aswrdr2.sys
17:11:17.0634 5096	aswRdr - ok
17:11:17.0728 5096	aswSnx          (45ad1ed2a0ccd582e32b10535f5c42e9) C:\Windows\system32\drivers\aswSnx.sys
17:11:17.0759 5096	aswSnx - ok
17:11:17.0790 5096	aswSP           (06fd751c1b15734e57df09614602be66) C:\Windows\system32\drivers\aswSP.sys
17:11:17.0806 5096	aswSP - ok
17:11:17.0837 5096	aswTdi          (bf670f65762ff8da7615d7b80914c0f8) C:\Windows\system32\drivers\aswTdi.sys
17:11:17.0837 5096	aswTdi - ok
17:11:17.0868 5096	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:11:17.0993 5096	AsyncMac - ok
17:11:18.0009 5096	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:11:18.0040 5096	atapi - ok
17:11:18.0071 5096	AtiPcie         (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
17:11:18.0071 5096	AtiPcie - ok
17:11:18.0149 5096	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:11:18.0180 5096	b06bdrv - ok
17:11:18.0211 5096	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:11:18.0243 5096	b57nd60a - ok
17:11:18.0274 5096	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:11:18.0321 5096	Beep - ok
17:11:18.0352 5096	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:11:18.0367 5096	blbdrive - ok
17:11:18.0399 5096	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:11:18.0445 5096	bowser - ok
17:11:18.0461 5096	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:11:18.0508 5096	BrFiltLo - ok
17:11:18.0523 5096	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:11:18.0555 5096	BrFiltUp - ok
17:11:18.0570 5096	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:11:18.0601 5096	Brserid - ok
17:11:18.0617 5096	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:11:18.0648 5096	BrSerWdm - ok
17:11:18.0679 5096	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:11:18.0726 5096	BrUsbMdm - ok
17:11:18.0726 5096	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:11:18.0757 5096	BrUsbSer - ok
17:11:18.0789 5096	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:11:18.0820 5096	BTHMODEM - ok
17:11:18.0867 5096	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:11:18.0913 5096	cdfs - ok
17:11:18.0960 5096	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:11:19.0007 5096	cdrom - ok
17:11:19.0054 5096	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:11:19.0101 5096	circlass - ok
17:11:19.0132 5096	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:11:19.0147 5096	CLFS - ok
17:11:19.0194 5096	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:11:19.0241 5096	CmBatt - ok
17:11:19.0272 5096	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:11:19.0272 5096	cmdide - ok
17:11:19.0319 5096	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:11:19.0350 5096	CNG - ok
17:11:19.0381 5096	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:11:19.0381 5096	Compbatt - ok
17:11:19.0413 5096	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:11:19.0444 5096	CompositeBus - ok
17:11:19.0475 5096	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:11:19.0491 5096	crcdisk - ok
17:11:19.0537 5096	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:11:19.0584 5096	CSC - ok
17:11:19.0631 5096	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:11:19.0678 5096	DfsC - ok
17:11:19.0709 5096	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:11:19.0725 5096	discache - ok
17:11:19.0756 5096	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:11:19.0771 5096	Disk - ok
17:11:19.0818 5096	Dnetr7364       (93a240fd4c133d1ed7ccf829159c4b78) C:\Windows\system32\DRIVERS\Dnetr7364.sys
17:11:19.0865 5096	Dnetr7364 - ok
17:11:19.0927 5096	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:11:19.0959 5096	drmkaud - ok
17:11:20.0005 5096	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:11:20.0037 5096	DXGKrnl - ok
17:11:20.0115 5096	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:11:20.0224 5096	ebdrv - ok
17:11:20.0286 5096	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:11:20.0333 5096	elxstor - ok
17:11:20.0349 5096	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:11:20.0380 5096	ErrDev - ok
17:11:20.0395 5096	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:11:20.0427 5096	exfat - ok
17:11:20.0551 5096	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:11:20.0629 5096	fastfat - ok
17:11:20.0645 5096	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:11:20.0676 5096	fdc - ok
17:11:20.0692 5096	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:11:20.0707 5096	FileInfo - ok
17:11:20.0707 5096	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:11:20.0739 5096	Filetrace - ok
17:11:20.0848 5096	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:11:20.0879 5096	flpydisk - ok
17:11:20.0910 5096	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:11:20.0926 5096	FltMgr - ok
17:11:20.0941 5096	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:11:20.0957 5096	FsDepends - ok
17:11:20.0973 5096	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:11:20.0988 5096	Fs_Rec - ok
17:11:21.0004 5096	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:11:21.0051 5096	fvevol - ok
17:11:21.0066 5096	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:11:21.0097 5096	gagp30kx - ok
17:11:21.0113 5096	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:11:21.0144 5096	hcw85cir - ok
17:11:21.0191 5096	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:11:21.0207 5096	HdAudAddService - ok
17:11:21.0253 5096	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:11:21.0285 5096	HDAudBus - ok
17:11:21.0300 5096	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:11:21.0316 5096	HidBatt - ok
17:11:21.0331 5096	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:11:21.0363 5096	HidBth - ok
17:11:21.0378 5096	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:11:21.0394 5096	HidIr - ok
17:11:21.0456 5096	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:11:21.0503 5096	HidUsb - ok
17:11:21.0519 5096	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:11:21.0534 5096	HpSAMD - ok
17:11:21.0581 5096	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:11:21.0628 5096	HTTP - ok
17:11:21.0659 5096	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:11:21.0675 5096	hwpolicy - ok
17:11:21.0675 5096	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:11:21.0690 5096	i8042prt - ok
17:11:21.0737 5096	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:11:21.0737 5096	iaStorV - ok
17:11:21.0768 5096	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:11:21.0784 5096	iirsp - ok
17:11:21.0893 5096	IntcAzAudAddService (a0c2c3d4c03c4fb896cfc53873784178) C:\Windows\system32\drivers\RTKVHD64.sys
17:11:21.0971 5096	IntcAzAudAddService - ok
17:11:22.0002 5096	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:11:22.0018 5096	intelide - ok
17:11:22.0049 5096	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:11:22.0096 5096	intelppm - ok
17:11:22.0127 5096	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:11:22.0189 5096	IpFilterDriver - ok
17:11:22.0221 5096	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:11:22.0221 5096	IPMIDRV - ok
17:11:22.0267 5096	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:11:22.0330 5096	IPNAT - ok
17:11:22.0361 5096	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:11:22.0377 5096	IRENUM - ok
17:11:22.0408 5096	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:11:22.0423 5096	isapnp - ok
17:11:22.0470 5096	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:11:22.0501 5096	iScsiPrt - ok
17:11:22.0517 5096	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:11:22.0533 5096	kbdclass - ok
17:11:22.0595 5096	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:11:22.0626 5096	kbdhid - ok
17:11:22.0657 5096	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:11:22.0673 5096	KSecDD - ok
17:11:22.0689 5096	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:11:22.0704 5096	KSecPkg - ok
17:11:22.0735 5096	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:11:22.0813 5096	ksthunk - ok
17:11:22.0876 5096	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:11:22.0938 5096	lltdio - ok
17:11:22.0954 5096	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:11:22.0969 5096	LSI_FC - ok
17:11:22.0985 5096	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:11:22.0985 5096	LSI_SAS - ok
17:11:23.0001 5096	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:11:23.0016 5096	LSI_SAS2 - ok
17:11:23.0047 5096	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:11:23.0047 5096	LSI_SCSI - ok
17:11:23.0079 5096	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:11:23.0094 5096	luafv - ok
17:11:23.0172 5096	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
17:11:23.0188 5096	MBAMProtector - ok
17:11:23.0219 5096	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:11:23.0250 5096	megasas - ok
17:11:23.0266 5096	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:11:23.0281 5096	MegaSR - ok
17:11:23.0313 5096	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:11:23.0359 5096	Modem - ok
17:11:23.0375 5096	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:11:23.0391 5096	monitor - ok
17:11:23.0437 5096	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:11:23.0437 5096	mouclass - ok
17:11:23.0453 5096	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:11:23.0469 5096	mouhid - ok
17:11:23.0500 5096	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:11:23.0515 5096	mountmgr - ok
17:11:23.0547 5096	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:11:23.0562 5096	mpio - ok
17:11:23.0593 5096	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:11:23.0640 5096	mpsdrv - ok
17:11:23.0671 5096	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:11:23.0687 5096	MRxDAV - ok
17:11:23.0703 5096	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:11:23.0749 5096	mrxsmb - ok
17:11:23.0796 5096	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:11:23.0843 5096	mrxsmb10 - ok
17:11:23.0890 5096	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:11:23.0921 5096	mrxsmb20 - ok
17:11:23.0952 5096	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:11:23.0968 5096	msahci - ok
17:11:23.0983 5096	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:11:23.0999 5096	msdsm - ok
17:11:24.0030 5096	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:11:24.0061 5096	Msfs - ok
17:11:24.0077 5096	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:11:24.0108 5096	mshidkmdf - ok
17:11:24.0139 5096	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:11:24.0171 5096	msisadrv - ok
17:11:24.0186 5096	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:11:24.0249 5096	MSKSSRV - ok
17:11:24.0280 5096	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:11:24.0342 5096	MSPCLOCK - ok
17:11:24.0342 5096	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:11:24.0389 5096	MSPQM - ok
17:11:24.0420 5096	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:11:24.0451 5096	MsRPC - ok
17:11:24.0483 5096	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:11:24.0498 5096	mssmbios - ok
17:11:24.0529 5096	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:11:24.0561 5096	MSTEE - ok
17:11:24.0576 5096	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:11:24.0576 5096	MTConfig - ok
17:11:24.0607 5096	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:11:24.0607 5096	Mup - ok
17:11:24.0654 5096	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:11:24.0701 5096	NativeWifiP - ok
17:11:24.0732 5096	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:11:24.0763 5096	NDIS - ok
17:11:24.0779 5096	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:11:24.0810 5096	NdisCap - ok
17:11:24.0826 5096	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:11:24.0873 5096	NdisTapi - ok
17:11:24.0904 5096	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:11:24.0966 5096	Ndisuio - ok
17:11:24.0997 5096	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:11:25.0060 5096	NdisWan - ok
17:11:25.0091 5096	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:11:25.0153 5096	NDProxy - ok
17:11:25.0185 5096	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:11:25.0247 5096	NetBIOS - ok
17:11:25.0278 5096	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:11:25.0341 5096	NetBT - ok
17:11:25.0387 5096	netr7364        (81b8d0c1ce44a7fdbd596b693783950c) C:\Windows\system32\DRIVERS\netr7364.sys
17:11:25.0419 5096	netr7364 - ok
17:11:25.0450 5096	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:11:25.0450 5096	nfrd960 - ok
17:11:25.0481 5096	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:11:25.0543 5096	Npfs - ok
17:11:25.0559 5096	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:11:25.0590 5096	nsiproxy - ok
17:11:25.0637 5096	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:11:25.0684 5096	Ntfs - ok
17:11:25.0699 5096	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:11:25.0731 5096	Null - ok
17:11:25.0746 5096	nusb3hub        (c25cc69829e976c67b34152334eeddd1) C:\Windows\system32\DRIVERS\nusb3hub.sys
17:11:25.0762 5096	nusb3hub - ok
17:11:25.0793 5096	nusb3xhc        (20bc4b57a6dba0447adb3b623c200f8e) C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:11:25.0840 5096	nusb3xhc - ok
17:11:26.0089 5096	nvlddmkm        (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:11:26.0370 5096	nvlddmkm - ok
17:11:26.0417 5096	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:11:26.0417 5096	nvraid - ok
17:11:26.0448 5096	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:11:26.0464 5096	nvstor - ok
17:11:26.0526 5096	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:11:26.0557 5096	nv_agp - ok
17:11:26.0589 5096	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:11:26.0635 5096	ohci1394 - ok
17:11:26.0667 5096	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:11:26.0682 5096	Parport - ok
17:11:26.0729 5096	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:11:26.0745 5096	partmgr - ok
17:11:26.0791 5096	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:11:26.0807 5096	pci - ok
17:11:26.0838 5096	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:11:26.0838 5096	pciide - ok
17:11:26.0869 5096	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:11:26.0885 5096	pcmcia - ok
17:11:26.0901 5096	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:11:26.0916 5096	pcw - ok
17:11:26.0932 5096	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:11:26.0994 5096	PEAUTH - ok
17:11:27.0072 5096	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:11:27.0135 5096	PptpMiniport - ok
17:11:27.0150 5096	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:11:27.0181 5096	Processor - ok
17:11:27.0197 5096	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:11:27.0244 5096	Psched - ok
17:11:27.0275 5096	PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
17:11:27.0275 5096	PxHlpa64 - ok
17:11:27.0322 5096	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:11:27.0400 5096	ql2300 - ok
17:11:27.0415 5096	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:11:27.0431 5096	ql40xx - ok
17:11:27.0447 5096	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:11:27.0478 5096	QWAVEdrv - ok
17:11:27.0493 5096	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:11:27.0525 5096	RasAcd - ok
17:11:27.0556 5096	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:11:27.0571 5096	RasAgileVpn - ok
17:11:27.0618 5096	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:11:27.0649 5096	Rasl2tp - ok
17:11:27.0665 5096	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:11:27.0696 5096	RasPppoe - ok
17:11:27.0712 5096	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:11:27.0743 5096	RasSstp - ok
17:11:27.0774 5096	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:11:27.0805 5096	rdbss - ok
17:11:27.0821 5096	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:11:27.0821 5096	rdpbus - ok
17:11:27.0837 5096	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:11:27.0868 5096	RDPCDD - ok
17:11:27.0915 5096	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:11:27.0930 5096	RDPDR - ok
17:11:27.0930 5096	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:11:27.0977 5096	RDPENCDD - ok
17:11:27.0993 5096	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:11:28.0024 5096	RDPREFMP - ok
17:11:28.0055 5096	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
17:11:28.0071 5096	RDPWD - ok
17:11:28.0117 5096	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:11:28.0133 5096	rdyboost - ok
17:11:28.0164 5096	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:11:28.0195 5096	rspndr - ok
17:11:28.0227 5096	RTL8167         (2777226ee8bf50b059d7a7c90177e99c) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:11:28.0242 5096	RTL8167 - ok
17:11:28.0289 5096	RTL8192su       (a332db1dac07e95667a57aaeec236c37) C:\Windows\system32\DRIVERS\RTL8192su.sys
17:11:28.0320 5096	RTL8192su - ok
17:11:28.0351 5096	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:11:28.0398 5096	s3cap - ok
17:11:28.0429 5096	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:11:28.0429 5096	sbp2port - ok
17:11:28.0476 5096	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:11:28.0523 5096	scfilter - ok
17:11:28.0554 5096	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:11:28.0585 5096	secdrv - ok
17:11:28.0617 5096	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:11:28.0617 5096	Serenum - ok
17:11:28.0632 5096	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:11:28.0663 5096	Serial - ok
17:11:28.0679 5096	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:11:28.0695 5096	sermouse - ok
17:11:28.0726 5096	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:11:28.0741 5096	sffdisk - ok
17:11:28.0757 5096	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:11:28.0773 5096	sffp_mmc - ok
17:11:28.0788 5096	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:11:28.0804 5096	sffp_sd - ok
17:11:28.0835 5096	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:11:28.0866 5096	sfloppy - ok
17:11:28.0897 5096	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:11:28.0913 5096	SiSRaid2 - ok
17:11:28.0929 5096	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:11:28.0944 5096	SiSRaid4 - ok
17:11:28.0960 5096	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:11:29.0007 5096	Smb - ok
17:11:29.0069 5096	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:11:29.0085 5096	spldr - ok
17:11:29.0163 5096	sptd            (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
17:11:29.0163 5096	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
17:11:29.0178 5096	sptd ( LockedFile.Multi.Generic ) - warning
17:11:29.0178 5096	sptd - detected LockedFile.Multi.Generic (1)
17:11:29.0209 5096	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:11:29.0256 5096	srv - ok
17:11:29.0272 5096	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:11:29.0303 5096	srv2 - ok
17:11:29.0319 5096	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:11:29.0334 5096	srvnet - ok
17:11:29.0397 5096	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:11:29.0397 5096	stexstor - ok
17:11:29.0443 5096	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:11:29.0459 5096	storflt - ok
17:11:29.0490 5096	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:11:29.0506 5096	storvsc - ok
17:11:29.0521 5096	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:11:29.0521 5096	swenum - ok
17:11:29.0631 5096	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:11:29.0709 5096	Tcpip - ok
17:11:29.0787 5096	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:11:29.0818 5096	TCPIP6 - ok
17:11:29.0880 5096	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:11:29.0927 5096	tcpipreg - ok
17:11:29.0958 5096	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:11:30.0036 5096	TDPIPE - ok
17:11:30.0052 5096	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:11:30.0083 5096	TDTCP - ok
17:11:30.0114 5096	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:11:30.0145 5096	tdx - ok
17:11:30.0177 5096	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:11:30.0208 5096	TermDD - ok
17:11:30.0255 5096	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:11:30.0286 5096	tssecsrv - ok
17:11:30.0364 5096	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:11:30.0411 5096	TsUsbFlt - ok
17:11:30.0535 5096	TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
17:11:30.0567 5096	TuneUpUtilitiesDrv - ok
17:11:30.0645 5096	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:11:30.0707 5096	tunnel - ok
17:11:30.0723 5096	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:11:30.0738 5096	uagp35 - ok
17:11:30.0769 5096	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:11:30.0832 5096	udfs - ok
17:11:30.0863 5096	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:11:30.0879 5096	uliagpkx - ok
17:11:30.0910 5096	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:11:30.0941 5096	umbus - ok
17:11:30.0988 5096	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:11:31.0035 5096	UmPass - ok
17:11:31.0066 5096	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:11:31.0113 5096	usbccgp - ok
17:11:31.0144 5096	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:11:31.0159 5096	usbcir - ok
17:11:31.0191 5096	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:11:31.0222 5096	usbehci - ok
17:11:31.0253 5096	usbfilter       (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
17:11:31.0253 5096	usbfilter - ok
17:11:31.0300 5096	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:11:31.0315 5096	usbhub - ok
17:11:31.0331 5096	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
17:11:31.0347 5096	usbohci - ok
17:11:31.0378 5096	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:11:31.0393 5096	usbprint - ok
17:11:31.0425 5096	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:11:31.0440 5096	usbscan - ok
17:11:31.0456 5096	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:11:31.0487 5096	USBSTOR - ok
17:11:31.0503 5096	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
17:11:31.0534 5096	usbuhci - ok
17:11:31.0581 5096	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:11:31.0596 5096	vdrvroot - ok
17:11:31.0612 5096	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:11:31.0643 5096	vga - ok
17:11:31.0643 5096	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:11:31.0690 5096	VgaSave - ok
17:11:31.0721 5096	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:11:31.0721 5096	vhdmp - ok
17:11:31.0752 5096	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:11:31.0752 5096	viaide - ok
17:11:31.0768 5096	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:11:31.0783 5096	vmbus - ok
17:11:31.0799 5096	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:11:31.0815 5096	VMBusHID - ok
17:11:31.0846 5096	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:11:31.0846 5096	volmgr - ok
17:11:31.0893 5096	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:11:31.0924 5096	volmgrx - ok
17:11:31.0939 5096	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:11:31.0955 5096	volsnap - ok
17:11:31.0986 5096	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:11:32.0002 5096	vsmraid - ok
17:11:32.0017 5096	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:11:32.0049 5096	vwifibus - ok
17:11:32.0064 5096	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:11:32.0095 5096	vwififlt - ok
17:11:32.0127 5096	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:11:32.0142 5096	vwifimp - ok
17:11:32.0173 5096	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:11:32.0189 5096	WacomPen - ok
17:11:32.0236 5096	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:11:32.0298 5096	WANARP - ok
17:11:32.0298 5096	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:11:32.0329 5096	Wanarpv6 - ok
17:11:32.0376 5096	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:11:32.0392 5096	Wd - ok
17:11:32.0407 5096	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:11:32.0423 5096	Wdf01000 - ok
17:11:32.0454 5096	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:11:32.0485 5096	WfpLwf - ok
17:11:32.0501 5096	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:11:32.0501 5096	WIMMount - ok
17:11:32.0579 5096	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:11:32.0626 5096	WinUsb - ok
17:11:32.0673 5096	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:11:32.0673 5096	WmiAcpi - ok
17:11:32.0704 5096	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:11:32.0735 5096	ws2ifsl - ok
17:11:32.0782 5096	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:11:32.0844 5096	WudfPf - ok
17:11:32.0875 5096	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:11:32.0922 5096	WUDFRd - ok
17:11:32.0969 5096	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:11:33.0094 5096	\Device\Harddisk0\DR0 - ok
17:11:33.0390 5096	MBR (0x1B8)     (8464d19686910a2e5d0e5c28c70a95ab) \Device\Harddisk1\DR1
17:11:33.0546 5096	\Device\Harddisk1\DR1 - ok
17:11:33.0546 5096	Boot (0x1200)   (6728e7ea117cfa39a184a6d1e3192234) \Device\Harddisk0\DR0\Partition0
17:11:33.0546 5096	\Device\Harddisk0\DR0\Partition0 - ok
17:11:33.0593 5096	Boot (0x1200)   (7d1fdaf3e3a72ed63570af9cd1b89854) \Device\Harddisk0\DR0\Partition1
17:11:33.0593 5096	\Device\Harddisk0\DR0\Partition1 - ok
17:11:33.0609 5096	Boot (0x1200)   (7b5917fe538b0d448bdf60582a45b037) \Device\Harddisk0\DR0\Partition2
17:11:33.0609 5096	\Device\Harddisk0\DR0\Partition2 - ok
17:11:33.0609 5096	Boot (0x1200)   (7e6ec36231fd2dcbb204d1f84237ff43) \Device\Harddisk1\DR1\Partition0
17:11:33.0624 5096	\Device\Harddisk1\DR1\Partition0 - ok
17:11:33.0624 5096	============================================================
17:11:33.0624 5096	Scan finished
17:11:33.0624 5096	============================================================
17:11:33.0624 3672	Detected object count: 1
17:11:33.0624 3672	Actual detected object count: 1
17:16:42.0595 3672	sptd ( LockedFile.Multi.Generic ) - skipped by user
17:16:42.0595 3672	sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
17:17:52.0936 2432	Deinitialize success
         

Geändert von Soapace (24.02.2012 um 17:19 Uhr)

Antwort

Themen zu Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir"
.com, administrator, anti-malware, automatisch, autostart, code, computer, dateien, dateisystem, explorer, firefox, gelöscht, google, heuristiks/extra, heuristiks/shuriken, infizierte, infizierte dateien, malwarebytes, microsoft, pup.vshareredir, redirect, seite, software, speicher, test, virus, windows



Ähnliche Themen: Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir"


  1. Fehlerhinweis "Ungültiges Bild" unter WINDOWS 7: "C:\PROGRA~2\SEARCH~2\SEARCH~1\bin\VC32LO~1.DLL" +
    Log-Analyse und Auswertung - 19.04.2015 (9)
  2. LogFile MalwareBytes, Problem: "Search Assistant"
    Log-Analyse und Auswertung - 17.02.2014 (11)
  3. Malwarebytes bereibigt "PUP.Optional.xxx.A", aber AdwCleaner findet noch was in der Registry
    Log-Analyse und Auswertung - 14.10.2013 (13)
  4. Malwarebytes findet 2 Infektionen "PUP.optional"
    Log-Analyse und Auswertung - 19.09.2013 (3)
  5. ESET findet "multiple threats" trotz grünem Licht von MalwareBytes, AdwCleaner und JRT
    Plagegeister aller Art und deren Bekämpfung - 23.07.2013 (11)
  6. "PUP.VShareRedir" Meldungen bei Malewarebytes!
    Plagegeister aller Art und deren Bekämpfung - 18.05.2013 (5)
  7. Malwarebytes findet 18 infizierte Dateien: Pup.VShareRedir - was tun?
    Plagegeister aller Art und deren Bekämpfung - 11.02.2013 (10)
  8. "Redirect-Virus" unter Windows 8 / "document has moved redirecting..."
    Plagegeister aller Art und deren Bekämpfung - 23.01.2013 (11)
  9. Malwarebytes findet "Trojan.Agent" - dieser ist aber nach löschen jedesmal wieder da
    Plagegeister aller Art und deren Bekämpfung - 01.01.2013 (14)
  10. MalwareBytes findet "PUP.VShareRedir"
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (3)
  11. Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix ..
    Plagegeister aller Art und deren Bekämpfung - 27.10.2012 (10)
  12. Langsame Internetverbindung, MalwareBytes liefert "pup.vshareredir"
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (17)
  13. malwarebytes findet 42 "PUP.Blabblers" Viren beim Vollscan
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (1)
  14. Mit BKA-Trojaner infiziert. Malwarebytes hat "PUP.VShareRedir" gefunden.
    Log-Analyse und Auswertung - 08.03.2012 (11)
  15. Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten!
    Log-Analyse und Auswertung - 09.01.2012 (17)
  16. Malwarebytes Antimalware findet "Trojan.Agent", MBAM/OTL Logs mit dabei
    Log-Analyse und Auswertung - 24.06.2011 (1)
  17. Malwarebytes findet "tyrdwirh.sys" und kann diese nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 25.01.2010 (1)

Zum Thema Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" - Wenn man bei firefox im toolbar integrieten google search was sucht wird man automatisch zu search.searchcompletion.com geleitet. Laut google ist die seite auch mit einem virus verbunden das heimlich auf - Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir"...
Archiv
Du betrachtest: Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.