|
Log-Analyse und Auswertung: Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
22.02.2012, 21:44 | #1 |
| Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" Wenn man bei firefox im toolbar integrieten google search was sucht wird man automatisch zu search.searchcompletion.com geleitet. Laut google ist die seite auch mit einem virus verbunden das heimlich auf dem computer installiert wird. Malwarebytes hat zwei infizierte dateien ausgespuckt: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. Die aktuelle log datei lautet: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.22.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Ich :: ICH-PC [Administrator] Schutz: Aktiviert 22.02.2012 21:04:10 mbam-log-2012-02-22 (21-08-06).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 200755 Laufzeit: 1 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
22.02.2012, 22:19 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
23.02.2012, 18:39 | #3 |
| Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" Scan hat ca 19 stunden gedauert aber nichts gefunden.
__________________Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=3bb0987299cd0c4fa5d247603db6a5ab # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-02-23 05:25:41 # local_time=2012-02-23 06:25:41 (+0100, Mitteleuropäische Zeit) # country="Austria" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=768 16777215 100 0 37250267 37250267 0 0 # compatibility_mode=5893 16776574 100 94 86029 81579875 0 0 # compatibility_mode=8192 67108863 100 0 4602 4602 0 0 # scanned=709890 # found=0 # cleaned=0 # scan_time=67916 |
23.02.2012, 20:56 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" Was ist mit dem Vollscan mit Malwarebytes?
__________________ Logfiles bitte immer in CODE-Tags posten |
23.02.2012, 21:30 | #5 |
| Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" Sind die infizierten windows datei wichtig fürs system? Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.22.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Ich :: ICH-PC [Administrator] Schutz: Aktiviert 22.02.2012 21:09:14 mbam-log-2012-02-22 (22-16-53).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 575651 Laufzeit: 53 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Geändert von Soapace (23.02.2012 um 21:44 Uhr) |
23.02.2012, 21:50 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir"Zitat:
__________________ --> Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" |
23.02.2012, 22:09 | #7 |
| Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" Dateien wurden jetzt mit WB gelöscht. Man wird aber über den google toolbar noch immer zu search.searchcompletion.com geleitet. |
23.02.2012, 22:16 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" Ja wir sind ja auch noch nicht durch hier Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
23.02.2012, 23:19 | #9 |
| Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" Nach einer Neuinstallation von firefox scheint der google toolbar nicht mehr falsch weiterzuleiten OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.02.2012 22:51:59 - Run 1 OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Ich\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 16,00 Gb Total Physical Memory | 14,04 Gb Available Physical Memory | 87,78% Memory free 31,99 Gb Paging File | 29,93 Gb Available in Paging File | 93,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 162,56 Gb Total Space | 80,31 Gb Free Space | 49,40% Space Free | Partition Type: NTFS Drive D: | 303,10 Gb Total Space | 234,81 Gb Free Space | 77,47% Space Free | Partition Type: NTFS Drive E: | 1,81 Gb Total Space | 0,42 Gb Free Space | 23,22% Space Free | Partition Type: FAT Drive G: | 14,44 Gb Total Space | 11,10 Gb Free Space | 76,84% Space Free | Partition Type: FAT32 Drive H: | 149,05 Gb Total Space | 11,73 Gb Free Space | 7,87% Space Free | Partition Type: NTFS Drive X: | 4,06 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ICH-PC | User Name: Ich | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Ich\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Programme\Alwil Software\Avast5\afwServ.exe (AVAST Software) PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\D-Link\DWA-131 revA\wirelesscm.exe (D-Link Corp.) PRC - C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe () PRC - C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe () PRC - C:\Program Files (x86)\KatMouse\KatMouse.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\D-Link\DWA-131 revA\WlanDll.dll () MOD - C:\Program Files (x86)\KatMouse\KatMouseH.dll () MOD - C:\Program Files (x86)\KatMouse\KatMouseS.dll () MOD - C:\Program Files (x86)\KatMouse\KatMouse.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (avast! Firewall) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software) SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (lxda_device) -- C:\Windows\SysNative\lxdacoms.exe ( ) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Autodesk Licensing Service) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated) SRV - (WlanWpsSvc) -- C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe () SRV - (mi-raysat_3dsMax2009_32) -- C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe () SRV - (lxda_device) -- C:\Windows\SysWow64\lxdacoms.exe ( ) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (aswFW) -- C:\Windows\SysNative\drivers\aswFW.sys (AVAST Software) DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswNdis2) -- C:\Windows\SysNative\drivers\aswNdis2.sys (AVAST Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software) DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\drivers\aswNdis.sys (ALWIL Software) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Dnetr7364) -- C:\Windows\SysNative\drivers\Dnetr7364.sys (Ralink Technology, Corp.) DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (anodlwf) -- C:\Windows\SysNative\drivers\anodlwfx.sys () DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4017242201-520085593-3607815517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-4017242201-520085593-3607815517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4017242201-520085593-3607815517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKU\S-1-5-21-4017242201-520085593-3607815517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 DE B7 F4 19 9E CB 01 [binary data] IE - HKU\S-1-5-21-4017242201-520085593-3607815517-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) IE - HKU\S-1-5-21-4017242201-520085593-3607815517-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found IE - HKU\S-1-5-21-4017242201-520085593-3607815517-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found IE - HKU\S-1-5-21-4017242201-520085593-3607815517-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.01.06 18:44:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.28 18:57:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.23 22:30:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.23 22:30:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ich\AppData\Roaming\mozilla\Extensions [2012.02.23 22:30:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.02.16 15:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.16 11:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ich\AppData\Local\Google\Chrome\Application\17.0.963.46\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Ich\AppData\Local\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ich\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Google Update (Enabled) = C:\Users\Ich\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Offline Google Mail = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.13_0\ CHR - Extension: Skype Click to Call = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O2 - BHO: (no name) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No CLSID value found. O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKU\S-1-5-21-4017242201-520085593-3607815517-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4017242201-520085593-3607815517-1000..\Run: [Spyware Doctor] D:\Lisa\Desktop\sdsetup_revwire207.exe -min File not found O4 - HKU\S-1-5-21-4017242201-520085593-3607815517-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-4017242201-520085593-3607815517-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KatMouse.lnk = C:\Program Files (x86)\KatMouse\KatMouse.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ich\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ich\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82511DE8-2EE9-4F45-8480-992A63B24536}: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skyline - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skyline {3a4f9195-65a8-11d5-85c1-0001023952c1} - C:\Program Files (x86)\Skyline\TerraExplorer\TerraExplorerX.dll File not found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.12.28 21:37:21 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O33 - MountPoints2\{4cadffb4-e09c-11e0-8dba-1c6f6582f881}\Shell - "" = AutoRun O33 - MountPoints2\{4cadffb4-e09c-11e0-8dba-1c6f6582f881}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{6c3e348c-2669-11e1-b685-1c6f6582f881}\Shell - "" = AutoRun O33 - MountPoints2\{6c3e348c-2669-11e1-b685-1c6f6582f881}\Shell\AutoRun\command - "" = E:\Startme.exe O33 - MountPoints2\{d12c0738-111a-11e0-80bd-1c6f6582f881}\Shell - "" = AutoRun O33 - MountPoints2\{d12c0738-111a-11e0-80bd-1c6f6582f881}\Shell\AutoRun\command - "" = F:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^Ich^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^Users^Ich^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - () MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeBridge - hkey= - key= - C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe (Adobe Systems, Inc.) MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe_ID0ENQBO - hkey= - key= - C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: chromium - hkey= - key= - File not found MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Sony Ericsson PC Companion - hkey= - key= - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {2E62F19C-0984-0365-7134-22A47B7514B3} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {577BCB9C-2179-1FC5-D3B2-830658F23AC1} - Browser Customizations ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {8CFD4763-D3A5-B4DD-9936-6348479355BB} - Microsoft Windows Media Player ActiveX:64bit: {8E7D4110-11DC-62BA-475E-9555AE18E7D7} - Browser Customizations ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C794A32D-517E-2119-491F-EB6ADF47FA91} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CB2DB6CC-7369-191C-02D2-E08364ED1B80} - Offline Browsing Pack ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {015D4C68-9359-9217-83D6-24C5163B3758} - Microsoft Windows Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3B636EF0-80FA-6C09-8E75-B8FCCF457C1F} - Internet Explorer ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {971CB01D-12D1-C120-30C1-9BDD2B2DD1B7} - Java (Sun) ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E60CD55A-2003-F72D-0E7E-68AED354BA3B} - Microsoft VM ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.02.23 22:30:23 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Mozilla [2012.02.23 22:30:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.02.23 20:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2012.02.22 23:17:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.02.22 23:10:50 | 002,322,184 | ---- | C] (ESET) -- D:\Lisa\Desktop\esetsmartinstaller_enu.exe [2012.02.22 20:58:14 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Malwarebytes [2012.02.22 20:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.22 20:58:06 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.02.22 20:58:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.02.21 22:26:51 | 000,000,000 | ---D | C] -- D:\Lisa\Desktop\GrooveDown_Downloads [2012.02.21 22:25:48 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Groovedown [2012.02.20 13:29:07 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\ProgSense [2012.02.20 13:29:00 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\GrabPro [2012.02.20 13:29:00 | 000,000,000 | ---D | C] -- C:\downloads [2012.02.20 13:28:58 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Orbit [2012.02.14 19:28:07 | 000,000,000 | ---D | C] -- D:\Lisa\Eigene Dokumente\OneNote-Notizbücher [2012.02.14 19:08:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2012.02.14 18:09:22 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Local\Apps [2012.02.13 23:46:45 | 000,000,000 | ---D | C] -- C:\Users\Ich\Calibre Bibliothek [2012.02.13 23:46:44 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\calibre [2012.02.13 23:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2 [2012.02.13 23:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management [2012.02.13 23:34:09 | 000,000,000 | ---D | C] -- D:\Lisa\Eigene Dokumente\Vuze Downloads [2012.02.13 23:27:17 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\Azureus [2012.02.13 23:26:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze [2012.02.13 23:12:22 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\eBookConverter [2012.02.13 23:12:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eBookConverter [2012.02.13 20:46:31 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\AdobeUM [2012.02.13 20:38:09 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\GetRightToGo [2012.02.13 12:37:53 | 000,000,000 | ---D | C] -- D:\Lisa\Eigene Dokumente\My Digital Editions [2012.02.13 12:35:17 | 000,000,000 | ---D | C] -- D:\Lisa\Eigene Dokumente\E-Books [2012.01.28 19:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2012.01.28 18:58:42 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Local\DDMSettings [2012.01.28 18:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2012.01.28 18:57:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared [2012.01.28 11:03:18 | 000,000,000 | ---D | C] -- C:\Users\Ich\AppData\Roaming\RealNetworks [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.23 22:50:33 | 000,015,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.23 22:50:33 | 000,015,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.23 22:47:38 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.02.23 22:47:38 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.02.23 22:47:38 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.02.23 22:47:38 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.02.23 22:47:38 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.02.23 22:43:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.23 22:43:07 | 4292,239,358 | -HS- | M] () -- C:\hiberfil.sys [2012.02.23 22:30:17 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.02.23 20:55:03 | 001,857,954 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB [2012.02.23 19:18:08 | 000,001,615 | ---- | M] () -- D:\Lisa\Desktop\Digital Edition.lnk [2012.02.23 18:34:40 | 000,230,196 | ---- | M] () -- D:\Lisa\Desktop\screenshot eset finish.jpg [2012.02.22 23:10:55 | 002,322,184 | ---- | M] (ESET) -- D:\Lisa\Desktop\esetsmartinstaller_enu.exe [2012.02.22 22:50:29 | 001,101,824 | ---- | M] () -- D:\Lisa\Desktop\Vorlage Blau A4hoch.indd [2012.02.22 20:58:07 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.21 22:25:51 | 000,000,885 | ---- | M] () -- D:\Lisa\Desktop\Groovedown.lnk [2012.02.16 10:37:08 | 003,023,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.02.14 20:56:56 | 000,001,358 | ---- | M] () -- C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2012.02.13 20:49:32 | 000,001,153 | ---- | M] () -- C:\Users\Public\Documents\AcRdS7_0_0.pnd [2012.02.13 11:21:23 | 000,132,262 | ---- | M] () -- D:\Lisa\Desktop\Entspannung und Streß-Bewältigung.pdf [2012.01.28 19:58:55 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.23 22:30:17 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.02.23 22:30:17 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.02.23 20:54:56 | 001,857,954 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB [2012.02.23 19:18:08 | 000,001,615 | ---- | C] () -- D:\Lisa\Desktop\Digital Edition.lnk [2012.02.23 18:34:40 | 000,230,196 | ---- | C] () -- D:\Lisa\Desktop\screenshot eset finish.jpg [2012.02.22 20:58:07 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.22 00:04:08 | 001,101,824 | ---- | C] () -- D:\Lisa\Desktop\Vorlage Blau A4hoch.indd [2012.02.21 22:25:51 | 000,000,885 | ---- | C] () -- D:\Lisa\Desktop\Groovedown.lnk [2012.02.14 20:56:56 | 000,001,358 | ---- | C] () -- C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2012.02.13 23:26:48 | 000,001,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk [2012.02.13 20:49:32 | 000,001,153 | ---- | C] () -- C:\Users\Public\Documents\AcRdS7_0_0.pnd [2012.02.13 11:21:23 | 000,132,262 | ---- | C] () -- D:\Lisa\Desktop\Entspannung und Streß-Bewältigung.pdf [2011.08.11 18:04:31 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini [2011.07.01 14:01:16 | 000,006,144 | ---- | C] () -- C:\Users\Ich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.03 11:19:03 | 000,000,206 | ---- | C] () -- C:\Windows\Lexstat.ini [2011.01.26 19:24:18 | 000,007,602 | ---- | C] () -- C:\Users\Ich\AppData\Local\Resmon.ResmonCfg [2011.01.11 20:11:31 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdaserv.dll [2011.01.11 20:11:31 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdausb1.dll [2011.01.11 20:11:31 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdahbn3.dll [2011.01.11 20:11:31 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdacomc.dll [2011.01.11 20:11:31 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdapmui.dll [2011.01.11 20:11:31 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdalmpm.dll [2011.01.11 20:11:31 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdacoms.exe [2011.01.11 20:11:31 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdacomm.dll [2011.01.11 20:11:31 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxdautil.dll [2011.01.11 20:11:31 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdainpa.dll [2011.01.11 20:11:31 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdaiesc.dll [2011.01.11 20:11:31 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdaih.exe [2011.01.11 20:11:31 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdacfg.exe [2011.01.11 20:11:31 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXDAinst.dll [2011.01.11 20:11:31 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdappls.exe [2011.01.11 20:11:31 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdaprox.dll [2011.01.11 20:11:31 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdapplc.dll [2010.12.26 22:21:18 | 000,000,000 | ---- | C] () -- C:\Windows\plugin.ini [2010.12.26 16:59:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.12.18 19:53:39 | 000,000,271 | ---- | C] () -- C:\Windows\lgfwup.ini ========== LOP Check ========== [2011.05.25 22:11:47 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\.minecraft [2010.12.28 22:16:54 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Autodesk [2012.02.20 17:17:00 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Azureus [2012.02.14 00:10:27 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\calibre [2012.02.23 13:48:43 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Canon [2010.12.26 21:21:32 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\DAEMON Tools Lite [2012.01.08 19:47:19 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\DVDVideoSoft [2011.09.15 20:47:59 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\DVDVideoSoftIEHelpers [2012.02.13 23:12:22 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\eBookConverter [2012.02.13 20:41:36 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\GetRightToGo [2011.06.18 12:16:45 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\go [2012.02.20 13:29:00 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\GrabPro [2012.02.21 22:25:49 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Groovedown [2011.03.20 23:43:14 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\gtk-2.0 [2012.01.04 16:50:43 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\inkscape [2012.01.06 15:54:42 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\IrfanView [2010.12.17 20:26:02 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\JAM Software [2011.11.21 14:55:21 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Mael [2011.11.21 14:22:35 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\NetMeter [2012.01.23 16:24:08 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Notepad++ [2010.12.17 20:33:35 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\OpenOffice.org [2010.12.17 20:12:10 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Opera [2012.02.21 18:08:51 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Orbit [2012.02.20 13:29:07 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\ProgSense [2010.12.17 20:31:24 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Scribus [2011.05.16 11:14:45 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Softplicity [2011.06.15 19:53:38 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\XnView [2012.01.27 16:39:49 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.05.25 22:11:47 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\.minecraft [2012.02.13 13:22:15 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Adobe [2012.02.13 20:46:31 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\AdobeUM [2010.12.28 22:16:54 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Autodesk [2012.02.20 17:17:00 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Azureus [2012.02.14 00:10:27 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\calibre [2012.02.23 13:48:43 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Canon [2011.05.19 09:31:47 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\CyberLink [2010.12.26 21:21:32 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\DAEMON Tools Lite [2011.03.31 17:08:05 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\DivX [2012.01.08 19:47:19 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\DVDVideoSoft [2011.09.15 20:47:59 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\DVDVideoSoftIEHelpers [2012.02.13 23:12:22 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\eBookConverter [2012.02.13 20:41:36 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\GetRightToGo [2011.06.18 12:16:45 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\go [2010.12.26 20:15:36 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Google [2012.02.20 13:29:00 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\GrabPro [2012.02.21 22:25:49 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Groovedown [2011.03.20 23:43:14 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\gtk-2.0 [2010.12.15 01:35:55 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Identities [2012.01.04 16:50:43 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\inkscape [2010.12.18 21:07:57 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\InstallShield [2012.01.06 15:54:42 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\IrfanView [2010.12.17 20:26:02 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\JAM Software [2010.12.17 20:19:13 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Macromedia [2011.11.21 14:55:21 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Mael [2012.02.22 20:58:14 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Malwarebytes [2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Media Center Programs [2012.01.21 14:56:23 | 000,000,000 | --SD | M] -- C:\Users\Ich\AppData\Roaming\Microsoft [2012.02.23 22:30:23 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Mozilla [2011.11.21 14:22:35 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\NetMeter [2012.01.23 16:24:08 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Notepad++ [2010.12.17 20:33:35 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\OpenOffice.org [2010.12.17 20:12:10 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Opera [2012.02.21 18:08:51 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Orbit [2012.02.20 13:29:07 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\ProgSense [2012.01.06 19:32:37 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Real [2012.01.28 11:03:18 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\RealNetworks [2010.12.17 20:31:24 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Scribus [2012.02.23 22:51:48 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Skype [2011.05.28 15:01:58 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\skypePM [2011.05.16 11:14:45 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Softplicity [2012.01.06 19:33:59 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\vlc [2012.02.22 00:39:09 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\Winamp [2011.06.15 19:53:38 | 000,000,000 | ---D | M] -- C:\Users\Ich\AppData\Roaming\XnView < %APPDATA%\*.exe /s > [2012.02.13 23:28:08 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Ich\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe [2012.02.21 22:25:49 | 000,903,168 | ---- | M] () -- C:\Users\Ich\AppData\Roaming\Groovedown\GrooveDown_Start.exe [2008.05.29 07:03:08 | 000,037,176 | ---- | M] () -- C:\Users\Ich\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2012.02.13 12:36:27 | 000,117,427 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Ich\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe [2011.10.25 13:31:31 | 008,107,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Ich\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2010.12.26 21:44:48 | 000,010,134 | R--- | M] () -- C:\Users\Ich\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2011.12.07 21:09:56 | 000,315,512 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Ich\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.01\pnup0.exe [2011.11.27 20:30:58 | 000,315,512 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Ich\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.01\rnupgagent.exe [2011.12.14 16:38:14 | 026,922,432 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Ich\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.01\stub_data\RealPlayer.exe [2011.11.28 10:08:55 | 000,713,472 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Ich\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.01\stub_exe\RealPlayer.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 246 bytes -> C:\ProgramData\Temp:9A870F8B @Alternate Data Stream - 177 bytes -> C:\Users\Ich\AppData\Local\Temp:SL_{42726572-7361-6369-352e-30312e303032} @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2 < End of report > Geändert von Soapace (23.02.2012 um 23:28 Uhr) |
24.02.2012, 10:59 | #10 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir"Zitat:
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten!
__________________ Logfiles bitte immer in CODE-Tags posten |
24.02.2012, 11:31 | #11 |
| Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" Ich sag mal nicht das ichs mach, aber rein theoretisch könnte es sein das es ansonsten für bestimmte sachen keine legale alternative gibt in europa. Aber ich werde ein auge darauf werfen. Sollte der pc jetzt wieder sauber und sicher sein? Danke für die hilfe bis jetzt. |
24.02.2012, 12:01 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) IE - HKU\S-1-5-21-4017242201-520085593-3607815517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://at.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4017242201-520085593-3607815517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKU\S-1-5-21-4017242201-520085593-3607815517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 DE B7 F4 19 9E CB 01 [binary data] IE - HKU\S-1-5-21-4017242201-520085593-3607815517-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O2 - BHO: (no name) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No CLSID value found. O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) O4 - HKU\S-1-5-21-4017242201-520085593-3607815517-1000..\Run: [Spyware Doctor] D:\Lisa\Desktop\sdsetup_revwire207.exe -min File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-4017242201-520085593-3607815517-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.12.28 21:37:21 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O33 - MountPoints2\{4cadffb4-e09c-11e0-8dba-1c6f6582f881}\Shell - "" = AutoRun O33 - MountPoints2\{4cadffb4-e09c-11e0-8dba-1c6f6582f881}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{6c3e348c-2669-11e1-b685-1c6f6582f881}\Shell - "" = AutoRun O33 - MountPoints2\{6c3e348c-2669-11e1-b685-1c6f6582f881}\Shell\AutoRun\command - "" = E:\Startme.exe O33 - MountPoints2\{d12c0738-111a-11e0-80bd-1c6f6582f881}\Shell - "" = AutoRun O33 - MountPoints2\{d12c0738-111a-11e0-80bd-1c6f6582f881}\Shell\AutoRun\command - "" = F:\Setup.exe @Alternate Data Stream - 246 bytes -> C:\ProgramData\Temp:9A870F8B @Alternate Data Stream - 177 bytes -> C:\Users\Ich\AppData\Local\Temp:SL_{42726572-7361-6369-352e-30312e303032} @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2 :Commands [emptytemp] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
24.02.2012, 13:41 | #13 |
| Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" Weisst du zufällig ob die "contribute.dll" datei von adobe wichtig ist? Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully. C:\Program Files (x86)\Winload\prxtbWinl.dll moved successfully. HKU\S-1-5-21-4017242201-520085593-3607815517-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully! HKU\S-1-5-21-4017242201-520085593-3607815517-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully! HKU\S-1-5-21-4017242201-520085593-3607815517-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-4017242201-520085593-3607815517-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found. File C:\Program Files (x86)\Winload\prxtbWinl.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{074C1DC5-9320-4A9A-947D-C042949C6216}\ deleted successfully. C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully. C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found. File C:\Program Files (x86)\Winload\prxtbWinl.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. File C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found. File C:\Program Files (x86)\Winload\prxtbWinl.dll not found. Registry value HKEY_USERS\S-1-5-21-4017242201-520085593-3607815517-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Spyware Doctor deleted successfully. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-21-4017242201-520085593-3607815517-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cadffb4-e09c-11e0-8dba-1c6f6582f881}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4cadffb4-e09c-11e0-8dba-1c6f6582f881}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cadffb4-e09c-11e0-8dba-1c6f6582f881}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4cadffb4-e09c-11e0-8dba-1c6f6582f881}\ not found. File "E:\WD SmartWare.exe" autoplay=true not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c3e348c-2669-11e1-b685-1c6f6582f881}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c3e348c-2669-11e1-b685-1c6f6582f881}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c3e348c-2669-11e1-b685-1c6f6582f881}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c3e348c-2669-11e1-b685-1c6f6582f881}\ not found. File E:\Startme.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d12c0738-111a-11e0-80bd-1c6f6582f881}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d12c0738-111a-11e0-80bd-1c6f6582f881}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d12c0738-111a-11e0-80bd-1c6f6582f881}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d12c0738-111a-11e0-80bd-1c6f6582f881}\ not found. File F:\Setup.exe not found. ADS C:\ProgramData\Temp:9A870F8B deleted successfully. ADS C:\Users\Ich\AppData\Local\Temp:SL_{42726572-7361-6369-352e-30312e303032} deleted successfully. ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Ich ->Temp folder emptied: 8317788 bytes ->Temporary Internet Files folder emptied: 1340749 bytes ->Java cache emptied: 563964 bytes ->FireFox cache emptied: 91211662 bytes ->Google Chrome cache emptied: 40851771 bytes ->Opera cache emptied: 208 bytes ->Flash cache emptied: 8275051 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 537520 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1116360 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50568 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 145,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.33.2 log created on 02242012_131954 Files\Folders moved on Reboot... C:\Users\Ich\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... |
24.02.2012, 15:27 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
24.02.2012, 16:55 | #15 |
| Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir"Code:
ATTFilter 17:10:11.0724 4608 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49 17:10:11.0818 4608 ============================================================ 17:10:11.0818 4608 Current date / time: 2012/02/24 17:10:11.0818 17:10:11.0818 4608 SystemInfo: 17:10:11.0818 4608 17:10:11.0818 4608 OS Version: 6.1.7601 ServicePack: 1.0 17:10:11.0818 4608 Product type: Workstation 17:10:11.0818 4608 ComputerName: ICH-PC 17:10:11.0818 4608 UserName: Ich 17:10:11.0818 4608 Windows directory: C:\Windows 17:10:11.0818 4608 System windows directory: C:\Windows 17:10:11.0818 4608 Running under WOW64 17:10:11.0818 4608 Processor architecture: Intel x64 17:10:11.0818 4608 Number of processors: 4 17:10:11.0818 4608 Page size: 0x1000 17:10:11.0818 4608 Boot type: Normal boot 17:10:11.0818 4608 ============================================================ 17:10:12.0832 4608 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:10:12.0832 4608 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 17:10:16.0529 4608 \Device\Harddisk0\DR0: 17:10:16.0545 4608 MBR used 17:10:16.0545 4608 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 17:10:16.0545 4608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1451E000 17:10:16.0545 4608 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x14550800, BlocksNum 0x25E34800 17:10:16.0545 4608 \Device\Harddisk1\DR1: 17:10:16.0545 4608 MBR used 17:10:16.0545 4608 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82 17:10:16.0654 4608 Initialize success 17:10:16.0654 4608 ============================================================ 17:11:15.0481 5096 ============================================================ 17:11:15.0481 5096 Scan started 17:11:15.0481 5096 Mode: Manual; SigCheck; TDLFS; 17:11:15.0481 5096 ============================================================ 17:11:16.0074 5096 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 17:11:16.0183 5096 1394ohci - ok 17:11:16.0215 5096 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 17:11:16.0246 5096 ACPI - ok 17:11:16.0293 5096 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 17:11:16.0324 5096 AcpiPmi - ok 17:11:16.0371 5096 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys 17:11:16.0417 5096 adfs - ok 17:11:16.0449 5096 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 17:11:16.0464 5096 adp94xx - ok 17:11:16.0480 5096 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 17:11:16.0480 5096 adpahci - ok 17:11:16.0511 5096 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 17:11:16.0542 5096 adpu320 - ok 17:11:16.0589 5096 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 17:11:16.0636 5096 AFD - ok 17:11:16.0683 5096 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 17:11:16.0714 5096 agp440 - ok 17:11:16.0745 5096 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 17:11:16.0761 5096 aliide - ok 17:11:16.0792 5096 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 17:11:16.0807 5096 amdide - ok 17:11:16.0839 5096 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 17:11:16.0870 5096 AmdK8 - ok 17:11:16.0870 5096 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 17:11:16.0901 5096 AmdPPM - ok 17:11:16.0932 5096 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys 17:11:16.0963 5096 amdsata - ok 17:11:16.0979 5096 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 17:11:16.0995 5096 amdsbs - ok 17:11:17.0026 5096 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys 17:11:17.0026 5096 amdxata - ok 17:11:17.0057 5096 anodlwf (4ccf421e6c4b2a4cbce000715911f7cc) C:\Windows\system32\DRIVERS\anodlwfx.sys 17:11:17.0088 5096 anodlwf - ok 17:11:17.0151 5096 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 17:11:17.0213 5096 AppID - ok 17:11:17.0244 5096 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 17:11:17.0260 5096 arc - ok 17:11:17.0275 5096 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 17:11:17.0291 5096 arcsas - ok 17:11:17.0307 5096 aswFsBlk (c7c69ed14a7ddecaf58e3dfd1fca6d37) C:\Windows\system32\drivers\aswFsBlk.sys 17:11:17.0322 5096 aswFsBlk - ok 17:11:17.0369 5096 aswFW (baa236e2e146b864803c9b4a5aa65816) C:\Windows\system32\drivers\aswFW.sys 17:11:17.0385 5096 aswFW - ok 17:11:17.0431 5096 aswKbd (29ec2fb2d3a5d2177ef6ba600e0305ae) C:\Windows\system32\drivers\aswKbd.sys 17:11:17.0447 5096 aswKbd - ok 17:11:17.0494 5096 aswMonFlt (ad5276449159ba8d5206c6094c764249) C:\Windows\system32\drivers\aswMonFlt.sys 17:11:17.0509 5096 aswMonFlt - ok 17:11:17.0556 5096 aswNdis (518b8d447a1975ab46da093a2e743256) C:\Windows\system32\DRIVERS\aswNdis.sys 17:11:17.0556 5096 aswNdis - ok 17:11:17.0587 5096 aswNdis2 (b33e66eb8b76a818aee08e4e6d9a11ea) C:\Windows\system32\drivers\aswNdis2.sys 17:11:17.0603 5096 aswNdis2 - ok 17:11:17.0619 5096 aswRdr (1e5ca4c89227df49c5fc779e7848ae8b) C:\Windows\System32\Drivers\aswrdr2.sys 17:11:17.0634 5096 aswRdr - ok 17:11:17.0728 5096 aswSnx (45ad1ed2a0ccd582e32b10535f5c42e9) C:\Windows\system32\drivers\aswSnx.sys 17:11:17.0759 5096 aswSnx - ok 17:11:17.0790 5096 aswSP (06fd751c1b15734e57df09614602be66) C:\Windows\system32\drivers\aswSP.sys 17:11:17.0806 5096 aswSP - ok 17:11:17.0837 5096 aswTdi (bf670f65762ff8da7615d7b80914c0f8) C:\Windows\system32\drivers\aswTdi.sys 17:11:17.0837 5096 aswTdi - ok 17:11:17.0868 5096 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 17:11:17.0993 5096 AsyncMac - ok 17:11:18.0009 5096 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 17:11:18.0040 5096 atapi - ok 17:11:18.0071 5096 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys 17:11:18.0071 5096 AtiPcie - ok 17:11:18.0149 5096 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 17:11:18.0180 5096 b06bdrv - ok 17:11:18.0211 5096 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 17:11:18.0243 5096 b57nd60a - ok 17:11:18.0274 5096 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 17:11:18.0321 5096 Beep - ok 17:11:18.0352 5096 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 17:11:18.0367 5096 blbdrive - ok 17:11:18.0399 5096 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 17:11:18.0445 5096 bowser - ok 17:11:18.0461 5096 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 17:11:18.0508 5096 BrFiltLo - ok 17:11:18.0523 5096 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 17:11:18.0555 5096 BrFiltUp - ok 17:11:18.0570 5096 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 17:11:18.0601 5096 Brserid - ok 17:11:18.0617 5096 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 17:11:18.0648 5096 BrSerWdm - ok 17:11:18.0679 5096 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 17:11:18.0726 5096 BrUsbMdm - ok 17:11:18.0726 5096 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 17:11:18.0757 5096 BrUsbSer - ok 17:11:18.0789 5096 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 17:11:18.0820 5096 BTHMODEM - ok 17:11:18.0867 5096 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 17:11:18.0913 5096 cdfs - ok 17:11:18.0960 5096 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 17:11:19.0007 5096 cdrom - ok 17:11:19.0054 5096 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 17:11:19.0101 5096 circlass - ok 17:11:19.0132 5096 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 17:11:19.0147 5096 CLFS - ok 17:11:19.0194 5096 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 17:11:19.0241 5096 CmBatt - ok 17:11:19.0272 5096 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 17:11:19.0272 5096 cmdide - ok 17:11:19.0319 5096 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 17:11:19.0350 5096 CNG - ok 17:11:19.0381 5096 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 17:11:19.0381 5096 Compbatt - ok 17:11:19.0413 5096 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 17:11:19.0444 5096 CompositeBus - ok 17:11:19.0475 5096 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 17:11:19.0491 5096 crcdisk - ok 17:11:19.0537 5096 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 17:11:19.0584 5096 CSC - ok 17:11:19.0631 5096 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 17:11:19.0678 5096 DfsC - ok 17:11:19.0709 5096 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 17:11:19.0725 5096 discache - ok 17:11:19.0756 5096 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 17:11:19.0771 5096 Disk - ok 17:11:19.0818 5096 Dnetr7364 (93a240fd4c133d1ed7ccf829159c4b78) C:\Windows\system32\DRIVERS\Dnetr7364.sys 17:11:19.0865 5096 Dnetr7364 - ok 17:11:19.0927 5096 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 17:11:19.0959 5096 drmkaud - ok 17:11:20.0005 5096 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 17:11:20.0037 5096 DXGKrnl - ok 17:11:20.0115 5096 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 17:11:20.0224 5096 ebdrv - ok 17:11:20.0286 5096 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 17:11:20.0333 5096 elxstor - ok 17:11:20.0349 5096 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 17:11:20.0380 5096 ErrDev - ok 17:11:20.0395 5096 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 17:11:20.0427 5096 exfat - ok 17:11:20.0551 5096 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 17:11:20.0629 5096 fastfat - ok 17:11:20.0645 5096 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 17:11:20.0676 5096 fdc - ok 17:11:20.0692 5096 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 17:11:20.0707 5096 FileInfo - ok 17:11:20.0707 5096 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 17:11:20.0739 5096 Filetrace - ok 17:11:20.0848 5096 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 17:11:20.0879 5096 flpydisk - ok 17:11:20.0910 5096 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 17:11:20.0926 5096 FltMgr - ok 17:11:20.0941 5096 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 17:11:20.0957 5096 FsDepends - ok 17:11:20.0973 5096 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 17:11:20.0988 5096 Fs_Rec - ok 17:11:21.0004 5096 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 17:11:21.0051 5096 fvevol - ok 17:11:21.0066 5096 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 17:11:21.0097 5096 gagp30kx - ok 17:11:21.0113 5096 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 17:11:21.0144 5096 hcw85cir - ok 17:11:21.0191 5096 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 17:11:21.0207 5096 HdAudAddService - ok 17:11:21.0253 5096 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 17:11:21.0285 5096 HDAudBus - ok 17:11:21.0300 5096 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 17:11:21.0316 5096 HidBatt - ok 17:11:21.0331 5096 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 17:11:21.0363 5096 HidBth - ok 17:11:21.0378 5096 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 17:11:21.0394 5096 HidIr - ok 17:11:21.0456 5096 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 17:11:21.0503 5096 HidUsb - ok 17:11:21.0519 5096 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 17:11:21.0534 5096 HpSAMD - ok 17:11:21.0581 5096 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 17:11:21.0628 5096 HTTP - ok 17:11:21.0659 5096 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 17:11:21.0675 5096 hwpolicy - ok 17:11:21.0675 5096 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 17:11:21.0690 5096 i8042prt - ok 17:11:21.0737 5096 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 17:11:21.0737 5096 iaStorV - ok 17:11:21.0768 5096 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 17:11:21.0784 5096 iirsp - ok 17:11:21.0893 5096 IntcAzAudAddService (a0c2c3d4c03c4fb896cfc53873784178) C:\Windows\system32\drivers\RTKVHD64.sys 17:11:21.0971 5096 IntcAzAudAddService - ok 17:11:22.0002 5096 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 17:11:22.0018 5096 intelide - ok 17:11:22.0049 5096 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 17:11:22.0096 5096 intelppm - ok 17:11:22.0127 5096 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:11:22.0189 5096 IpFilterDriver - ok 17:11:22.0221 5096 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 17:11:22.0221 5096 IPMIDRV - ok 17:11:22.0267 5096 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 17:11:22.0330 5096 IPNAT - ok 17:11:22.0361 5096 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 17:11:22.0377 5096 IRENUM - ok 17:11:22.0408 5096 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 17:11:22.0423 5096 isapnp - ok 17:11:22.0470 5096 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 17:11:22.0501 5096 iScsiPrt - ok 17:11:22.0517 5096 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 17:11:22.0533 5096 kbdclass - ok 17:11:22.0595 5096 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 17:11:22.0626 5096 kbdhid - ok 17:11:22.0657 5096 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 17:11:22.0673 5096 KSecDD - ok 17:11:22.0689 5096 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 17:11:22.0704 5096 KSecPkg - ok 17:11:22.0735 5096 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 17:11:22.0813 5096 ksthunk - ok 17:11:22.0876 5096 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 17:11:22.0938 5096 lltdio - ok 17:11:22.0954 5096 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 17:11:22.0969 5096 LSI_FC - ok 17:11:22.0985 5096 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 17:11:22.0985 5096 LSI_SAS - ok 17:11:23.0001 5096 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 17:11:23.0016 5096 LSI_SAS2 - ok 17:11:23.0047 5096 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 17:11:23.0047 5096 LSI_SCSI - ok 17:11:23.0079 5096 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 17:11:23.0094 5096 luafv - ok 17:11:23.0172 5096 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys 17:11:23.0188 5096 MBAMProtector - ok 17:11:23.0219 5096 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 17:11:23.0250 5096 megasas - ok 17:11:23.0266 5096 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 17:11:23.0281 5096 MegaSR - ok 17:11:23.0313 5096 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 17:11:23.0359 5096 Modem - ok 17:11:23.0375 5096 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 17:11:23.0391 5096 monitor - ok 17:11:23.0437 5096 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 17:11:23.0437 5096 mouclass - ok 17:11:23.0453 5096 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 17:11:23.0469 5096 mouhid - ok 17:11:23.0500 5096 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 17:11:23.0515 5096 mountmgr - ok 17:11:23.0547 5096 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 17:11:23.0562 5096 mpio - ok 17:11:23.0593 5096 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 17:11:23.0640 5096 mpsdrv - ok 17:11:23.0671 5096 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 17:11:23.0687 5096 MRxDAV - ok 17:11:23.0703 5096 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 17:11:23.0749 5096 mrxsmb - ok 17:11:23.0796 5096 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:11:23.0843 5096 mrxsmb10 - ok 17:11:23.0890 5096 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:11:23.0921 5096 mrxsmb20 - ok 17:11:23.0952 5096 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 17:11:23.0968 5096 msahci - ok 17:11:23.0983 5096 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 17:11:23.0999 5096 msdsm - ok 17:11:24.0030 5096 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 17:11:24.0061 5096 Msfs - ok 17:11:24.0077 5096 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 17:11:24.0108 5096 mshidkmdf - ok 17:11:24.0139 5096 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 17:11:24.0171 5096 msisadrv - ok 17:11:24.0186 5096 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 17:11:24.0249 5096 MSKSSRV - ok 17:11:24.0280 5096 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 17:11:24.0342 5096 MSPCLOCK - ok 17:11:24.0342 5096 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 17:11:24.0389 5096 MSPQM - ok 17:11:24.0420 5096 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 17:11:24.0451 5096 MsRPC - ok 17:11:24.0483 5096 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 17:11:24.0498 5096 mssmbios - ok 17:11:24.0529 5096 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 17:11:24.0561 5096 MSTEE - ok 17:11:24.0576 5096 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 17:11:24.0576 5096 MTConfig - ok 17:11:24.0607 5096 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 17:11:24.0607 5096 Mup - ok 17:11:24.0654 5096 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 17:11:24.0701 5096 NativeWifiP - ok 17:11:24.0732 5096 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 17:11:24.0763 5096 NDIS - ok 17:11:24.0779 5096 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 17:11:24.0810 5096 NdisCap - ok 17:11:24.0826 5096 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 17:11:24.0873 5096 NdisTapi - ok 17:11:24.0904 5096 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 17:11:24.0966 5096 Ndisuio - ok 17:11:24.0997 5096 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 17:11:25.0060 5096 NdisWan - ok 17:11:25.0091 5096 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 17:11:25.0153 5096 NDProxy - ok 17:11:25.0185 5096 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 17:11:25.0247 5096 NetBIOS - ok 17:11:25.0278 5096 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 17:11:25.0341 5096 NetBT - ok 17:11:25.0387 5096 netr7364 (81b8d0c1ce44a7fdbd596b693783950c) C:\Windows\system32\DRIVERS\netr7364.sys 17:11:25.0419 5096 netr7364 - ok 17:11:25.0450 5096 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 17:11:25.0450 5096 nfrd960 - ok 17:11:25.0481 5096 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 17:11:25.0543 5096 Npfs - ok 17:11:25.0559 5096 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 17:11:25.0590 5096 nsiproxy - ok 17:11:25.0637 5096 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 17:11:25.0684 5096 Ntfs - ok 17:11:25.0699 5096 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 17:11:25.0731 5096 Null - ok 17:11:25.0746 5096 nusb3hub (c25cc69829e976c67b34152334eeddd1) C:\Windows\system32\DRIVERS\nusb3hub.sys 17:11:25.0762 5096 nusb3hub - ok 17:11:25.0793 5096 nusb3xhc (20bc4b57a6dba0447adb3b623c200f8e) C:\Windows\system32\DRIVERS\nusb3xhc.sys 17:11:25.0840 5096 nusb3xhc - ok 17:11:26.0089 5096 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys 17:11:26.0370 5096 nvlddmkm - ok 17:11:26.0417 5096 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 17:11:26.0417 5096 nvraid - ok 17:11:26.0448 5096 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 17:11:26.0464 5096 nvstor - ok 17:11:26.0526 5096 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 17:11:26.0557 5096 nv_agp - ok 17:11:26.0589 5096 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 17:11:26.0635 5096 ohci1394 - ok 17:11:26.0667 5096 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 17:11:26.0682 5096 Parport - ok 17:11:26.0729 5096 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 17:11:26.0745 5096 partmgr - ok 17:11:26.0791 5096 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 17:11:26.0807 5096 pci - ok 17:11:26.0838 5096 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 17:11:26.0838 5096 pciide - ok 17:11:26.0869 5096 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 17:11:26.0885 5096 pcmcia - ok 17:11:26.0901 5096 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 17:11:26.0916 5096 pcw - ok 17:11:26.0932 5096 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 17:11:26.0994 5096 PEAUTH - ok 17:11:27.0072 5096 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 17:11:27.0135 5096 PptpMiniport - ok 17:11:27.0150 5096 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 17:11:27.0181 5096 Processor - ok 17:11:27.0197 5096 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 17:11:27.0244 5096 Psched - ok 17:11:27.0275 5096 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys 17:11:27.0275 5096 PxHlpa64 - ok 17:11:27.0322 5096 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 17:11:27.0400 5096 ql2300 - ok 17:11:27.0415 5096 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 17:11:27.0431 5096 ql40xx - ok 17:11:27.0447 5096 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 17:11:27.0478 5096 QWAVEdrv - ok 17:11:27.0493 5096 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 17:11:27.0525 5096 RasAcd - ok 17:11:27.0556 5096 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 17:11:27.0571 5096 RasAgileVpn - ok 17:11:27.0618 5096 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 17:11:27.0649 5096 Rasl2tp - ok 17:11:27.0665 5096 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 17:11:27.0696 5096 RasPppoe - ok 17:11:27.0712 5096 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 17:11:27.0743 5096 RasSstp - ok 17:11:27.0774 5096 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 17:11:27.0805 5096 rdbss - ok 17:11:27.0821 5096 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 17:11:27.0821 5096 rdpbus - ok 17:11:27.0837 5096 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 17:11:27.0868 5096 RDPCDD - ok 17:11:27.0915 5096 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 17:11:27.0930 5096 RDPDR - ok 17:11:27.0930 5096 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 17:11:27.0977 5096 RDPENCDD - ok 17:11:27.0993 5096 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 17:11:28.0024 5096 RDPREFMP - ok 17:11:28.0055 5096 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 17:11:28.0071 5096 RDPWD - ok 17:11:28.0117 5096 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 17:11:28.0133 5096 rdyboost - ok 17:11:28.0164 5096 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 17:11:28.0195 5096 rspndr - ok 17:11:28.0227 5096 RTL8167 (2777226ee8bf50b059d7a7c90177e99c) C:\Windows\system32\DRIVERS\Rt64win7.sys 17:11:28.0242 5096 RTL8167 - ok 17:11:28.0289 5096 RTL8192su (a332db1dac07e95667a57aaeec236c37) C:\Windows\system32\DRIVERS\RTL8192su.sys 17:11:28.0320 5096 RTL8192su - ok 17:11:28.0351 5096 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 17:11:28.0398 5096 s3cap - ok 17:11:28.0429 5096 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 17:11:28.0429 5096 sbp2port - ok 17:11:28.0476 5096 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 17:11:28.0523 5096 scfilter - ok 17:11:28.0554 5096 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 17:11:28.0585 5096 secdrv - ok 17:11:28.0617 5096 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 17:11:28.0617 5096 Serenum - ok 17:11:28.0632 5096 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 17:11:28.0663 5096 Serial - ok 17:11:28.0679 5096 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 17:11:28.0695 5096 sermouse - ok 17:11:28.0726 5096 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 17:11:28.0741 5096 sffdisk - ok 17:11:28.0757 5096 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 17:11:28.0773 5096 sffp_mmc - ok 17:11:28.0788 5096 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 17:11:28.0804 5096 sffp_sd - ok 17:11:28.0835 5096 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 17:11:28.0866 5096 sfloppy - ok 17:11:28.0897 5096 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 17:11:28.0913 5096 SiSRaid2 - ok 17:11:28.0929 5096 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 17:11:28.0944 5096 SiSRaid4 - ok 17:11:28.0960 5096 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 17:11:29.0007 5096 Smb - ok 17:11:29.0069 5096 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 17:11:29.0085 5096 spldr - ok 17:11:29.0163 5096 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys 17:11:29.0163 5096 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb 17:11:29.0178 5096 sptd ( LockedFile.Multi.Generic ) - warning 17:11:29.0178 5096 sptd - detected LockedFile.Multi.Generic (1) 17:11:29.0209 5096 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 17:11:29.0256 5096 srv - ok 17:11:29.0272 5096 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 17:11:29.0303 5096 srv2 - ok 17:11:29.0319 5096 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 17:11:29.0334 5096 srvnet - ok 17:11:29.0397 5096 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 17:11:29.0397 5096 stexstor - ok 17:11:29.0443 5096 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 17:11:29.0459 5096 storflt - ok 17:11:29.0490 5096 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 17:11:29.0506 5096 storvsc - ok 17:11:29.0521 5096 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 17:11:29.0521 5096 swenum - ok 17:11:29.0631 5096 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 17:11:29.0709 5096 Tcpip - ok 17:11:29.0787 5096 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 17:11:29.0818 5096 TCPIP6 - ok 17:11:29.0880 5096 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 17:11:29.0927 5096 tcpipreg - ok 17:11:29.0958 5096 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 17:11:30.0036 5096 TDPIPE - ok 17:11:30.0052 5096 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 17:11:30.0083 5096 TDTCP - ok 17:11:30.0114 5096 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 17:11:30.0145 5096 tdx - ok 17:11:30.0177 5096 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 17:11:30.0208 5096 TermDD - ok 17:11:30.0255 5096 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 17:11:30.0286 5096 tssecsrv - ok 17:11:30.0364 5096 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 17:11:30.0411 5096 TsUsbFlt - ok 17:11:30.0535 5096 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys 17:11:30.0567 5096 TuneUpUtilitiesDrv - ok 17:11:30.0645 5096 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 17:11:30.0707 5096 tunnel - ok 17:11:30.0723 5096 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 17:11:30.0738 5096 uagp35 - ok 17:11:30.0769 5096 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 17:11:30.0832 5096 udfs - ok 17:11:30.0863 5096 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 17:11:30.0879 5096 uliagpkx - ok 17:11:30.0910 5096 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 17:11:30.0941 5096 umbus - ok 17:11:30.0988 5096 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 17:11:31.0035 5096 UmPass - ok 17:11:31.0066 5096 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 17:11:31.0113 5096 usbccgp - ok 17:11:31.0144 5096 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 17:11:31.0159 5096 usbcir - ok 17:11:31.0191 5096 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 17:11:31.0222 5096 usbehci - ok 17:11:31.0253 5096 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys 17:11:31.0253 5096 usbfilter - ok 17:11:31.0300 5096 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 17:11:31.0315 5096 usbhub - ok 17:11:31.0331 5096 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 17:11:31.0347 5096 usbohci - ok 17:11:31.0378 5096 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 17:11:31.0393 5096 usbprint - ok 17:11:31.0425 5096 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 17:11:31.0440 5096 usbscan - ok 17:11:31.0456 5096 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:11:31.0487 5096 USBSTOR - ok 17:11:31.0503 5096 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 17:11:31.0534 5096 usbuhci - ok 17:11:31.0581 5096 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 17:11:31.0596 5096 vdrvroot - ok 17:11:31.0612 5096 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 17:11:31.0643 5096 vga - ok 17:11:31.0643 5096 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 17:11:31.0690 5096 VgaSave - ok 17:11:31.0721 5096 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 17:11:31.0721 5096 vhdmp - ok 17:11:31.0752 5096 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 17:11:31.0752 5096 viaide - ok 17:11:31.0768 5096 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 17:11:31.0783 5096 vmbus - ok 17:11:31.0799 5096 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 17:11:31.0815 5096 VMBusHID - ok 17:11:31.0846 5096 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 17:11:31.0846 5096 volmgr - ok 17:11:31.0893 5096 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 17:11:31.0924 5096 volmgrx - ok 17:11:31.0939 5096 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 17:11:31.0955 5096 volsnap - ok 17:11:31.0986 5096 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 17:11:32.0002 5096 vsmraid - ok 17:11:32.0017 5096 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 17:11:32.0049 5096 vwifibus - ok 17:11:32.0064 5096 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 17:11:32.0095 5096 vwififlt - ok 17:11:32.0127 5096 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 17:11:32.0142 5096 vwifimp - ok 17:11:32.0173 5096 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 17:11:32.0189 5096 WacomPen - ok 17:11:32.0236 5096 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 17:11:32.0298 5096 WANARP - ok 17:11:32.0298 5096 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 17:11:32.0329 5096 Wanarpv6 - ok 17:11:32.0376 5096 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 17:11:32.0392 5096 Wd - ok 17:11:32.0407 5096 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 17:11:32.0423 5096 Wdf01000 - ok 17:11:32.0454 5096 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 17:11:32.0485 5096 WfpLwf - ok 17:11:32.0501 5096 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 17:11:32.0501 5096 WIMMount - ok 17:11:32.0579 5096 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 17:11:32.0626 5096 WinUsb - ok 17:11:32.0673 5096 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 17:11:32.0673 5096 WmiAcpi - ok 17:11:32.0704 5096 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 17:11:32.0735 5096 ws2ifsl - ok 17:11:32.0782 5096 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 17:11:32.0844 5096 WudfPf - ok 17:11:32.0875 5096 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 17:11:32.0922 5096 WUDFRd - ok 17:11:32.0969 5096 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 17:11:33.0094 5096 \Device\Harddisk0\DR0 - ok 17:11:33.0390 5096 MBR (0x1B8) (8464d19686910a2e5d0e5c28c70a95ab) \Device\Harddisk1\DR1 17:11:33.0546 5096 \Device\Harddisk1\DR1 - ok 17:11:33.0546 5096 Boot (0x1200) (6728e7ea117cfa39a184a6d1e3192234) \Device\Harddisk0\DR0\Partition0 17:11:33.0546 5096 \Device\Harddisk0\DR0\Partition0 - ok 17:11:33.0593 5096 Boot (0x1200) (7d1fdaf3e3a72ed63570af9cd1b89854) \Device\Harddisk0\DR0\Partition1 17:11:33.0593 5096 \Device\Harddisk0\DR0\Partition1 - ok 17:11:33.0609 5096 Boot (0x1200) (7b5917fe538b0d448bdf60582a45b037) \Device\Harddisk0\DR0\Partition2 17:11:33.0609 5096 \Device\Harddisk0\DR0\Partition2 - ok 17:11:33.0609 5096 Boot (0x1200) (7e6ec36231fd2dcbb204d1f84237ff43) \Device\Harddisk1\DR1\Partition0 17:11:33.0624 5096 \Device\Harddisk1\DR1\Partition0 - ok 17:11:33.0624 5096 ============================================================ 17:11:33.0624 5096 Scan finished 17:11:33.0624 5096 ============================================================ 17:11:33.0624 3672 Detected object count: 1 17:11:33.0624 3672 Actual detected object count: 1 17:16:42.0595 3672 sptd ( LockedFile.Multi.Generic ) - skipped by user 17:16:42.0595 3672 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 17:17:52.0936 2432 Deinitialize success Geändert von Soapace (24.02.2012 um 17:19 Uhr) |
Themen zu Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir" |
.com, administrator, anti-malware, automatisch, autostart, code, computer, dateien, dateisystem, explorer, firefox, gelöscht, google, heuristiks/extra, heuristiks/shuriken, infizierte, infizierte dateien, malwarebytes, microsoft, pup.vshareredir, redirect, seite, software, speicher, test, virus, windows |