Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Google redirect Virus.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.02.2012, 21:56   #1
Sh0xter
 
Google redirect Virus. - Standard

Google redirect Virus.



Hallo liebe Community,
Ich habe seit 1 -2 Tagen das Problem das Google mich direkt an "meine" Google-Seite weiterleitet wenn ich ein Suchergebnis anklicke.

Bitte um Hilfe

Browser: Nur bei Firefox, Chrome nicht betroffen
Betriebssystem: Windows 7

Alt 01.03.2012, 18:00   #2
markusg
/// Malware-holic
 
Google redirect Virus. - Standard

Google redirect Virus.



hi,
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 01.03.2012, 20:54   #3
Sh0xter
 
Google redirect Virus. - Standard

Google redirect Virus.



Also OTL.txt
Code:
ATTFilter
OTL logfile created on: 01.03.2012 21:39:28 - Run 1
OTL by OldTimer - Version 3.2.34.0     Folder = C:\Users\Eric\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 67,13% Memory free
8,00 Gb Paging File | 6,58 Gb Available in Paging File | 82,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,31 Gb Total Space | 103,80 Gb Free Space | 53,14% Space Free | Partition Type: NTFS
Drive D: | 736,20 Gb Total Space | 456,85 Gb Free Space | 62,06% Space Free | Partition Type: NTFS
 
Computer Name: NEMO | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.01 21:36:37 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.11.30 03:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
PRC - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.10.25 21:28:38 | 000,103,736 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010.10.25 21:28:29 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009.08.24 13:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
PRC - [2009.08.04 16:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.08.04 16:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009.03.20 01:03:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.07.30 17:15:32 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.11.20 17:25:10 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.08.27 13:56:38 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.02.23 12:21:56 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.02.10 21:04:01 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.11.30 03:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe -- (NIS)
SRV - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.12.08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.10.25 21:28:38 | 000,103,736 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010.10.25 21:28:29 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.10.03 14:04:19 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.08.27 14:01:22 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.08.27 13:56:30 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.03.30 10:16:14 | 001,823,112 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Eigene Programme\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.24 13:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009.08.04 16:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.20 01:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.02.10 14:23:12 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.11.24 03:23:47 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011.11.24 02:50:27 | 000,738,936 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011.11.24 02:50:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011.11.17 04:37:59 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symnets.sys -- (SymNetS)
DRV:64bit: - [2011.11.17 04:17:49 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011.11.05 00:59:30 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011.08.09 17:31:40 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011.08.09 17:31:40 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011.08.02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.07.25 19:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symds64.sys -- (SymDS)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.11 22:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010.11.20 17:24:18 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.11.20 17:24:04 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.07.30 14:18:04 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010.07.30 14:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010.07.30 14:18:00 | 000,026,624 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010.07.30 14:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010.07.01 13:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010.02.03 14:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.07.30 12:58:42 | 000,236,544 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.20 03:27:34 | 000,027,136 | R--- | M] (Realtek                                            ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2009.07.17 19:52:00 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.06 04:14:06 | 000,050,688 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0)
DRV:64bit: - [2009.04.06 04:14:06 | 000,050,688 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0)
DRV:64bit: - [2009.03.20 01:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2009.03.20 01:03:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007.12.03 03:20:54 | 000,024,064 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2)
DRV - [2012.03.01 21:25:09 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012.03.01 10:13:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120229.034\ex64.sys -- (NAVEX15)
DRV - [2012.03.01 10:13:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120229.034\eng64.sys -- (NAVENG)
DRV - [2012.02.24 18:50:00 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.02.09 16:32:36 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120229.002\IDSviA64.sys -- (IDSVia64)
DRV - [2012.02.07 06:18:36 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120215.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.02.04 16:35:21 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010.06.09 20:05:40 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2010.06.09 18:58:35 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2009.10.14 06:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=bf&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=1586&gct=hp
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {F5A3672B-590A-4031-94D5-64AB890C4A2B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=bf&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{96F89003-E664-44B4-A9BA-A84427435CDD}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=77b5199e-ce43-4c01-8250-724ee6214142&apn_sauid=87C6DE0D-7580-47DF-80AA-C462188F2309
IE - HKCU\..\SearchScopes\{CE5E3AB7-9CF0-464a-BC68-75308955B28A}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKCU\..\SearchScopes\{F5A3672B-590A-4031-94D5-64AB890C4A2B}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Eigene Programme\Java\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Eigene Programme\ITunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Eigene Programme\Adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Eric\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: D:\Eigene Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.02.15 21:09:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.02.10 14:01:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012.03.01 21:25:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\Eigene Programme\Mozilla Firefox\components [2012.02.17 11:32:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\Eigene Programme\Mozilla Firefox\plugins [2012.01.16 13:35:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Eigene Programme\Mozilla Firefox\components [2012.02.17 11:32:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Eigene Programme\Mozilla Firefox\plugins [2012.01.16 13:35:53 | 000,000,000 | ---D | M]
 
[2010.06.16 13:33:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\mozilla\Extensions
[2011.08.28 17:36:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\mozilla\Firefox\Profiles\Eric\extensions
[2011.06.16 13:48:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Eric\AppData\Roaming\mozilla\Firefox\Profiles\Eric\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.24 14:28:04 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Eric\AppData\Roaming\mozilla\Firefox\Profiles\Eric\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.08.28 17:36:34 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Eric\AppData\Roaming\mozilla\Firefox\Profiles\Eric\extensions\plugin@yontoo.com
[2012.02.28 13:46:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\mozilla\Firefox\Profiles\hnmew9zx.default\extensions
[2011.03.28 21:51:10 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Eric\AppData\Roaming\mozilla\Firefox\Profiles\hnmew9zx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.28 13:46:45 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Eric\AppData\Roaming\mozilla\Firefox\Profiles\hnmew9zx.default\extensions\https-everywhere@eff.org
[2011.07.21 05:02:22 | 000,002,399 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\hnmew9zx.default\searchplugins\askcom.xml
[2012.02.21 14:40:33 | 000,001,056 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\hnmew9zx.default\searchplugins\icqplugin.xml
[2011.03.26 16:57:43 | 000,002,449 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\hnmew9zx.default\searchplugins\safesearch.xml
[2012.02.10 14:01:25 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HNMEW9ZX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HNMEW9ZX.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HNMEW9ZX.DEFAULT\EXTENSIONS\LONGURLPLEASE@DARRAGH.CURRAN.XPI
[2011.03.11 13:28:04 | 000,002,045 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\npcoplgn.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = D:\Eigene Programme\Adobe\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = D:\Eigene Programme\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: BitTorrent (Enabled) = D:\Eigene Programme\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = D:\Eigene Programme\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Eigene Programme\ITunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = D:\Eigene Programme\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = D:\Eigene Programme\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Winamp Application Detector (Enabled) = D:\Eigene Programme\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: getPlusPlus for Adobe 16249 (Enabled) = D:\Eigene Programme\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Eric\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Facemoods = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.6_0\
CHR - Extension: Norton Identity Protection = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\
CHR - Extension: Google Mail = C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Eigene Programme\Java\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll (facemoods.com)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Steam] D:\Eigene Programme\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WallPaper] C:\Users\Eric\Desktop\SharePod DvD VideoSoft,TinyPic, utorrent\Wallpaper Changer\Wallpaper.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Eric\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Eric\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Eric\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Eric\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Eigene Programme\ICQ 7\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Eigene Programme\ICQ 7\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1583628-38CC-487A-B511-DBC062E73743}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1583628-38CC-487A-B511-DBC062E73743}: NameServer = 208.67.220.220,208.67.222.222
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - D:\Eigene Programme\Stardock\Fences\FencesMenu64.dll (Stardock)
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{25d68706-73e7-11df-99a1-6cf049723034}\Shell - "" = AutoRun
O33 - MountPoints2\{25d68706-73e7-11df-99a1-6cf049723034}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{6d264023-3c23-11e0-9eb4-001f3f0d9d50}\Shell - "" = AutoRun
O33 - MountPoints2\{6d264023-3c23-11e0-9eb4-001f3f0d9d50}\Shell\AutoRun\command - "" = F:\RunGame.exe
O33 - MountPoints2\{6d264221-3c23-11e0-9eb4-001f3f0d9d50}\Shell - "" = AutoRun
O33 - MountPoints2\{6d264221-3c23-11e0-9eb4-001f3f0d9d50}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.01 21:36:35 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2012.02.29 20:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.02.29 20:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.02.29 19:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\RegAce
[2012.02.29 19:53:35 | 000,000,000 | ---D | C] -- C:\Windows\RegAce
[2012.02.29 19:30:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.02.29 19:29:27 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012.02.29 19:17:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012.02.29 19:17:47 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.02.28 21:11:32 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Malwarebytes
[2012.02.28 21:10:34 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.28 21:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.28 21:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.28 21:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.19 15:08:23 | 000,000,000 | ---D | C] -- C:\ProgramData\TERA
[2012.02.19 15:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2012.02.18 10:27:33 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Not_Aion_Launcher
[2012.02.13 14:36:59 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\MW3 FoV Changer
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.01 21:36:37 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2012.03.01 21:32:22 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.01 21:32:22 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.01 21:24:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.01 21:24:42 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.01 17:16:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2145099637-878501299-835476887-1000UA.job
[2012.03.01 13:16:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2145099637-878501299-835476887-1000Core.job
[2012.02.28 21:19:34 | 001,963,526 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\Cat.DB
[2012.02.28 21:13:30 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.28 14:51:52 | 000,000,788 | ---- | M] () -- C:\Users\Eric\Documents\aionmemo_24613261.dat
[2012.02.20 18:21:01 | 001,498,562 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.20 18:21:01 | 000,654,108 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.20 18:21:01 | 000,615,990 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.20 18:21:01 | 000,129,980 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.20 18:21:01 | 000,106,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.17 14:24:45 | 000,002,404 | ---- | M] () -- C:\Users\Eric\Desktop\Google Chrome.lnk
[2012.02.16 08:55:06 | 000,414,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.12 22:09:52 | 000,001,460 | ---- | M] () -- C:\Users\Eric\.recently-used.xbel
[2012.02.11 17:42:30 | 000,002,529 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012.02.11 17:41:38 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\VT20111023.023
[2012.02.10 14:23:12 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012.02.10 14:23:12 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012.02.10 14:23:12 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012.02.04 16:45:20 | 000,283,003 | ---- | M] () -- C:\Users\Eric\Documents\ts3_clientui-win64-1327056547-2012-02-04 16_45_19.423806.dmp
 
========== Files Created - No Company Name ==========
 
[2012.02.28 21:10:35 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.12 22:09:52 | 000,001,460 | ---- | C] () -- C:\Users\Eric\.recently-used.xbel
[2012.02.04 16:45:19 | 000,283,003 | ---- | C] () -- C:\Users\Eric\Documents\ts3_clientui-win64-1327056547-2012-02-04 16_45_19.423806.dmp
[2011.09.21 16:37:05 | 000,056,871 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.05.31 07:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011.05.31 07:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.05.30 20:04:49 | 000,007,602 | ---- | C] () -- C:\Users\Eric\AppData\Local\Resmon.ResmonCfg
[2011.02.11 22:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2011.01.26 15:53:39 | 000,001,473 | ---- | C] () -- C:\Users\Eric\AppData\Local\RecConfig.xml
[2010.09.05 15:27:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.28 00:39:37 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.08.28 00:39:33 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.08.15 16:42:55 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2010.08.15 16:42:54 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2010.07.09 20:00:32 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.06.15 23:28:58 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.06.09 17:50:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.06.09 17:40:15 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2010.06.09 17:11:51 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
 
========== LOP Check ==========
 
[2011.12.11 14:51:29 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\.minecraft
[2010.12.17 12:11:12 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Canneverbe Limited
[2011.07.14 15:17:19 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011.07.09 14:02:18 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Command and Conquer 4
[2012.02.29 20:09:33 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\DAEMON Tools Pro
[2010.09.19 20:46:01 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\DeepBurner
[2011.10.04 12:13:11 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Dropbox
[2012.01.17 15:31:07 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\DVDVideoSoft
[2011.09.01 12:01:13 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.22 17:35:36 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\FMZilla
[2010.08.22 18:44:53 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\GetRightToGo
[2011.12.26 15:00:15 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\gtk-2.0
[2011.12.19 14:32:15 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\ICQ
[2010.11.03 19:48:52 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\LolClient
[2011.02.18 22:36:19 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2011.02.18 22:35:29 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Meine Schlacht um Mittelerde 2 Dateien
[2012.02.13 14:36:59 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\MW3 FoV Changer
[2011.10.18 14:32:50 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Neoretix
[2011.02.15 21:10:07 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Nokia
[2010.12.17 12:10:59 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\OpenCandy
[2011.02.15 21:10:08 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\PC Suite
[2011.03.11 23:13:40 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Publish Providers
[2010.09.12 14:03:58 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Screaming Bee
[2010.12.25 13:15:52 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\SharePod
[2011.03.11 23:13:27 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Sony
[2011.10.18 01:44:09 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\SplitMediaLabs
[2011.08.08 12:35:47 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Stardock
[2011.10.19 00:58:54 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\streamripper
[2011.07.22 20:49:33 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TeamViewer
[2011.11.21 17:05:12 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TS3Client
[2010.10.03 14:00:12 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TuneUp Software
[2012.02.29 20:09:30 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\uTorrent
[2011.10.16 20:07:51 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Winsplit Revolution
[2012.02.14 07:04:37 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.06.09 17:10:13 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.02.29 19:52:22 | 000,000,000 | --SD | M] -- C:\32788R22FWJFW
[2011.12.16 09:57:47 | 000,000,000 | -HSD | M] -- C:\Boot
[2010.09.29 17:21:22 | 000,000,000 | ---D | M] -- C:\CFLog
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.06.09 17:10:03 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.12.22 17:36:35 | 000,000,000 | ---D | M] -- C:\Download
[2011.12.22 17:37:07 | 000,000,000 | ---D | M] -- C:\downloads
[2010.10.03 19:18:57 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.09.16 14:40:58 | 000,000,000 | ---D | M] -- C:\Nexon
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.02.29 20:04:51 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.02.29 20:01:55 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.02.29 19:53:47 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.06.09 17:10:03 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.06.09 17:10:03 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.03.01 21:40:55 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.06.09 17:10:08 | 000,000,000 | R--D | M] -- C:\Users
[2012.02.29 20:35:52 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.02.12 22:09:52 | 000,001,460 | ---- | M] () -- C:\Users\Eric\.recently-used.xbel
[2012.03.01 21:45:38 | 003,145,728 | ---- | M] () -- C:\Users\Eric\NTUSER.DAT
[2012.03.01 21:45:37 | 000,262,144 | -HS- | M] () -- C:\Users\Eric\ntuser.dat.LOG1
[2010.06.09 17:10:08 | 000,000,000 | -HS- | M] () -- C:\Users\Eric\ntuser.dat.LOG2
[2011.12.16 09:57:46 | 000,000,000 | -HS- | M] () -- C:\Users\Eric\NTUSER.DAT_tureg_new.LOG1
[2011.12.16 09:57:46 | 000,000,000 | -HS- | M] () -- C:\Users\Eric\NTUSER.DAT_tureg_new.LOG2
[2011.12.15 23:20:41 | 003,145,728 | -HS- | M] () -- C:\Users\Eric\NTUSER.DAT_tureg_old
[2010.06.09 17:14:40 | 000,065,536 | -HS- | M] () -- C:\Users\Eric\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.06.09 17:14:40 | 000,524,288 | -HS- | M] () -- C:\Users\Eric\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.06.09 17:14:40 | 000,524,288 | -HS- | M] () -- C:\Users\Eric\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.12.16 14:26:26 | 000,065,536 | -HS- | M] () -- C:\Users\Eric\NTUSER.DAT{b39dc286-27c3-11e1-a4d1-806e6f6e6963}.TM.blf
[2011.12.16 14:26:26 | 000,524,288 | -HS- | M] () -- C:\Users\Eric\NTUSER.DAT{b39dc286-27c3-11e1-a4d1-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2011.12.16 14:26:26 | 000,524,288 | -HS- | M] () -- C:\Users\Eric\NTUSER.DAT{b39dc286-27c3-11e1-a4d1-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010.06.09 17:10:08 | 000,000,020 | -HS- | M] () -- C:\Users\Eric\ntuser.ini
[2010.06.09 22:15:50 | 000,010,240 | -HS- | M] () -- C:\Users\Eric\Thumbs.db
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >
         
__________________

Alt 01.03.2012, 20:55   #4
Sh0xter
 
Google redirect Virus. - Standard

Google redirect Virus.



Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 01.03.2012 21:39:29 - Run 1
OTL by OldTimer - Version 3.2.34.0     Folder = C:\Users\Eric\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 67,13% Memory free
8,00 Gb Paging File | 6,58 Gb Available in Paging File | 82,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,31 Gb Total Space | 103,80 Gb Free Space | 53,14% Space Free | Partition Type: NTFS
Drive D: | 736,20 Gb Total Space | 456,85 Gb Free Space | 62,06% Space Free | Partition Type: NTFS
 
Computer Name: NEMO | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Eigene Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Eigene Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Eigene Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Eigene Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Eigene Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Eigene Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Eigene Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Eigene Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Eigene Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Eigene Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Eigene Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Eigene Programme\Free Music Zilla\FMZilla.exe" = D:\Eigene Programme\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla -- ()
"D:\Eigene Programme\Free Music Zilla\FMZilla.exe" = D:\Eigene Programme\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{28A0318C-B98D-B6B1-64D1-4E4755A8E668}" = AMD Drag and Drop Transcoding
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.00
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8DF9D3DF-6D03-A04F-217F-F2577D973DBE}" = ATI Catalyst Install Manager
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE0D971F-5430-8874-B09E-3F1C76E2F8FF}" = WMV9/VC-1 Video Playback
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C9378F0F-B547-5506-165D-98F235F11514}" = ATI AVIVO64 Codecs
"{D29E5E5F-47CA-087E-DCBF-FB75171D5B2E}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAE188FD-A941-49E9-A5E9-F6D88517EC40}" = Smart Recovery B09.0911.1  (x64)
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows-Treiberpaket - Nokia Modem  (10/07/2010 4.6)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.8)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0904.1 
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3B19CE3D-C4D3-A873-C5DB-11349E0B62DF}" = HydraVision
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{3F66C4BF-4BD9-FF9C-FA9F-4579F60A33B3}" = Catalyst Control Center Graphics Previews Vista
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B09.0908.1
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{640E4D64-C12F-41C2-B1B6-5968D2463836}" = Xham downloader
"{6B1A1AD8-301F-46A8-9AB3-816AD02EE752}" = XSplit
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller  Driver
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A914AE85-1A36-0575-714C-BF996BDA20C7}" = ccc-core-static
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AE249BA3-2421-3996-5E9A-DF4A9F3551FC}" = Catalyst Control Center InstallProxy
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.06
"{BCD5E313-A159-4A37-8A6C-0A2BFC0DBF1B}" = MorphVOX Pro
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{DB8B49A9-7CF1-34DB-6DF2-1EC41C0FE5E1}" = Catalyst Control Center Graphics Previews Common
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14
"{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B09.0914.01
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1191B7E-84BF-4325-9FFD-80BD8996ED4B}" = MorphVOX Junior
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F308B531-AB20-4A79-8F5E-83071FE5BE60}" = Q-Share Ver.1.2
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Akamai" = Akamai NetSession Interface Service
"AVMWLANCLI" = AVM FRITZ!WLAN
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"DivX Setup.divx.com" = DivX-Setup
"eLicenser Control" = eLicenser Control
"facemoods" = Facemoods Toolbar
"Fences" = Fences
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.718
"Free Music Zilla_is1" = Free Music Zilla
"Free Studio_is1" = Free Studio version 5.0.6
"Free Video Dub_is1" = Free Video Dub version 1.8.12.908
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B09.0908.1
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{FAE188FD-A941-49E9-A5E9-F6D88517EC40}" = Smart Recovery B09.0911.1  (x64)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"NIS" = Norton Internet Security
"Nokia PC Suite" = Nokia PC Suite
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"StarCraft II" = StarCraft II
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 240" = Counter-Strike: Source
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Streamripper" = Streamripper (Remove only)
"TeamViewer 6" = TeamViewer 6
"Tunatic" = Tunatic
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 1.1.2
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Guild Wars" = GUILD WARS
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"NCsoft-AionEU" = Aion
"Warcraft III" = Warcraft III: All Products
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of Report >
         

Alt 02.03.2012, 12:17   #5
markusg
/// Malware-holic
 
Google redirect Virus. - Standard

Google redirect Virus.



öffne Malwarebytes logdateien, poste bitte alle berichte

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.03.2012, 13:13   #6
Sh0xter
 
Google redirect Virus. - Standard

Google redirect Virus.



Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.02.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Eric :: NEMO [Administrator]

Schutz: Aktiviert

02.03.2012 14:03:44
mbam-log-2012-03-02 (14-03-44).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 193150
Laufzeit: 3 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 02.03.2012, 15:30   #7
markusg
/// Malware-holic
 
Google redirect Virus. - Standard

Google redirect Virus.



download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.03.2012, 15:46   #8
Sh0xter
 
Google redirect Virus. - Standard

Google redirect Virus.



Code:
ATTFilter
16:44:24.0766 5164	TDSS rootkit removing tool 2.7.18.0 Mar  2 2012 09:40:07
16:44:25.0429 5164	============================================================
16:44:25.0429 5164	Current date / time: 2012/03/02 16:44:25.0429
16:44:25.0429 5164	SystemInfo:
16:44:25.0429 5164	
16:44:25.0429 5164	OS Version: 6.1.7601 ServicePack: 1.0
16:44:25.0429 5164	Product type: Workstation
16:44:25.0429 5164	ComputerName: NEMO
16:44:25.0429 5164	UserName: Eric
16:44:25.0429 5164	Windows directory: C:\Windows
16:44:25.0429 5164	System windows directory: C:\Windows
16:44:25.0429 5164	Running under WOW64
16:44:25.0429 5164	Processor architecture: Intel x64
16:44:25.0429 5164	Number of processors: 4
16:44:25.0429 5164	Page size: 0x1000
16:44:25.0429 5164	Boot type: Normal boot
16:44:25.0429 5164	============================================================
16:44:27.0798 5164	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:44:27.0814 5164	\Device\Harddisk0\DR0:
16:44:27.0814 5164	MBR used
16:44:27.0814 5164	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x186A0000
16:44:27.0814 5164	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x186A0800, BlocksNum 0x5C065800
16:44:27.0876 5164	Initialize success
16:44:27.0876 5164	============================================================
16:44:34.0609 0900	============================================================
16:44:34.0609 0900	Scan started
16:44:34.0609 0900	Mode: Manual; SigCheck; TDLFS; 
16:44:34.0609 0900	============================================================
16:44:36.0450 0900	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:44:36.0699 0900	1394ohci - ok
16:44:36.0715 0900	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:44:36.0746 0900	ACPI - ok
16:44:36.0762 0900	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:44:36.0887 0900	AcpiPmi - ok
16:44:36.0902 0900	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:44:36.0933 0900	adp94xx - ok
16:44:36.0949 0900	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:44:36.0965 0900	adpahci - ok
16:44:36.0980 0900	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:44:36.0996 0900	adpu320 - ok
16:44:37.0043 0900	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:44:37.0121 0900	AFD - ok
16:44:37.0152 0900	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:44:37.0183 0900	agp440 - ok
16:44:37.0230 0900	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:44:37.0261 0900	aliide - ok
16:44:37.0277 0900	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:44:37.0292 0900	amdide - ok
16:44:37.0308 0900	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:44:37.0370 0900	AmdK8 - ok
16:44:37.0682 0900	amdkmdag        (bbab5b28253fe0fc7255d8775ba05c1d) C:\Windows\system32\DRIVERS\atikmdag.sys
16:44:37.0979 0900	amdkmdag - ok
16:44:38.0072 0900	amdkmdap        (cba35ff4092b91e105d93ed11a0250b6) C:\Windows\system32\DRIVERS\atikmpag.sys
16:44:38.0150 0900	amdkmdap - ok
16:44:38.0166 0900	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:44:38.0228 0900	AmdPPM - ok
16:44:38.0259 0900	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:44:38.0291 0900	amdsata - ok
16:44:38.0322 0900	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:44:38.0337 0900	amdsbs - ok
16:44:38.0353 0900	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:44:38.0353 0900	amdxata - ok
16:44:38.0400 0900	AODDriver - ok
16:44:38.0462 0900	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:44:38.0618 0900	AppID - ok
16:44:38.0634 0900	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:44:38.0634 0900	arc - ok
16:44:38.0665 0900	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:44:38.0681 0900	arcsas - ok
16:44:38.0696 0900	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:44:38.0805 0900	AsyncMac - ok
16:44:38.0821 0900	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:44:38.0837 0900	atapi - ok
16:44:38.0930 0900	atidgllk - ok
16:44:39.0055 0900	avmeject        (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys
16:44:39.0149 0900	avmeject - ok
16:44:39.0305 0900	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:44:39.0539 0900	b06bdrv - ok
16:44:39.0570 0900	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:44:39.0648 0900	b57nd60a - ok
16:44:39.0679 0900	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:44:39.0741 0900	Beep - ok
16:44:40.0163 0900	BHDrvx64        (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120215.001\BHDrvx64.sys
16:44:40.0256 0900	BHDrvx64 - ok
16:44:40.0272 0900	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:44:40.0287 0900	blbdrive - ok
16:44:40.0334 0900	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:44:40.0412 0900	bowser - ok
16:44:40.0428 0900	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:44:40.0475 0900	BrFiltLo - ok
16:44:40.0475 0900	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:44:40.0490 0900	BrFiltUp - ok
16:44:40.0506 0900	BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:44:40.0537 0900	BridgeMP - ok
16:44:40.0553 0900	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:44:40.0584 0900	Brserid - ok
16:44:40.0584 0900	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:44:40.0599 0900	BrSerWdm - ok
16:44:40.0615 0900	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:44:40.0631 0900	BrUsbMdm - ok
16:44:40.0646 0900	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:44:40.0662 0900	BrUsbSer - ok
16:44:40.0662 0900	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:44:40.0677 0900	BTHMODEM - ok
16:44:40.0755 0900	ccSet_NIS       (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys
16:44:40.0818 0900	ccSet_NIS - ok
16:44:40.0833 0900	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:44:40.0865 0900	cdfs - ok
16:44:40.0911 0900	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:44:41.0005 0900	cdrom - ok
16:44:41.0021 0900	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:44:41.0067 0900	circlass - ok
16:44:41.0099 0900	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:44:41.0114 0900	CLFS - ok
16:44:41.0130 0900	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:44:41.0145 0900	CmBatt - ok
16:44:41.0177 0900	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:44:41.0177 0900	cmdide - ok
16:44:41.0223 0900	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:44:41.0286 0900	CNG - ok
16:44:41.0301 0900	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:44:41.0317 0900	Compbatt - ok
16:44:41.0348 0900	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:44:41.0379 0900	CompositeBus - ok
16:44:41.0442 0900	cpuz130 - ok
16:44:41.0598 0900	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:44:41.0723 0900	crcdisk - ok
16:44:41.0769 0900	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:44:41.0863 0900	CSC - ok
16:44:41.0910 0900	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:44:41.0957 0900	DfsC - ok
16:44:41.0972 0900	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:44:42.0003 0900	discache - ok
16:44:42.0019 0900	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:44:42.0019 0900	Disk - ok
16:44:42.0050 0900	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:44:42.0113 0900	drmkaud - ok
16:44:42.0269 0900	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:44:42.0331 0900	DXGKrnl - ok
16:44:42.0331 0900	EagleX64 - ok
16:44:42.0643 0900	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:44:42.0768 0900	ebdrv - ok
16:44:43.0033 0900	eeCtrl          (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:44:43.0080 0900	eeCtrl - ok
16:44:43.0189 0900	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:44:43.0251 0900	elxstor - ok
16:44:43.0314 0900	EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:44:43.0361 0900	EraserUtilRebootDrv - ok
16:44:43.0392 0900	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:44:43.0423 0900	ErrDev - ok
16:44:43.0454 0900	etdrv           (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys
16:44:43.0454 0900	etdrv - ok
16:44:43.0501 0900	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:44:43.0563 0900	exfat - ok
16:44:43.0610 0900	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:44:43.0688 0900	fastfat - ok
16:44:43.0751 0900	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:44:43.0797 0900	fdc - ok
16:44:43.0844 0900	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:44:43.0875 0900	FileInfo - ok
16:44:43.0891 0900	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:44:43.0922 0900	Filetrace - ok
16:44:43.0938 0900	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:44:43.0953 0900	flpydisk - ok
16:44:44.0000 0900	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:44:44.0031 0900	FltMgr - ok
16:44:44.0047 0900	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:44:44.0063 0900	FsDepends - ok
16:44:44.0078 0900	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:44:44.0094 0900	Fs_Rec - ok
16:44:44.0109 0900	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:44:44.0156 0900	fvevol - ok
16:44:44.0187 0900	FWLANUSB        (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys
16:44:44.0250 0900	FWLANUSB - ok
16:44:44.0265 0900	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:44:44.0281 0900	gagp30kx - ok
16:44:44.0297 0900	gdrv            (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
16:44:44.0312 0900	gdrv - ok
16:44:44.0343 0900	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:44:44.0375 0900	GEARAspiWDM - ok
16:44:44.0406 0900	GVTDrv64        (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
16:44:44.0406 0900	GVTDrv64 - ok
16:44:44.0437 0900	hamachi         (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
16:44:44.0468 0900	hamachi - ok
16:44:44.0499 0900	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:44:44.0624 0900	hcw85cir - ok
16:44:44.0655 0900	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:44:44.0733 0900	HdAudAddService - ok
16:44:44.0749 0900	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:44:44.0796 0900	HDAudBus - ok
16:44:44.0811 0900	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:44:44.0827 0900	HidBatt - ok
16:44:44.0858 0900	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:44:44.0889 0900	HidBth - ok
16:44:44.0889 0900	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:44:44.0921 0900	HidIr - ok
16:44:44.0952 0900	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:44:44.0999 0900	HidUsb - ok
16:44:45.0014 0900	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:44:45.0030 0900	HpSAMD - ok
16:44:45.0092 0900	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:44:45.0170 0900	HTTP - ok
16:44:45.0201 0900	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:44:45.0233 0900	hwpolicy - ok
16:44:45.0248 0900	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:44:45.0295 0900	i8042prt - ok
16:44:45.0311 0900	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:44:45.0326 0900	iaStorV - ok
16:44:45.0732 0900	IDSVia64        (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120301.002\IDSvia64.sys
16:44:45.0810 0900	IDSVia64 - ok
16:44:46.0028 0900	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:44:46.0075 0900	iirsp - ok
16:44:46.0325 0900	IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\Windows\system32\drivers\RTKVHD64.sys
16:44:46.0418 0900	IntcAzAudAddService - ok
16:44:46.0449 0900	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:44:46.0481 0900	intelide - ok
16:44:46.0512 0900	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:44:46.0543 0900	intelppm - ok
16:44:46.0574 0900	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:44:46.0652 0900	IpFilterDriver - ok
16:44:46.0683 0900	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:44:46.0777 0900	IPMIDRV - ok
16:44:46.0871 0900	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:44:46.0964 0900	IPNAT - ok
16:44:46.0995 0900	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:44:47.0089 0900	IRENUM - ok
16:44:47.0105 0900	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:44:47.0120 0900	isapnp - ok
16:44:47.0136 0900	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:44:47.0151 0900	iScsiPrt - ok
16:44:47.0167 0900	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:44:47.0183 0900	kbdclass - ok
16:44:47.0214 0900	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:44:47.0245 0900	kbdhid - ok
16:44:47.0261 0900	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:44:47.0292 0900	KSecDD - ok
16:44:47.0307 0900	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:44:47.0323 0900	KSecPkg - ok
16:44:47.0323 0900	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:44:47.0370 0900	ksthunk - ok
16:44:47.0385 0900	LGBusEnum       (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
16:44:47.0401 0900	LGBusEnum - ok
16:44:47.0432 0900	LGVirHid        (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
16:44:47.0448 0900	LGVirHid - ok
16:44:47.0463 0900	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:44:47.0526 0900	lltdio - ok
16:44:47.0541 0900	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:44:47.0557 0900	LSI_FC - ok
16:44:47.0557 0900	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:44:47.0573 0900	LSI_SAS - ok
16:44:47.0588 0900	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:44:47.0604 0900	LSI_SAS2 - ok
16:44:47.0619 0900	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:44:47.0619 0900	LSI_SCSI - ok
16:44:47.0635 0900	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:44:47.0666 0900	luafv - ok
16:44:47.0729 0900	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
16:44:47.0760 0900	MBAMProtector - ok
16:44:47.0807 0900	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:44:47.0838 0900	megasas - ok
16:44:47.0869 0900	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:44:47.0885 0900	MegaSR - ok
16:44:47.0916 0900	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:44:47.0978 0900	Modem - ok
16:44:47.0994 0900	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:44:48.0056 0900	monitor - ok
16:44:48.0087 0900	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:44:48.0103 0900	mouclass - ok
16:44:48.0103 0900	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:44:48.0119 0900	mouhid - ok
16:44:48.0150 0900	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:44:48.0165 0900	mountmgr - ok
16:44:48.0181 0900	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:44:48.0197 0900	mpio - ok
16:44:48.0212 0900	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:44:48.0306 0900	mpsdrv - ok
16:44:48.0337 0900	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:44:48.0415 0900	MRxDAV - ok
16:44:48.0431 0900	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:44:48.0509 0900	mrxsmb - ok
16:44:48.0524 0900	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:44:48.0555 0900	mrxsmb10 - ok
16:44:48.0571 0900	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:44:48.0602 0900	mrxsmb20 - ok
16:44:48.0618 0900	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:44:48.0633 0900	msahci - ok
16:44:48.0649 0900	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:44:48.0665 0900	msdsm - ok
16:44:48.0711 0900	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:44:48.0743 0900	Msfs - ok
16:44:48.0758 0900	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:44:48.0789 0900	mshidkmdf - ok
16:44:48.0789 0900	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:44:48.0805 0900	msisadrv - ok
16:44:48.0821 0900	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:44:48.0867 0900	MSKSSRV - ok
16:44:48.0899 0900	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:44:48.0945 0900	MSPCLOCK - ok
16:44:48.0945 0900	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:44:48.0992 0900	MSPQM - ok
16:44:49.0023 0900	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:44:49.0070 0900	MsRPC - ok
16:44:49.0086 0900	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:44:49.0117 0900	mssmbios - ok
16:44:49.0133 0900	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:44:49.0164 0900	MSTEE - ok
16:44:49.0164 0900	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:44:49.0179 0900	MTConfig - ok
16:44:49.0195 0900	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:44:49.0211 0900	Mup - ok
16:44:49.0226 0900	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:44:49.0257 0900	NativeWifiP - ok
16:44:49.0523 0900	NAVENG          (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120301.033\ENG64.SYS
16:44:49.0554 0900	NAVENG - ok
16:44:49.0663 0900	NAVEX15         (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120301.033\EX64.SYS
16:44:49.0757 0900	NAVEX15 - ok
16:44:49.0803 0900	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:44:49.0850 0900	NDIS - ok
16:44:49.0866 0900	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:44:49.0897 0900	NdisCap - ok
16:44:49.0913 0900	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:44:49.0944 0900	NdisTapi - ok
16:44:49.0959 0900	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:44:50.0053 0900	Ndisuio - ok
16:44:50.0100 0900	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:44:50.0193 0900	NdisWan - ok
16:44:50.0209 0900	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:44:50.0240 0900	NDProxy - ok
16:44:50.0256 0900	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:44:50.0303 0900	NetBIOS - ok
16:44:50.0349 0900	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:44:50.0412 0900	NetBT - ok
16:44:50.0427 0900	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:44:50.0443 0900	nfrd960 - ok
16:44:50.0490 0900	nmwcd           (985a3f046dfcd58e26d3a95283bb8f1d) C:\Windows\system32\drivers\ccdcmbx64.sys
16:44:50.0568 0900	nmwcd - ok
16:44:50.0646 0900	nmwcdc          (5eb41a9656388dc21119ccc33f0ee22a) C:\Windows\system32\drivers\ccdcmbox64.sys
16:44:50.0693 0900	nmwcdc - ok
16:44:50.0724 0900	npf             (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
16:44:50.0755 0900	npf - ok
16:44:50.0786 0900	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:44:50.0833 0900	Npfs - ok
16:44:50.0849 0900	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:44:50.0880 0900	nsiproxy - ok
16:44:50.0958 0900	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:44:51.0051 0900	Ntfs - ok
16:44:51.0129 0900	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:44:51.0223 0900	Null - ok
16:44:51.0239 0900	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:44:51.0254 0900	nvraid - ok
16:44:51.0270 0900	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:44:51.0285 0900	nvstor - ok
16:44:51.0317 0900	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:44:51.0317 0900	nv_agp - ok
16:44:51.0348 0900	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:44:51.0379 0900	ohci1394 - ok
16:44:51.0410 0900	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:44:51.0426 0900	Parport - ok
16:44:51.0441 0900	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:44:51.0457 0900	partmgr - ok
16:44:51.0488 0900	pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
16:44:51.0535 0900	pccsmcfd - ok
16:44:51.0582 0900	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:44:51.0613 0900	pci - ok
16:44:51.0629 0900	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:44:51.0644 0900	pciide - ok
16:44:51.0660 0900	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:44:51.0675 0900	pcmcia - ok
16:44:51.0691 0900	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:44:51.0707 0900	pcw - ok
16:44:51.0738 0900	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:44:51.0785 0900	PEAUTH - ok
16:44:51.0831 0900	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:44:51.0909 0900	PptpMiniport - ok
16:44:51.0909 0900	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:44:51.0925 0900	Processor - ok
16:44:51.0956 0900	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:44:52.0034 0900	Psched - ok
16:44:52.0253 0900	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:44:52.0299 0900	ql2300 - ok
16:44:52.0331 0900	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:44:52.0331 0900	ql40xx - ok
16:44:52.0362 0900	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:44:52.0377 0900	QWAVEdrv - ok
16:44:52.0393 0900	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:44:52.0424 0900	RasAcd - ok
16:44:52.0440 0900	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:44:52.0502 0900	RasAgileVpn - ok
16:44:52.0533 0900	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:44:52.0596 0900	Rasl2tp - ok
16:44:52.0611 0900	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:44:52.0643 0900	RasPppoe - ok
16:44:52.0658 0900	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:44:52.0689 0900	RasSstp - ok
16:44:52.0752 0900	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:44:52.0814 0900	rdbss - ok
16:44:52.0845 0900	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:44:52.0892 0900	rdpbus - ok
16:44:52.0939 0900	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:44:52.0970 0900	RDPCDD - ok
16:44:52.0986 0900	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:44:53.0064 0900	RDPDR - ok
16:44:53.0079 0900	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:44:53.0126 0900	RDPENCDD - ok
16:44:53.0157 0900	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:44:53.0189 0900	RDPREFMP - ok
16:44:53.0220 0900	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:44:53.0313 0900	RDPWD - ok
16:44:53.0345 0900	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:44:53.0391 0900	rdyboost - ok
16:44:53.0423 0900	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:44:53.0469 0900	rspndr - ok
16:44:53.0516 0900	RTHDMIAzAudService (34f05c417f038ffa3bef69b798d7d7dd) C:\Windows\system32\drivers\RtHDMIVX.sys
16:44:53.0610 0900	RTHDMIAzAudService - ok
16:44:53.0672 0900	RTL8167         (f65f171165fbb613f7aa3cc78e8cab42) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:44:53.0766 0900	RTL8167 - ok
16:44:53.0813 0900	RtNdPt60        (2b38c905492f36fe42b59da52d6b4eb7) C:\Windows\system32\DRIVERS\RtNdPt60.sys
16:44:53.0859 0900	RtNdPt60 - ok
16:44:53.0891 0900	RTTEAMPT        (3fb2fd668fa4cd4aed1953f85f916cf1) C:\Windows\system32\DRIVERS\RtTeam60.sys
16:44:53.0937 0900	RTTEAMPT - ok
16:44:53.0953 0900	RTVLANPT        (8b6b42d782202363a562f82b0e13b1c0) C:\Windows\system32\DRIVERS\RtVlan60.sys
16:44:53.0969 0900	RTVLANPT - ok
16:44:54.0000 0900	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:44:54.0031 0900	s3cap - ok
16:44:54.0078 0900	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:44:54.0109 0900	sbp2port - ok
16:44:54.0140 0900	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:44:54.0187 0900	scfilter - ok
16:44:54.0234 0900	ScreamBAudioSvc (8b56bdce6a303dde63d63440d1cf9ad1) C:\Windows\system32\drivers\ScreamingBAudio64.sys
16:44:54.0265 0900	ScreamBAudioSvc - ok
16:44:54.0327 0900	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:44:54.0405 0900	secdrv - ok
16:44:54.0499 0900	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:44:54.0530 0900	Serenum - ok
16:44:54.0561 0900	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:44:54.0577 0900	Serial - ok
16:44:54.0608 0900	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:44:54.0624 0900	sermouse - ok
16:44:54.0671 0900	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:44:54.0764 0900	sffdisk - ok
16:44:54.0780 0900	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:44:54.0795 0900	sffp_mmc - ok
16:44:54.0795 0900	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:44:54.0827 0900	sffp_sd - ok
16:44:54.0858 0900	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:44:54.0873 0900	sfloppy - ok
16:44:54.0905 0900	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:44:54.0905 0900	SiSRaid2 - ok
16:44:54.0920 0900	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:44:54.0920 0900	SiSRaid4 - ok
16:44:54.0936 0900	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:44:54.0967 0900	Smb - ok
16:44:54.0983 0900	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:44:54.0998 0900	spldr - ok
16:44:55.0076 0900	SRTSP           (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1305000.091\SRTSP64.SYS
16:44:55.0139 0900	SRTSP - ok
16:44:55.0154 0900	SRTSPX          (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS
16:44:55.0154 0900	SRTSPX - ok
16:44:55.0185 0900	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:44:55.0248 0900	srv - ok
16:44:55.0263 0900	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:44:55.0310 0900	srv2 - ok
16:44:55.0326 0900	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:44:55.0357 0900	srvnet - ok
16:44:55.0404 0900	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:44:55.0404 0900	stexstor - ok
16:44:55.0451 0900	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:44:55.0482 0900	storflt - ok
16:44:55.0529 0900	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:44:55.0544 0900	storvsc - ok
16:44:55.0575 0900	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:44:55.0591 0900	swenum - ok
16:44:55.0685 0900	SymDS           (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS
16:44:55.0732 0900	SymDS - ok
16:44:55.0778 0900	SymEFA          (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS
16:44:55.0810 0900	SymEFA - ok
16:44:55.0841 0900	SymEvent        (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:44:55.0872 0900	SymEvent - ok
16:44:55.0903 0900	SymIRON         (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS
16:44:55.0919 0900	SymIRON - ok
16:44:55.0934 0900	SymNetS         (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS
16:44:55.0966 0900	SymNetS - ok
16:44:56.0012 0900	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:44:56.0059 0900	Tcpip - ok
16:44:56.0106 0900	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:44:56.0122 0900	TCPIP6 - ok
16:44:56.0153 0900	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:44:56.0184 0900	tcpipreg - ok
16:44:56.0246 0900	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:44:56.0324 0900	TDPIPE - ok
16:44:56.0324 0900	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:44:56.0356 0900	TDTCP - ok
16:44:56.0402 0900	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:44:56.0496 0900	tdx - ok
16:44:56.0527 0900	TEAM            (3fb2fd668fa4cd4aed1953f85f916cf1) C:\Windows\system32\DRIVERS\RtTeam60.sys
16:44:56.0527 0900	TEAM - ok
16:44:56.0558 0900	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:44:56.0574 0900	TermDD - ok
16:44:56.0652 0900	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:44:56.0714 0900	tssecsrv - ok
16:44:56.0730 0900	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:44:56.0808 0900	TsUsbFlt - ok
16:44:56.0870 0900	TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
16:44:56.0902 0900	TuneUpUtilitiesDrv - ok
16:44:56.0948 0900	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:44:57.0011 0900	tunnel - ok
16:44:57.0042 0900	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:44:57.0058 0900	uagp35 - ok
16:44:57.0104 0900	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:44:57.0151 0900	udfs - ok
16:44:57.0245 0900	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:44:57.0276 0900	uliagpkx - ok
16:44:57.0323 0900	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:44:57.0370 0900	umbus - ok
16:44:57.0416 0900	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:44:57.0432 0900	UmPass - ok
16:44:57.0463 0900	upperdev        (afa3a0937b7044a8322d8bc91722c53b) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
16:44:57.0526 0900	upperdev - ok
16:44:57.0572 0900	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:44:57.0635 0900	USBAAPL64 - ok
16:44:57.0682 0900	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:44:57.0744 0900	usbccgp - ok
16:44:57.0791 0900	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:44:57.0822 0900	usbcir - ok
16:44:57.0853 0900	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:44:57.0884 0900	usbehci - ok
16:44:57.0900 0900	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:44:57.0931 0900	usbhub - ok
16:44:57.0947 0900	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
16:44:57.0962 0900	usbohci - ok
16:44:57.0994 0900	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:44:58.0009 0900	usbprint - ok
16:44:58.0025 0900	usbser          (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
16:44:58.0040 0900	usbser - ok
16:44:58.0072 0900	UsbserFilt      (b826f3ff5a1975cc9096b4caadde77b6) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
16:44:58.0103 0900	UsbserFilt - ok
16:44:58.0103 0900	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
16:44:58.0150 0900	USBSTOR - ok
16:44:58.0181 0900	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:44:58.0212 0900	usbuhci - ok
16:44:58.0243 0900	usb_rndisx      (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
16:44:58.0306 0900	usb_rndisx - ok
16:44:58.0368 0900	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:44:58.0415 0900	vdrvroot - ok
16:44:58.0446 0900	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:44:58.0493 0900	vga - ok
16:44:58.0508 0900	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:44:58.0540 0900	VgaSave - ok
16:44:58.0571 0900	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:44:58.0602 0900	vhdmp - ok
16:44:58.0664 0900	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:44:58.0696 0900	viaide - ok
16:44:58.0727 0900	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:44:58.0742 0900	vmbus - ok
16:44:58.0758 0900	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:44:58.0774 0900	VMBusHID - ok
16:44:58.0805 0900	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:44:58.0820 0900	volmgr - ok
16:44:58.0852 0900	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:44:58.0883 0900	volmgrx - ok
16:44:58.0898 0900	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:44:58.0914 0900	volsnap - ok
16:44:58.0961 0900	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:44:58.0976 0900	vsmraid - ok
16:44:58.0992 0900	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:44:59.0023 0900	vwifibus - ok
16:44:59.0039 0900	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:44:59.0086 0900	WacomPen - ok
16:44:59.0117 0900	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:44:59.0148 0900	WANARP - ok
16:44:59.0164 0900	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:44:59.0179 0900	Wanarpv6 - ok
16:44:59.0210 0900	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:44:59.0210 0900	Wd - ok
16:44:59.0242 0900	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:44:59.0257 0900	Wdf01000 - ok
16:44:59.0288 0900	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:44:59.0320 0900	WfpLwf - ok
16:44:59.0320 0900	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:44:59.0335 0900	WIMMount - ok
16:44:59.0382 0900	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:44:59.0413 0900	WinUsb - ok
16:44:59.0444 0900	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:44:59.0460 0900	WmiAcpi - ok
16:44:59.0491 0900	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:44:59.0507 0900	ws2ifsl - ok
16:44:59.0554 0900	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:44:59.0616 0900	WudfPf - ok
16:44:59.0632 0900	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:44:59.0663 0900	WUDFRd - ok
16:44:59.0710 0900	X6va002 - ok
16:44:59.0725 0900	X6va003 - ok
16:44:59.0772 0900	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:45:00.0084 0900	\Device\Harddisk0\DR0 - ok
16:45:00.0100 0900	Boot (0x1200)   (333121570035bed79b7798c701b038ab) \Device\Harddisk0\DR0\Partition0
16:45:00.0100 0900	\Device\Harddisk0\DR0\Partition0 - ok
16:45:00.0115 0900	Boot (0x1200)   (286f37195d8afe39fa2acd7eb3b3658d) \Device\Harddisk0\DR0\Partition1
16:45:00.0131 0900	\Device\Harddisk0\DR0\Partition1 - ok
16:45:00.0131 0900	============================================================
16:45:00.0131 0900	Scan finished
16:45:00.0131 0900	============================================================
16:45:00.0224 6096	Detected object count: 0
16:45:00.0224 6096	Actual detected object count: 0
         

Alt 02.03.2012, 15:59   #9
markusg
/// Malware-holic
 
Google redirect Virus. - Standard

Google redirect Virus.



wird noch umgeleitet?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.03.2012, 22:03   #10
Sh0xter
 
Google redirect Virus. - Standard

Google redirect Virus.



1. Sorry für die späte Meldung - war nicht Zuhause.

Und ja wird noch umgeleitet.

Alt 03.03.2012, 11:14   #11
markusg
/// Malware-holic
 
Google redirect Virus. - Standard

Google redirect Virus.



hi


dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
 :Files
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.03.2012, 14:09   #12
Sh0xter
 
Google redirect Virus. - Standard

Google redirect Virus.



Code:
ATTFilter
All processes killed
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Eric
->Flash cache emptied: 3360 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Eric
->Temp folder emptied: 172984288 bytes
->Temporary Internet Files folder emptied: 7452632 bytes
->FireFox cache emptied: 1143585363 bytes
->Google Chrome cache emptied: 6099312 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70272 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.269,00 mb
 
 
OTL by OldTimer - Version 3.2.34.0 log created on 03032012_150133

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 03.03.2012, 14:46   #13
markusg
/// Malware-holic
 
Google redirect Virus. - Standard

Google redirect Virus.



gibt es bestimmte seiten zu denen weiter geleitet wird?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.03.2012, 15:53   #14
Sh0xter
 
Google redirect Virus. - Standard

Google redirect Virus.



http ://www.google .de /webhp?
Und dann je nach Eingabe halt die Endung.
Also immer auf die personifizierte Googleseite und nichts anderes.

Alt 03.03.2012, 16:03   #15
markusg
/// Malware-holic
 
Google redirect Virus. - Standard

Google redirect Virus.



kannst du mal den firefox de und reinstalieren?
http://www.hijackthis-forum.de/tipps...installer.html
deinstalieren mit revo
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Google redirect Virus.
chrome, community, direkt, firefox, google, google redirect, google redirect virus, liebe, problem, redirect, suchergebnis, tagen, virus, windows, windows 7



Ähnliche Themen: Google redirect Virus.


  1. google redirect virus
    Plagegeister aller Art und deren Bekämpfung - 30.06.2013 (26)
  2. Google Redirect Virus (?)
    Plagegeister aller Art und deren Bekämpfung - 15.04.2013 (11)
  3. Google Redirect Virus
    Plagegeister aller Art und deren Bekämpfung - 05.01.2013 (18)
  4. Google Redirect-Virus
    Log-Analyse und Auswertung - 02.11.2012 (3)
  5. Google Redirect Virus
    Log-Analyse und Auswertung - 31.10.2012 (49)
  6. Google redirect Virus
    Log-Analyse und Auswertung - 01.10.2012 (11)
  7. google redirect virus
    Log-Analyse und Auswertung - 11.09.2012 (9)
  8. Google Redirect Virus bzw. Google Hijack + PC Langsam
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (2)
  9. Google Redirect Virus
    Plagegeister aller Art und deren Bekämpfung - 22.05.2012 (44)
  10. Google Redirect Virus
    Plagegeister aller Art und deren Bekämpfung - 14.05.2012 (21)
  11. Google Redirect Virus
    Plagegeister aller Art und deren Bekämpfung - 22.04.2012 (9)
  12. Google redirect virus
    Plagegeister aller Art und deren Bekämpfung - 21.04.2012 (20)
  13. Google Redirect Virus
    Plagegeister aller Art und deren Bekämpfung - 05.04.2012 (29)
  14. Google Redirect Virus
    Log-Analyse und Auswertung - 04.04.2012 (1)
  15. google redirect virus
    Log-Analyse und Auswertung - 09.07.2011 (7)
  16. Google Redirect Virus was nun ?
    Plagegeister aller Art und deren Bekämpfung - 21.06.2011 (3)
  17. Google Redirect Virus
    Log-Analyse und Auswertung - 17.06.2011 (6)

Zum Thema Google redirect Virus. - Hallo liebe Community, Ich habe seit 1 -2 Tagen das Problem das Google mich direkt an "meine" Google-Seite weiterleitet wenn ich ein Suchergebnis anklicke. Bitte um Hilfe Browser: Nur bei - Google redirect Virus....
Archiv
Du betrachtest: Google redirect Virus. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.