Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Searchcompletion hat Firefoxsuche übernommen

Searchcompletion hat Firefoxsuche übernommen


Log-Analyse und Auswertung: Searchcompletion hat Firefoxsuche übernommen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 3 1 23
Alt 25.02.2012, 22:24   #1
c_w
 
Searchcompletion hat Firefoxsuche übernommen - Standard

Searchcompletion hat Firefoxsuche übernommen


Hallo,

ich habe ein ähnliches Problem wie in diesem Thread hier beschrieben:

http://www.trojaner-board.de/103772-...bernommen.html

D.h. die Suche über die Adressleiste von Firefox führt immer auf die searchcompletion.com Website. Den entsprechenden Wert in about:config habe ich bereits verändert, hilft nichts.
Da ich davon ausgehe, dass mein System irgendwie verunreinigt ist, erhoffe ich mir Hilfe anhand meiner Logdateien.

Grundsätzlich halte ich das System immer mit Secunia PSI auf dem neusten Stand.

Bisher ist der ESET Online Scan durchgelaufen, hat eine Datei gefunden (ein one-click-root Programm für ein Android Handy...). Ich hab allerdings die Archive nicht mitgescannt... nochmal machen?
Der Vollscan mit Malwarebytes läuft gerade, hänge ich dann an, wenn fertig.

Was sollte ich sonst noch durchführen?

Edit: Malwarebytes ist fertig und ich habe die Logdatei angehangen.

Alt 26.02.2012, 17:17   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Searchcompletion hat Firefoxsuche übernommen - Standard

Searchcompletion hat Firefoxsuche übernommen


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________

__________________
Alt 26.02.2012, 19:45   #3
c_w
 
Searchcompletion hat Firefoxsuche übernommen - Standard

Searchcompletion hat Firefoxsuche übernommen


Der Vollständigkeithalber:
Ich hab auch Defogger, DDS und GMER laufen lassen (siehe unten).

OTL Skript für ich jetzt aus...
__________________
Alt 26.02.2012, 20:23   #4
c_w
 
Searchcompletion hat Firefoxsuche übernommen - Standard

Searchcompletion hat Firefoxsuche übernommen


OTL:

Code:
ATTFilter
OTL logfile created on: 26.02.2012 19:47:27 - Run 4
OTL by OldTimer - Version 3.2.33.2     Folder = C:\Users\Thomas\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 56,92% Memory free
5,86 Gb Paging File | 4,26 Gb Available in Paging File | 72,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 179,49 Gb Total Space | 8,90 Gb Free Space | 4,96% Space Free | Partition Type: NTFS
Drive G: | 149,01 Gb Total Space | 10,05 Gb Free Space | 6,74% Space Free | Partition Type: FAT32
 
Computer Name: THOMAS-SONY | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Thomas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Programme\Miranda IM\miranda32.exe ( )
PRC - C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Gizmo\gservice.exe (Arainia Solutions)
PRC - C:\Programme\Gizmo\gizmo.exe (Arainia Solutions)
PRC - C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net)
PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\AutoHotkey\AutoHotkey.exe ()
PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
PRC - C:\Programme\Sony\Network Utility\NSUService.exe (Sony Corporation)
PRC - C:\Programme\Sony\Network Utility\LANUtil.exe (Sony Corporation)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\8b0dc9405f292a93ddd52eb76bb88169\System.IdentityModel.Selectors.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d939fca96c3645bb8806ea8ae43cc0ca\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bc96c5c6e644452270ff7c3d066ff713\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\281b67b96a2dd473dad4d222da0ca514\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b74950292d5681795d9d2c1a72a79952\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\075d9c27aa02085fef8983b5f5f85834\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Programme\Miranda IM\zlib.dll ()
MOD - C:\Programme\Miranda IM\Plugins\ICQ.dll ()
MOD - C:\Programme\Miranda IM\Plugins\dbx_mmap.dll ()
MOD - C:\Programme\Gizmo\ghash.dll ()
MOD - C:\Programme\Gizmo\gscript.dll ()
MOD - C:\Programme\Gizmo\gdatabase.dll ()
MOD - C:\Programme\Gizmo\gdrive.dll ()
MOD - C:\Programme\Gizmo\geditor.dll ()
MOD - C:\Programme\Gizmo\gshell.dll ()
MOD - C:\Programme\Gizmo\gmanager.dll ()
MOD - C:\Programme\Gizmo\gimage.dll ()
MOD - C:\Programme\Miranda IM\Plugins\StartupStatus.dll ()
MOD - C:\Programme\Miranda IM\Plugins\Variables.dll ()
MOD - C:\Programme\Miranda IM\Plugins\updater.dll ()
MOD - C:\Programme\AutoHotkey\AutoHotkey.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll ()
MOD - C:\Programme\Miranda IM\Plugins\folders.dll ()
MOD - C:\Programme\Miranda IM\Plugins\Fingerprint.dll ()
MOD - C:\Programme\Miranda IM\Plugins\MenuEx.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Programme\Miranda IM\Plugins\svc_dbepp.dll ()
MOD - C:\Programme\Miranda IM\Plugins\nickhistoryW.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Gizmo Central) -- C:\Programme\Gizmo\gservice.exe (Arainia Solutions)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (VUAgent) -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (GizmoDrv) -- C:\Windows\System32\drivers\gizmodrv.sys (Arainia Solutions LLC)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (acsock) -- C:\Windows\System32\drivers\acsock.sys (Cisco Systems, Inc.)
DRV - (connctfyMP) -- C:\Windows\System32\drivers\connctfy.sys (Connectify)
DRV - (connctfy) -- C:\Windows\System32\drivers\connctfy.sys (Connectify)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (shpf) -- C:\Windows\system32\DRIVERS\shpf.sys (Sony Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SPI) -- C:\Windows\System32\drivers\SonyPI.sys (Sony Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-830961823-3395450180-1696562346-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-830961823-3395450180-1696562346-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-830961823-3395450180-1696562346-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-830961823-3395450180-1696562346-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://startsear.ch/?aff=1&cf=e3e18afd-1547-11e1-8b2f-001a80d84059"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.21.1
FF - prefs.js..extensions.enabledItems: bettergmail2@ginatrapani.org:1.2
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.7.3
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Thomas\AppData\Local\Octoshape\Octoshape Streaming Services\octoprogram-L03-NMS0810164_SUA_900\npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Thomas\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.02.15 18:20:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.21 22:09:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.15 18:21:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.12.10 11:26:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.02.15 18:21:09 | 000,000,000 | ---D | M]
 
[2010.02.22 17:21:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions
[2010.02.22 17:21:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.02.25 17:33:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\yy3dg203.default\extensions
[2010.05.02 14:31:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\yy3dg203.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.22 21:25:12 | 000,000,000 | ---D | M] (VshareComplete - Speed up your search with your personal search suggestions tool) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\yy3dg203.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403}
[2010.05.22 09:12:47 | 000,000,000 | ---D | M] ("Better Gmail 2") -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\yy3dg203.default\extensions\bettergmail2@ginatrapani.org
[2010.03.09 20:55:45 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\yy3dg203.default\extensions\firefox@tvunetworks.com
[2012.02.03 20:00:51 | 000,000,000 | ---D | M] (Echofon) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\yy3dg203.default\extensions\twitternotifier@naan.net
[2010.04.07 15:06:37 | 000,001,820 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\yy3dg203.default\searchplugins\bing.xml
[2010.04.07 15:05:59 | 000,002,045 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\yy3dg203.default\searchplugins\ebook-.xml
[2010.04.07 15:06:27 | 000,001,251 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\yy3dg203.default\searchplugins\filmkritiker.xml
[2010.04.07 15:06:53 | 000,001,504 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\yy3dg203.default\searchplugins\imdb.xml
[2010.04.07 15:06:05 | 000,001,115 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\yy3dg203.default\searchplugins\rapidshare-filefinder.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\yy3dg203.default\searchplugins\startsear.xml
[2010.04.07 15:06:17 | 000,001,050 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\yy3dg203.default\searchplugins\torrentfinder.xml
[2010.04.07 15:05:42 | 000,002,275 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\yy3dg203.default\searchplugins\wolframalpha.xml
[2010.04.07 15:06:49 | 000,004,140 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\yy3dg203.default\searchplugins\youtube.xml
[2012.02.22 19:26:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.22 19:26:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.02.22 19:26:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.02.15 18:20:40 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\THOMAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY3DG203.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\THOMAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY3DG203.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\THOMAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY3DG203.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\THOMAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY3DG203.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
() (No name found) -- C:\USERS\THOMAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY3DG203.DEFAULT\EXTENSIONS\FIREGESTURES@XULDEV.ORG.XPI
() (No name found) -- C:\USERS\THOMAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YY3DG203.DEFAULT\EXTENSIONS\TRACKMENOT@MRL.NYU.EDU.XPI
[2012.02.21 22:09:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.09.03 14:59:52 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011.10.26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.10.07 07:00:35 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011.10.07 07:00:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.07 07:00:35 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011.10.07 07:00:35 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011.10.07 07:00:35 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Thomas\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Thomas\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Thomas\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Thomas\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Thomas\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Thomas\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Text & Tabellen = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\5.3_0\
CHR - Extension: Turn Off the Lights = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.53_0\
CHR - Extension: YouTube = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google-Suche = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: VshareComplete plugin for chrome = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: Google Kalender = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Silver Bird = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic\1.9.8.4_0\
CHR - Extension: DropBox = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\flogpfmjdekjoilcnmmchanikomlidie\1.2.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: vshare plugin = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: Smooth Gestures = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld\0.15.4.12_0\
CHR - Extension: Google Maps = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.3_0\
CHR - Extension: Google Mail = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2010.08.07 14:28:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKU\S-1-5-21-830961823-3395450180-1696562346-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-830961823-3395450180-1696562346-1003..\Run: [GizmoDriveDelegate] C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
O4 - HKU\S-1-5-21-830961823-3395450180-1696562346-1003..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-830961823-3395450180-1696562346-1003..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sound.ahk.lnk = C:\Users\Thomas\Documents\sound.ahk ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-830961823-3395450180-1696562346-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-830961823-3395450180-1696562346-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-830961823-3395450180-1696562346-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E745DF03-C086-4DDF-A0AF-A346E527586F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\VAIO 08 img6 Wallpaper 1366x768.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\VAIO 08 img6 Wallpaper 1366x768.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: {3BDC22CA-F1E2-47F9-BD4B0368F8B265BB} -  File not found
 
 
SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sr.sys - FSFilter System Recovery
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: ip6fw.sys - Driver
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: NtLmSsp - Service
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sr.sys - FSFilter System Recovery
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.26 19:45:19 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
[2012.02.26 09:57:38 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Thomas\Desktop\dds.scr
[2012.02.26 09:56:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Thomas\Desktop\dds.com
[2012.02.21 22:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.02.15 18:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012.02.03 22:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.02.03 22:32:30 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.02.03 22:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.26 19:51:22 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.26 19:45:23 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
[2012.02.26 19:43:05 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-830961823-3395450180-1696562346-1003UA.job
[2012.02.26 19:43:05 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.26 19:43:05 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-830961823-3395450180-1696562346-1003Core.job
[2012.02.26 19:42:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.26 17:02:59 | 000,000,600 | ---- | M] () -- C:\Users\Thomas\AppData\Local\PUTTY.RND
[2012.02.26 10:02:11 | 000,009,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.26 10:02:11 | 000,009,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.26 10:00:27 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.26 10:00:27 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.26 10:00:27 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.26 10:00:27 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.26 09:59:04 | 000,302,592 | ---- | M] () -- C:\Users\Thomas\Desktop\sl6v5cvg.exe
[2012.02.26 09:57:42 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Thomas\Desktop\dds.scr
[2012.02.26 09:56:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Thomas\Desktop\dds.com
[2012.02.26 09:53:51 | 2361,569,280 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.26 09:51:14 | 000,000,000 | ---- | M] () -- C:\Users\Thomas\defogger_reenable
[2012.02.26 09:50:19 | 000,050,477 | ---- | M] () -- C:\Users\Thomas\Desktop\Defogger.exe
[2012.02.25 17:49:35 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012.02.25 17:13:08 | 000,000,535 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2012.02.25 16:59:19 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.25 08:50:32 | 000,000,497 | ---- | M] () -- C:\Users\Thomas\.Xauthority
[2012.02.21 22:08:41 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.02.19 20:39:09 | 000,001,053 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.02.18 09:57:57 | 000,002,405 | ---- | M] () -- C:\Users\Thomas\Desktop\Google Chrome.lnk
[2012.02.16 14:46:26 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.16 14:46:00 | 000,435,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.15 18:21:00 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012.02.15 18:19:59 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012.02.03 22:32:31 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.26 09:59:00 | 000,302,592 | ---- | C] () -- C:\Users\Thomas\Desktop\sl6v5cvg.exe
[2012.02.26 09:51:14 | 000,000,000 | ---- | C] () -- C:\Users\Thomas\defogger_reenable
[2012.02.26 09:50:18 | 000,050,477 | ---- | C] () -- C:\Users\Thomas\Desktop\Defogger.exe
[2012.02.25 17:49:35 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012.02.25 16:59:19 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.21 22:08:41 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.02.15 18:21:00 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011.11.29 16:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.04.27 13:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.04.27 13:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.04.27 13:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.04.27 13:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.03.10 18:14:47 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.12.28 14:37:49 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.12.28 14:37:49 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.12.09 20:00:17 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.12.09 20:00:17 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.10.03 20:41:17 | 000,017,408 | ---- | C] () -- C:\Users\Thomas\AppData\Local\WebpageIcons.db
[2010.09.27 11:03:08 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2010.08.07 14:07:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.08.07 14:07:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.08.07 14:07:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.08.06 16:23:59 | 000,080,384 | ---- | C] () -- C:\Windows\System32\MBRCheck.exe
[2010.08.04 21:50:43 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.08.04 21:50:43 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.05.17 19:51:26 | 000,017,920 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.20 20:12:41 | 000,000,054 | ---- | C] () -- C:\Windows\wininit.ini
[2010.04.03 08:44:39 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010.04.02 20:44:40 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.04.02 20:44:40 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.04.02 20:44:40 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2010.04.02 20:44:40 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
 
========== LOP Check ==========
 
[2009.11.14 15:16:47 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Azureus
[2009.11.14 15:16:47 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Canneverbe_Limited
[2011.11.27 09:37:39 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DC++
[2012.02.26 09:55:26 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Dropbox
[2011.03.19 11:58:10 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\elsterformular
[2011.08.03 16:02:06 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Foxit Software
[2011.11.26 09:55:05 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Gizmo
[2010.09.23 19:55:19 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\iLove User Data
[2011.07.31 20:48:23 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Imaxel
[2009.11.14 15:16:48 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\InterVideo
[2011.12.27 13:55:12 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\IrfanView
[2009.11.14 15:16:48 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\LucasArts
[2010.09.10 21:49:26 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Miranda
[2011.08.28 18:45:58 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Mp3tag
[2012.02.22 18:39:58 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\MusicBee
[2011.06.19 15:13:17 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Nokia
[2010.05.09 12:32:23 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Nokia Ovi Suite
[2010.08.17 17:38:38 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\OpenOffice.org
[2009.11.14 15:17:12 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Opera
[2009.11.14 15:17:14 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\PC Suite
[2009.11.14 15:17:14 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\PPMate
[2009.11.14 15:17:14 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ppStream
[2010.07.14 16:48:56 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Qofib
[2012.01.12 16:58:01 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Samsung
[2011.07.28 19:33:52 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Simfy
[2010.05.09 20:49:18 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\StreamTorrent
[2009.11.14 15:17:15 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Subversion
[2010.02.22 17:21:03 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Thunderbird
[2012.02.25 23:39:05 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\uTorrent
[2011.11.22 21:25:11 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\VshareComplete
[2011.06.21 20:59:35 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.07.28 19:33:02 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Adobe
[2011.10.27 20:49:02 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Apple Computer
[2011.10.14 19:02:06 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Avira
[2009.11.14 15:16:47 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Azureus
[2009.11.14 15:16:47 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Canneverbe_Limited
[2011.11.27 09:37:39 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DC++
[2012.02.26 09:55:26 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Dropbox
[2010.08.01 18:57:39 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\dvdcss
[2011.03.19 11:58:10 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\elsterformular
[2011.08.03 16:02:06 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Foxit Software
[2011.11.26 09:55:05 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Gizmo
[2009.11.14 15:16:47 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Google
[2009.11.14 15:16:47 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Identities
[2010.09.23 19:55:19 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\iLove User Data
[2011.07.31 20:48:23 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Imaxel
[2009.11.14 15:16:48 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\InstallShield
[2009.11.14 15:16:48 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Intel
[2009.11.14 15:16:48 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\InterVideo
[2011.12.27 13:55:12 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\IrfanView
[2009.11.14 15:16:48 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\LucasArts
[2009.11.14 15:16:48 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Macromedia
[2010.08.04 21:56:52 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes
[2009.07.14 09:56:56 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Media Center Programs
[2012.01.20 16:58:41 | 000,000,000 | --SD | M] -- C:\Users\Thomas\AppData\Roaming\Microsoft
[2011.01.15 14:46:27 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\MiKTeX
[2010.09.10 21:49:26 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Miranda
[2009.11.14 15:17:12 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Mozilla
[2011.08.28 18:45:58 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Mp3tag
[2012.02.22 18:39:58 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\MusicBee
[2011.06.19 15:13:17 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Nokia
[2010.05.09 12:32:23 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Nokia Ovi Suite
[2010.08.17 17:38:38 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\OpenOffice.org
[2009.11.14 15:17:12 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Opera
[2009.11.14 15:17:14 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\PC Suite
[2009.11.14 15:17:14 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\PPMate
[2009.11.14 15:17:14 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ppStream
[2010.07.14 16:48:56 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Qofib
[2011.12.10 11:27:26 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Real
[2009.11.14 15:17:14 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Roxio
[2012.01.12 16:58:01 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Samsung
[2009.11.14 15:17:14 | 000,000,000 | RH-D | M] -- C:\Users\Thomas\AppData\Roaming\SecuROM
[2011.07.28 19:33:52 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Simfy
[2012.02.16 14:51:14 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Skype
[2009.12.29 11:01:26 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\skypePM
[2010.04.20 21:05:13 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Sony Corporation
[2009.11.14 15:17:15 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\SopCast
[2010.05.09 20:49:18 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\StreamTorrent
[2009.11.14 15:17:15 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Subversion
[2010.08.05 21:08:16 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\SUPERAntiSpyware.com
[2010.02.22 17:21:03 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Thunderbird
[2011.06.18 18:12:34 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TortoiseSVN
[2010.03.09 20:55:29 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TVU networks
[2012.02.25 23:39:05 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\uTorrent
[2012.02.25 12:41:07 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\vlc
[2011.11.22 21:25:11 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\VshareComplete
[2010.09.03 15:25:15 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Winamp
[2008.11.09 14:01:30 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.02.17 01:23:00 | 026,530,760 | ---- | M] (Dropbox, Inc.) -- C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.17 01:23:04 | 000,871,664 | ---- | M] (Dropbox, Inc.) -- C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxPhotoUpdate.exe
[2012.02.17 01:23:34 | 000,174,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.12.27 13:44:08 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Thomas\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.05.01 01:22:40 | 079,929,616 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
[2010.12.08 18:09:56 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Thomas\AppData\Roaming\Real\Update\setup3.13\setup.exe
[2011.12.04 18:47:39 | 000,315,512 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Thomas\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.01\rnupgagent.exe
[2010.03.09 20:55:38 | 005,514,304 | ---- | M] (TVU networks) -- C:\Users\Thomas\AppData\Roaming\TVU networks\AutoUpgrade\TVUPlayer2.5.2.2.exe
[2010.08.27 20:59:57 | 005,642,000 | ---- | M] (TVU networks) -- C:\Users\Thomas\AppData\Roaming\TVU networks\AutoUpgrade\TVUPlayer2.5.3.1.exe
[2009.09.29 19:55:35 | 005,519,752 | ---- | M] (TVU networks) -- C:\Users\Thomas\AppData\Roaming\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.7.2.exe
[2009.12.08 21:51:05 | 005,562,672 | ---- | M] (TVU networks) -- C:\Users\Thomas\AppData\Roaming\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.9.1.exe
[2011.11.09 02:54:02 | 000,091,128 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\VshareComplete\KeepMeUpdated.exe
[2011.11.09 02:54:02 | 000,091,128 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\VshareComplete\64\KeepMeUpdated.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.04.15 16:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008.04.15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.04.22 01:20:50 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\Drivers\INF\SATA Driver (Intel) (Non-RAID)\IaStor.sys
[2008.04.22 01:21:02 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\Drivers\INF\SATA Driver (Intel) (RAID)\IaStor.sys
[2008.04.22 01:20:50 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008.04.22 01:20:50 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_2d2ec4fd9937ddb4\iaStor.sys
[2008.04.22 01:21:02 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_950dad68cf8acc20\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 04:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 04:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 04:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 04:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\ERDNT\cache\user32.dll
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 04:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 04:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 
<           >

< End of report >

Alt 26.02.2012, 20:50   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Searchcompletion hat Firefoxsuche übernommen - Standard

Searchcompletion hat Firefoxsuche übernommen


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://startsear.ch/?aff=1&cf=e3e18afd-1547-11e1-8b2f-001a80d84059"
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKU\S-1-5-21-830961823-3395450180-1696562346-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sound.ahk.lnk = C:\Users\Thomas\Documents\sound.ahk ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-830961823-3395450180-1696562346-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-830961823-3395450180-1696562346-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-830961823-3395450180-1696562346-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.02.2012, 21:16   #6
c_w
 
Searchcompletion hat Firefoxsuche übernommen - Standard

Searchcompletion hat Firefoxsuche übernommen


Code:
ATTFilter
All processes killed
========== OTL ==========
Prefs.js: "Web Search" removed from browser.search.defaultengine
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.order.1
Prefs.js: "hxxp://startsear.ch/?aff=1&cf=e3e18afd-1547-11e1-8b2f-001a80d84059" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-830961823-3395450180-1696562346-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sound.ahk.lnk moved successfully.
C:\Users\Thomas\Documents\sound.ahk moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-830961823-3395450180-1696562346-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-830961823-3395450180-1696562346-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_USERS\S-1-5-21-830961823-3395450180-1696562346-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Thomas
->Temp folder emptied: 755130170 bytes
->Temporary Internet Files folder emptied: 329442666 bytes
->Java cache emptied: 1872643 bytes
->FireFox cache emptied: 118584973 bytes
->Google Chrome cache emptied: 83192344 bytes
->Opera cache emptied: 19526395 bytes
->Flash cache emptied: 139171 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 232514796 bytes
RecycleBin emptied: 210 bytes
 
Total Files Cleaned = 1.469,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.33.2 log created on 02262012_210730

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Danke soweit schonmal :-)
Aktuell taucht searchcompletion nicht mehr auf.

Alt 26.02.2012, 22:14   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Searchcompletion hat Firefoxsuche übernommen - Standard

Searchcompletion hat Firefoxsuche übernommen


Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.02.2012, 22:19   #8
c_w
 
Searchcompletion hat Firefoxsuche übernommen - Standard

Searchcompletion hat Firefoxsuche übernommen


Code:
ATTFilter
22:16:51.0348 3576	TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
22:16:51.0461 3576	============================================================
22:16:51.0461 3576	Current date / time: 2012/02/26 22:16:51.0461
22:16:51.0461 3576	SystemInfo:
22:16:51.0461 3576	
22:16:51.0461 3576	OS Version: 6.1.7601 ServicePack: 1.0
22:16:51.0461 3576	Product type: Workstation
22:16:51.0461 3576	ComputerName: THOMAS-SONY
22:16:51.0462 3576	UserName: Thomas
22:16:51.0462 3576	Windows directory: C:\Windows
22:16:51.0462 3576	System windows directory: C:\Windows
22:16:51.0462 3576	Processor architecture: Intel x86
22:16:51.0462 3576	Number of processors: 2
22:16:51.0462 3576	Page size: 0x1000
22:16:51.0462 3576	Boot type: Normal boot
22:16:51.0462 3576	============================================================
22:16:51.0958 3576	Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x9B4C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x9C, Type 'K0', Flags 0x00000050
22:16:51.0962 3576	Drive \Device\Harddisk3\DR3 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:16:55.0939 3576	\Device\Harddisk0\DR0:
22:16:55.0958 3576	MBR used
22:16:55.0958 3576	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xDA4800, BlocksNum 0x166FA1B0
22:16:55.0958 3576	\Device\Harddisk3\DR3:
22:16:55.0959 3576	MBR used
22:16:55.0959 3576	\Device\Harddisk3\DR3\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x12A18A82
22:16:55.0992 3576	Initialize success
22:16:55.0992 3576	============================================================
22:17:15.0654 3596	============================================================
22:17:15.0654 3596	Scan started
22:17:15.0654 3596	Mode: Manual; SigCheck; TDLFS; 
22:17:15.0654 3596	============================================================
22:17:16.0422 3596	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
22:17:16.0569 3596	1394ohci - ok
22:17:16.0802 3596	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
22:17:16.0844 3596	ACPI - ok
22:17:17.0069 3596	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
22:17:17.0196 3596	AcpiPmi - ok
22:17:17.0424 3596	acsock          (ae954c42547605408cddf03bb13845b8) C:\Windows\system32\DRIVERS\acsock.sys
22:17:17.0725 3596	acsock - ok
22:17:17.0962 3596	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:17:17.0994 3596	adp94xx - ok
22:17:18.0250 3596	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:17:18.0286 3596	adpahci - ok
22:17:18.0324 3596	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:17:18.0337 3596	adpu320 - ok
22:17:18.0597 3596	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
22:17:18.0696 3596	AFD - ok
22:17:18.0888 3596	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
22:17:18.0916 3596	agp440 - ok
22:17:19.0009 3596	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:17:19.0038 3596	aic78xx - ok
22:17:19.0281 3596	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
22:17:19.0306 3596	aliide - ok
22:17:19.0332 3596	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
22:17:19.0343 3596	amdagp - ok
22:17:19.0569 3596	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
22:17:19.0598 3596	amdide - ok
22:17:19.0814 3596	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:17:19.0945 3596	AmdK8 - ok
22:17:20.0163 3596	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:17:20.0232 3596	AmdPPM - ok
22:17:20.0464 3596	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
22:17:20.0485 3596	amdsata - ok
22:17:20.0556 3596	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:17:20.0592 3596	amdsbs - ok
22:17:20.0812 3596	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
22:17:20.0837 3596	amdxata - ok
22:17:20.0904 3596	androidusb      (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\Windows\system32\Drivers\ssadadb.sys
22:17:20.0924 3596	androidusb - ok
22:17:21.0181 3596	ApfiltrService  (9325e49d555d8f12ce1735227dbb3d80) C:\Windows\system32\DRIVERS\Apfiltr.sys
22:17:21.0199 3596	ApfiltrService - ok
22:17:21.0408 3596	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
22:17:21.0539 3596	AppID - ok
22:17:21.0766 3596	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:17:21.0796 3596	arc - ok
22:17:21.0838 3596	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:17:21.0855 3596	arcsas - ok
22:17:22.0088 3596	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:17:22.0222 3596	AsyncMac - ok
22:17:22.0474 3596	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
22:17:22.0504 3596	atapi - ok
22:17:22.0699 3596	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
22:17:22.0714 3596	avgntflt - ok
22:17:22.0752 3596	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
22:17:22.0779 3596	avipbb - ok
22:17:22.0959 3596	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
22:17:22.0971 3596	avkmgr - ok
22:17:23.0202 3596	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:17:23.0256 3596	b06bdrv - ok
22:17:23.0472 3596	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:17:23.0529 3596	b57nd60x - ok
22:17:23.0746 3596	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:17:23.0792 3596	Beep - ok
22:17:23.0993 3596	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:17:24.0045 3596	blbdrive - ok
22:17:24.0267 3596	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
22:17:24.0315 3596	bowser - ok
22:17:24.0518 3596	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:17:24.0615 3596	BrFiltLo - ok
22:17:24.0804 3596	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:17:24.0888 3596	BrFiltUp - ok
22:17:25.0115 3596	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:17:25.0170 3596	Brserid - ok
22:17:25.0379 3596	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:17:25.0429 3596	BrSerWdm - ok
22:17:25.0629 3596	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:17:25.0697 3596	BrUsbMdm - ok
22:17:25.0887 3596	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:17:25.0964 3596	BrUsbSer - ok
22:17:26.0198 3596	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
22:17:26.0270 3596	BthEnum - ok
22:17:26.0476 3596	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:17:26.0536 3596	BTHMODEM - ok
22:17:26.0731 3596	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
22:17:26.0776 3596	BthPan - ok
22:17:27.0046 3596	BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
22:17:27.0136 3596	BTHPORT - ok
22:17:27.0365 3596	BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
22:17:27.0417 3596	BTHUSB - ok
22:17:27.0630 3596	btwaudio        (6a6d155fc891bf3a31071c8ac4493c86) C:\Windows\system32\drivers\btwaudio.sys
22:17:27.0655 3596	btwaudio - ok
22:17:27.0846 3596	btwavdt         (4871b5ed4757197135ff65be61da44b3) C:\Windows\system32\DRIVERS\btwavdt.sys
22:17:27.0861 3596	btwavdt - ok
22:17:28.0056 3596	btwl2cap        (6af9fd2aeebdc16a98d3e30e68440c5c) C:\Windows\system32\DRIVERS\btwl2cap.sys
22:17:28.0070 3596	btwl2cap - ok
22:17:28.0265 3596	btwrchid        (8aa03ad11e46c60cb6f95693b41787b9) C:\Windows\system32\DRIVERS\btwrchid.sys
22:17:28.0279 3596	btwrchid - ok
22:17:28.0391 3596	catchme - ok
22:17:28.0588 3596	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:17:28.0676 3596	cdfs - ok
22:17:28.0903 3596	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
22:17:28.0965 3596	cdrom - ok
22:17:29.0192 3596	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:17:29.0261 3596	circlass - ok
22:17:29.0432 3596	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:17:29.0457 3596	CLFS - ok
22:17:29.0681 3596	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:17:29.0715 3596	CmBatt - ok
22:17:29.0761 3596	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
22:17:29.0775 3596	cmdide - ok
22:17:29.0892 3596	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
22:17:29.0944 3596	CNG - ok
22:17:30.0082 3596	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:17:30.0107 3596	Compbatt - ok
22:17:30.0245 3596	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
22:17:30.0279 3596	CompositeBus - ok
22:17:30.0486 3596	connctfy        (f483412cb726f5f09d73d92fe395f548) C:\Windows\system32\DRIVERS\connctfy.sys
22:17:30.0512 3596	connctfy - ok
22:17:30.0546 3596	connctfyMP      (f483412cb726f5f09d73d92fe395f548) C:\Windows\system32\DRIVERS\connctfy.sys
22:17:30.0558 3596	connctfyMP - ok
22:17:30.0754 3596	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:17:30.0773 3596	crcdisk - ok
22:17:31.0013 3596	CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
22:17:31.0127 3596	CSC - ok
22:17:31.0307 3596	CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
22:17:31.0349 3596	CVirtA - ok
22:17:31.0604 3596	CVPNDRVA        (cb90b2762b1a1d0b40496400c55b6ade) C:\Windows\system32\Drivers\CVPNDRVA.sys
22:17:31.0646 3596	CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
22:17:31.0646 3596	CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
22:17:31.0885 3596	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
22:17:31.0971 3596	DfsC - ok
22:17:32.0145 3596	dgderdrv - ok
22:17:32.0194 3596	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:17:32.0253 3596	discache - ok
22:17:32.0463 3596	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:17:32.0484 3596	Disk - ok
22:17:32.0691 3596	DMICall         (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
22:17:32.0713 3596	DMICall - ok
22:17:32.0908 3596	DNE             (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
22:17:32.0929 3596	DNE - ok
22:17:33.0153 3596	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:17:33.0210 3596	drmkaud - ok
22:17:33.0432 3596	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
22:17:33.0500 3596	DXGKrnl - ok
22:17:33.0730 3596	e1yexpress      (8eef52ad831471e323ee7364a8656d35) C:\Windows\system32\DRIVERS\e1y6032.sys
22:17:33.0792 3596	e1yexpress - ok
22:17:34.0125 3596	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:17:34.0208 3596	ebdrv - ok
22:17:34.0430 3596	ElbyCDIO        (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
22:17:34.0454 3596	ElbyCDIO - ok
22:17:34.0675 3596	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:17:34.0709 3596	elxstor - ok
22:17:34.0919 3596	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
22:17:34.0971 3596	ErrDev - ok
22:17:35.0209 3596	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:17:35.0274 3596	exfat - ok
22:17:35.0499 3596	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:17:35.0583 3596	fastfat - ok
22:17:35.0798 3596	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:17:35.0852 3596	fdc - ok
22:17:36.0045 3596	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:17:36.0075 3596	FileInfo - ok
22:17:36.0277 3596	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:17:36.0343 3596	Filetrace - ok
22:17:36.0547 3596	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:17:36.0582 3596	flpydisk - ok
22:17:36.0768 3596	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:17:36.0798 3596	FltMgr - ok
22:17:37.0024 3596	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:17:37.0054 3596	FsDepends - ok
22:17:37.0264 3596	FsUsbExDisk     (b07663a810e861eebfd0eac7e82ca62d) C:\Windows\system32\FsUsbExDisk.SYS
22:17:37.0316 3596	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
22:17:37.0316 3596	FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
22:17:37.0563 3596	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
22:17:37.0584 3596	Fs_Rec - ok
22:17:37.0654 3596	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
22:17:37.0681 3596	fvevol - ok
22:17:37.0888 3596	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:17:37.0909 3596	gagp30kx - ok
22:17:38.0149 3596	GizmoDrv        (e48da656df32eda6e5b9d06e3d410b49) C:\Windows\system32\drivers\GizmoDrv.sys
22:17:38.0174 3596	GizmoDrv - ok
22:17:38.0401 3596	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:17:38.0474 3596	hcw85cir - ok
22:17:38.0685 3596	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
22:17:38.0735 3596	HdAudAddService - ok
22:17:38.0969 3596	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
22:17:39.0024 3596	HDAudBus - ok
22:17:39.0223 3596	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:17:39.0268 3596	HidBatt - ok
22:17:39.0458 3596	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:17:39.0524 3596	HidBth - ok
22:17:39.0706 3596	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:17:39.0752 3596	HidIr - ok
22:17:39.0989 3596	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
22:17:40.0025 3596	HidUsb - ok
22:17:40.0248 3596	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
22:17:40.0275 3596	HpSAMD - ok
22:17:40.0526 3596	HSF_DPV         (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
22:17:40.0617 3596	HSF_DPV - ok
22:17:40.0834 3596	HSXHWAZL        (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
22:17:40.0923 3596	HSXHWAZL - ok
22:17:41.0145 3596	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
22:17:41.0208 3596	HTTP - ok
22:17:41.0443 3596	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
22:17:41.0453 3596	hwpolicy - ok
22:17:41.0622 3596	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
22:17:41.0673 3596	i8042prt - ok
22:17:41.0782 3596	iaStor          (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
22:17:41.0798 3596	iaStor - ok
22:17:42.0070 3596	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
22:17:42.0106 3596	iaStorV - ok
22:17:42.0476 3596	igfx            (c7fee838fd0216ee0ad3d765ab4f40f4) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:17:42.0737 3596	igfx - ok
22:17:42.0964 3596	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:17:42.0985 3596	iirsp - ok
22:17:43.0321 3596	IntcAzAudAddService (4a0f260df9a5333c07f4ab40ca9d4f4b) C:\Windows\system32\drivers\RTKVHDA.sys
22:17:43.0381 3596	IntcAzAudAddService - ok
22:17:43.0585 3596	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
22:17:43.0607 3596	intelide - ok
22:17:43.0832 3596	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:17:43.0894 3596	intelppm - ok
22:17:44.0096 3596	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:17:44.0162 3596	IpFilterDriver - ok
22:17:44.0385 3596	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
22:17:44.0433 3596	IPMIDRV - ok
22:17:44.0624 3596	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:17:44.0697 3596	IPNAT - ok
22:17:44.0925 3596	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:17:45.0015 3596	IRENUM - ok
22:17:45.0208 3596	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
22:17:45.0240 3596	isapnp - ok
22:17:45.0300 3596	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
22:17:45.0315 3596	iScsiPrt - ok
22:17:45.0545 3596	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
22:17:45.0565 3596	kbdclass - ok
22:17:45.0640 3596	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
22:17:45.0674 3596	kbdhid - ok
22:17:45.0850 3596	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
22:17:45.0867 3596	KSecDD - ok
22:17:45.0925 3596	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
22:17:45.0948 3596	KSecPkg - ok
22:17:46.0141 3596	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:17:46.0217 3596	lltdio - ok
22:17:46.0441 3596	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:17:46.0484 3596	LSI_FC - ok
22:17:46.0709 3596	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:17:46.0742 3596	LSI_SAS - ok
22:17:46.0969 3596	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:17:47.0001 3596	LSI_SAS2 - ok
22:17:47.0048 3596	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:17:47.0060 3596	LSI_SCSI - ok
22:17:47.0304 3596	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:17:47.0374 3596	luafv - ok
22:17:47.0585 3596	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
22:17:47.0608 3596	MBAMProtector - ok
22:17:47.0833 3596	mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:17:47.0859 3596	mdmxsdk - ok
22:17:47.0951 3596	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:17:47.0981 3596	megasas - ok
22:17:48.0126 3596	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:17:48.0165 3596	MegaSR - ok
22:17:48.0234 3596	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:17:48.0323 3596	Modem - ok
22:17:48.0479 3596	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:17:48.0521 3596	monitor - ok
22:17:48.0733 3596	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
22:17:48.0763 3596	mouclass - ok
22:17:48.0986 3596	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:17:49.0032 3596	mouhid - ok
22:17:49.0251 3596	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
22:17:49.0282 3596	mountmgr - ok
22:17:49.0339 3596	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
22:17:49.0366 3596	mpio - ok
22:17:49.0577 3596	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:17:49.0651 3596	mpsdrv - ok
22:17:49.0851 3596	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
22:17:49.0946 3596	MRxDAV - ok
22:17:50.0162 3596	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:17:50.0237 3596	mrxsmb - ok
22:17:50.0444 3596	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:17:50.0507 3596	mrxsmb10 - ok
22:17:50.0706 3596	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:17:50.0754 3596	mrxsmb20 - ok
22:17:50.0961 3596	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
22:17:50.0988 3596	msahci - ok
22:17:51.0040 3596	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
22:17:51.0058 3596	msdsm - ok
22:17:51.0291 3596	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:17:51.0339 3596	Msfs - ok
22:17:51.0357 3596	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:17:51.0382 3596	mshidkmdf - ok
22:17:51.0582 3596	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
22:17:51.0612 3596	msisadrv - ok
22:17:51.0836 3596	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:17:51.0891 3596	MSKSSRV - ok
22:17:52.0110 3596	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:17:52.0154 3596	MSPCLOCK - ok
22:17:52.0399 3596	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:17:52.0470 3596	MSPQM - ok
22:17:52.0674 3596	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:17:52.0693 3596	MsRPC - ok
22:17:52.0747 3596	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
22:17:52.0762 3596	mssmbios - ok
22:17:52.0991 3596	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:17:53.0064 3596	MSTEE - ok
22:17:53.0258 3596	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:17:53.0300 3596	MTConfig - ok
22:17:53.0476 3596	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:17:53.0507 3596	Mup - ok
22:17:53.0735 3596	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:17:53.0778 3596	NativeWifiP - ok
22:17:54.0013 3596	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
22:17:54.0058 3596	NDIS - ok
22:17:54.0283 3596	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:17:54.0353 3596	NdisCap - ok
22:17:54.0567 3596	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:17:54.0649 3596	NdisTapi - ok
22:17:54.0883 3596	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
22:17:54.0953 3596	Ndisuio - ok
22:17:55.0153 3596	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
22:17:55.0202 3596	NdisWan - ok
22:17:55.0395 3596	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
22:17:55.0437 3596	NDProxy - ok
22:17:55.0635 3596	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:17:55.0712 3596	NetBIOS - ok
22:17:55.0907 3596	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
22:17:55.0965 3596	NetBT - ok
22:17:56.0318 3596	NETw5v32        (f0c42e0cdce558d658fa53a222b4ccb1) C:\Windows\system32\DRIVERS\NETw5v32.sys
22:17:56.0468 3596	NETw5v32 - ok
22:17:56.0691 3596	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:17:56.0717 3596	nfrd960 - ok
22:17:56.0903 3596	nmwcdnsu - ok
22:17:56.0933 3596	nmwcdnsuc - ok
22:17:57.0000 3596	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:17:57.0050 3596	Npfs - ok
22:17:57.0230 3596	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:17:57.0290 3596	nsiproxy - ok
22:17:57.0555 3596	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
22:17:57.0611 3596	Ntfs - ok
22:17:57.0816 3596	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:17:57.0861 3596	Null - ok
22:17:58.0346 3596	nvlddmkm        (9c42e75dadadd18a16482bcba773a63c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:17:58.0679 3596	nvlddmkm - ok
22:17:58.0899 3596	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
22:17:58.0933 3596	nvraid - ok
22:17:59.0215 3596	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
22:17:59.0228 3596	nvstor - ok
22:17:59.0381 3596	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
22:17:59.0413 3596	nv_agp - ok
22:17:59.0496 3596	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
22:17:59.0555 3596	ohci1394 - ok
22:17:59.0766 3596	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:17:59.0808 3596	Parport - ok
22:18:00.0002 3596	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
22:18:00.0024 3596	partmgr - ok
22:18:00.0082 3596	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:18:00.0132 3596	Parvdm - ok
22:18:00.0304 3596	pccsmcfd - ok
22:18:00.0372 3596	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
22:18:00.0387 3596	pci - ok
22:18:00.0622 3596	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
22:18:00.0648 3596	pciide - ok
22:18:00.0727 3596	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:18:00.0740 3596	pcmcia - ok
22:18:00.0931 3596	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:18:00.0961 3596	pcw - ok
22:18:01.0036 3596	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:18:01.0090 3596	PEAUTH - ok
22:18:01.0350 3596	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:18:01.0436 3596	PptpMiniport - ok
22:18:01.0674 3596	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:18:01.0728 3596	Processor - ok
22:18:01.0943 3596	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:18:02.0029 3596	Psched - ok
22:18:02.0251 3596	PSI             (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
22:18:02.0262 3596	PSI - ok
22:18:02.0296 3596	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
22:18:02.0308 3596	PxHelp20 - ok
22:18:02.0586 3596	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:18:02.0688 3596	ql2300 - ok
22:18:02.0904 3596	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:18:02.0937 3596	ql40xx - ok
22:18:03.0151 3596	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:18:03.0178 3596	QWAVEdrv - ok
22:18:03.0206 3596	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:18:03.0243 3596	RasAcd - ok
22:18:03.0454 3596	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:18:03.0530 3596	RasAgileVpn - ok
22:18:03.0765 3596	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:18:03.0842 3596	Rasl2tp - ok
22:18:04.0076 3596	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:18:04.0129 3596	RasPppoe - ok
22:18:04.0363 3596	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:18:04.0403 3596	RasSstp - ok
22:18:04.0604 3596	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
22:18:04.0677 3596	rdbss - ok
22:18:04.0882 3596	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:18:04.0912 3596	rdpbus - ok
22:18:05.0109 3596	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:18:05.0158 3596	RDPCDD - ok
22:18:05.0216 3596	RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
22:18:05.0238 3596	RDPDR - ok
22:18:05.0426 3596	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:18:05.0511 3596	RDPENCDD - ok
22:18:05.0685 3596	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:18:05.0727 3596	RDPREFMP - ok
22:18:05.0795 3596	RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
22:18:05.0835 3596	RDPWD - ok
22:18:06.0051 3596	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
22:18:06.0088 3596	rdyboost - ok
22:18:06.0119 3596	regi            (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
22:18:06.0137 3596	regi - ok
22:18:06.0341 3596	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
22:18:06.0398 3596	RFCOMM - ok
22:18:06.0622 3596	rimsptsk        (f2993908be03181c781228daadc55230) C:\Windows\system32\DRIVERS\rimsptsk.sys
22:18:06.0661 3596	rimsptsk - ok
22:18:06.0874 3596	risdptsk        (53ea7c7d1d3c4b11ae0ea7c8d75c4e82) C:\Windows\system32\DRIVERS\risdptsk.sys
22:18:06.0936 3596	risdptsk - ok
22:18:07.0159 3596	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:18:07.0218 3596	rspndr - ok
22:18:07.0413 3596	s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
22:18:07.0477 3596	s3cap - ok
22:18:07.0609 3596	SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:18:07.0633 3596	SASKUTIL - ok
22:18:07.0877 3596	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
22:18:07.0895 3596	sbp2port - ok
22:18:07.0954 3596	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
22:18:08.0035 3596	scfilter - ok
22:18:08.0287 3596	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:18:08.0344 3596	secdrv - ok
22:18:08.0603 3596	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:18:08.0651 3596	Serenum - ok
22:18:08.0872 3596	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:18:08.0930 3596	Serial - ok
22:18:09.0215 3596	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:18:09.0250 3596	sermouse - ok
22:18:09.0487 3596	SFEP            (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
22:18:09.0553 3596	SFEP - ok
22:18:09.0750 3596	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
22:18:09.0808 3596	sffdisk - ok
22:18:10.0016 3596	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
22:18:10.0065 3596	sffp_mmc - ok
22:18:10.0132 3596	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
22:18:10.0186 3596	sffp_sd - ok
22:18:10.0345 3596	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:18:10.0384 3596	sfloppy - ok
22:18:10.0574 3596	shpf            (8d278fea49890e1526e44e41b1b74ddb) C:\Windows\system32\DRIVERS\shpf.sys
22:18:10.0597 3596	shpf - ok
22:18:10.0658 3596	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
22:18:10.0677 3596	sisagp - ok
22:18:10.0900 3596	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:18:10.0931 3596	SiSRaid2 - ok
22:18:10.0953 3596	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:18:10.0964 3596	SiSRaid4 - ok
22:18:11.0179 3596	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:18:11.0228 3596	Smb - ok
22:18:11.0357 3596	SPI             (225a17c6ad0207a058d728c0fa87e61d) C:\Windows\system32\DRIVERS\SonyPI.sys
22:18:11.0412 3596	SPI - ok
22:18:11.0576 3596	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:18:11.0600 3596	spldr - ok
22:18:11.0714 3596	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
22:18:11.0796 3596	srv - ok
22:18:11.0925 3596	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
22:18:11.0970 3596	srv2 - ok
22:18:12.0165 3596	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
22:18:12.0223 3596	srvnet - ok
22:18:12.0464 3596	ssadbus         (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys
22:18:12.0476 3596	ssadbus - ok
22:18:12.0698 3596	ssadmdfl        (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys
22:18:12.0710 3596	ssadmdfl - ok
22:18:12.0929 3596	ssadmdm         (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys
22:18:12.0953 3596	ssadmdm - ok
22:18:13.0031 3596	sscdbus         (069351a1d7d291013177a90ae6edccbc) C:\Windows\system32\DRIVERS\sscdbus.sys
22:18:13.0045 3596	sscdbus - ok
22:18:13.0254 3596	sscdmdfl        (1c925be223a5c0f9f469252292a48df6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
22:18:13.0275 3596	sscdmdfl - ok
22:18:13.0337 3596	sscdmdm         (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\Windows\system32\DRIVERS\sscdmdm.sys
22:18:13.0363 3596	sscdmdm - ok
22:18:13.0588 3596	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:18:13.0609 3596	ssmdrv - ok
22:18:13.0671 3596	StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
22:18:13.0698 3596	StarOpen ( UnsignedFile.Multi.Generic ) - warning
22:18:13.0698 3596	StarOpen - detected UnsignedFile.Multi.Generic (1)
22:18:13.0928 3596	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:18:13.0959 3596	stexstor - ok
22:18:14.0069 3596	storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
22:18:14.0100 3596	storflt - ok
22:18:14.0326 3596	storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
22:18:14.0356 3596	storvsc - ok
22:18:14.0417 3596	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
22:18:14.0429 3596	swenum - ok
22:18:14.0690 3596	Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
22:18:14.0782 3596	Tcpip - ok
22:18:15.0034 3596	TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
22:18:15.0107 3596	TCPIP6 - ok
22:18:15.0308 3596	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
22:18:15.0380 3596	tcpipreg - ok
22:18:15.0562 3596	TcUsb           (53900527fa5e2ccc818c5894383772d1) C:\Windows\system32\Drivers\tcusb.sys
22:18:15.0584 3596	TcUsb - ok
22:18:15.0788 3596	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
22:18:15.0861 3596	TDPIPE - ok
22:18:16.0056 3596	TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
22:18:16.0103 3596	TDTCP - ok
22:18:16.0301 3596	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
22:18:16.0360 3596	tdx - ok
22:18:16.0588 3596	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
22:18:16.0619 3596	TermDD - ok
22:18:16.0800 3596	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:18:16.0861 3596	tssecsrv - ok
22:18:16.0986 3596	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
22:18:17.0015 3596	TsUsbFlt - ok
22:18:17.0229 3596	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
22:18:17.0303 3596	tunnel - ok
22:18:17.0493 3596	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:18:17.0513 3596	uagp35 - ok
22:18:17.0579 3596	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
22:18:17.0640 3596	udfs - ok
22:18:17.0870 3596	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
22:18:17.0903 3596	uliagpkx - ok
22:18:18.0146 3596	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
22:18:18.0200 3596	umbus - ok
22:18:18.0269 3596	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:18:18.0314 3596	UmPass - ok
22:18:18.0533 3596	usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
22:18:18.0590 3596	usbaudio - ok
22:18:18.0786 3596	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
22:18:18.0854 3596	usbccgp - ok
22:18:19.0081 3596	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
22:18:19.0144 3596	usbcir - ok
22:18:19.0353 3596	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
22:18:19.0392 3596	usbehci - ok
22:18:19.0612 3596	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
22:18:19.0634 3596	usbhub - ok
22:18:19.0841 3596	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
22:18:19.0882 3596	usbohci - ok
22:18:20.0102 3596	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:18:20.0168 3596	usbprint - ok
22:18:20.0382 3596	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:18:20.0463 3596	USBSTOR - ok
22:18:20.0672 3596	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
22:18:20.0715 3596	usbuhci - ok
22:18:20.0953 3596	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
22:18:21.0013 3596	usbvideo - ok
22:18:21.0225 3596	usb_rndisx      (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
22:18:21.0277 3596	usb_rndisx - ok
22:18:21.0490 3596	VClone          (9bf2ea54e5ed5acdf96f1dec84c117c4) C:\Windows\system32\DRIVERS\VClone.sys
22:18:21.0528 3596	VClone - ok
22:18:21.0739 3596	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
22:18:21.0766 3596	vdrvroot - ok
22:18:21.0975 3596	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:18:22.0034 3596	vga - ok
22:18:22.0084 3596	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:18:22.0124 3596	VgaSave - ok
22:18:22.0329 3596	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
22:18:22.0349 3596	vhdmp - ok
22:18:22.0562 3596	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
22:18:22.0593 3596	viaagp - ok
22:18:22.0657 3596	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:18:22.0693 3596	ViaC7 - ok
22:18:22.0879 3596	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
22:18:22.0910 3596	viaide - ok
22:18:22.0974 3596	vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
22:18:23.0011 3596	vmbus - ok
22:18:23.0235 3596	VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
22:18:23.0288 3596	VMBusHID - ok
22:18:23.0505 3596	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
22:18:23.0520 3596	volmgr - ok
22:18:23.0565 3596	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:18:23.0599 3596	volmgrx - ok
22:18:23.0818 3596	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
22:18:23.0845 3596	volsnap - ok
22:18:24.0060 3596	vpnva           (1b7c80c66742dafaa31f98af4c3a5bc2) C:\Windows\system32\DRIVERS\vpnva.sys
22:18:24.0077 3596	vpnva - ok
22:18:24.0146 3596	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:18:24.0172 3596	vsmraid - ok
22:18:24.0411 3596	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
22:18:24.0466 3596	vwifibus - ok
22:18:24.0704 3596	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:18:24.0765 3596	WacomPen - ok
22:18:24.0987 3596	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:18:25.0068 3596	WANARP - ok
22:18:25.0071 3596	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:18:25.0094 3596	Wanarpv6 - ok
22:18:25.0287 3596	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:18:25.0317 3596	Wd - ok
22:18:25.0375 3596	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:18:25.0423 3596	Wdf01000 - ok
22:18:25.0637 3596	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:18:25.0715 3596	WfpLwf - ok
22:18:25.0904 3596	WimFltr         (090a2b8f055343815556a01f725f6c35) C:\Windows\system32\DRIVERS\wimfltr.sys
22:18:25.0935 3596	WimFltr - ok
22:18:26.0086 3596	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:18:26.0131 3596	WIMMount - ok
22:18:26.0258 3596	winachsf        (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:18:26.0312 3596	winachsf - ok
22:18:26.0580 3596	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
22:18:26.0622 3596	WinUsb - ok
22:18:26.0869 3596	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
22:18:26.0903 3596	WmiAcpi - ok
22:18:27.0145 3596	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:18:27.0231 3596	ws2ifsl - ok
22:18:27.0298 3596	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
22:18:27.0381 3596	WudfPf - ok
22:18:27.0610 3596	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:18:27.0646 3596	WUDFRd - ok
22:18:27.0857 3596	XAudio          (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
22:18:27.0893 3596	XAudio - ok
22:18:28.0136 3596	yukonw7         (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
22:18:28.0180 3596	yukonw7 - ok
22:18:28.0270 3596	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:18:28.0294 3596	\Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
22:18:28.0294 3596	\Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
22:18:28.0331 3596	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:18:28.0332 3596	\Device\Harddisk0\DR0 - detected TDSS File System (1)
22:18:28.0338 3596	MBR (0x1B8)     (8464d19686910a2e5d0e5c28c70a95ab) \Device\Harddisk3\DR3
22:18:28.0786 3596	\Device\Harddisk3\DR3 - ok
22:18:28.0820 3596	Boot (0x1200)   (ee6c8e7722f3e624661741eeb8a0c5e8) \Device\Harddisk0\DR0\Partition0
22:18:28.0821 3596	\Device\Harddisk0\DR0\Partition0 - ok
22:18:28.0824 3596	Boot (0x1200)   (e51e95a838640cb729fef777f65cd1bf) \Device\Harddisk3\DR3\Partition0
22:18:28.0825 3596	\Device\Harddisk3\DR3\Partition0 - ok
22:18:28.0826 3596	============================================================
22:18:28.0826 3596	Scan finished
22:18:28.0826 3596	============================================================
22:18:28.0837 2308	Detected object count: 5
22:18:28.0837 2308	Actual detected object count: 5
22:18:37.0250 2308	CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
22:18:37.0250 2308	CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:18:37.0251 2308	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
22:18:37.0251 2308	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:18:37.0252 2308	StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
22:18:37.0253 2308	StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:18:37.0313 2308	\Device\Harddisk0\DR0\# - copied to quarantine
22:18:37.0314 2308	\Device\Harddisk0\DR0 - copied to quarantine
22:18:37.0360 2308	\Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot
22:18:37.0363 2308	\Device\Harddisk0\DR0 - ok
22:18:37.0363 2308	\Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure 
22:18:37.0364 2308	\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:18:37.0364 2308	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Alt 26.02.2012, 22:31   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Searchcompletion hat Firefoxsuche übernommen - Standard

Searchcompletion hat Firefoxsuche übernommen


Zitat:
- User select action: Cure
Du solltest eigentlich nichts ohne Anweisung fixen sondern nur den Report zeigen! In diesem Falle musst du aber was fixen:

Zitat:
22:18:37.0363 2308 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure
22:18:37.0364 2308 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
Und zwar bitte nur diese!
Das TDSS File System und den Sinowal bitte mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach ein neues Log mit diesem Tool. Poste es wieder mit CODE-Tags umschlossen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.02.2012, 08:19   #10
c_w
 
Searchcompletion hat Firefoxsuche übernommen - Standard

Searchcompletion hat Firefoxsuche übernommen


Ich hab gerade die externe Festplatte, die gestern noch angeschlossen war, nicht dabei. Aber da die Funde, die ich fixen sollte, auf der internen sind, macht das keinen Unterschied, oder?

Code:
ATTFilter
08:15:11.0353 5516	TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
08:15:11.0353 5516	============================================================
08:15:11.0353 5516	Current date / time: 2012/02/27 08:15:11.0353
08:15:11.0353 5516	SystemInfo:
08:15:11.0353 5516	
08:15:11.0353 5516	OS Version: 6.1.7601 ServicePack: 1.0
08:15:11.0353 5516	Product type: Workstation
08:15:11.0353 5516	ComputerName: THOMAS-SONY
08:15:11.0353 5516	UserName: Thomas
08:15:11.0353 5516	Windows directory: C:\Windows
08:15:11.0353 5516	System windows directory: C:\Windows
08:15:11.0353 5516	Processor architecture: Intel x86
08:15:11.0353 5516	Number of processors: 2
08:15:11.0353 5516	Page size: 0x1000
08:15:11.0353 5516	Boot type: Normal boot
08:15:11.0353 5516	============================================================
08:15:13.0427 5516	Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x9B4C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x9C, Type 'K0', Flags 0x00000050
08:15:13.0443 5516	\Device\Harddisk0\DR0:
08:15:13.0443 5516	MBR used
08:15:13.0443 5516	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xDA4800, BlocksNum 0x166FA1B0
08:15:13.0459 5516	Initialize success
08:15:13.0459 5516	============================================================
08:15:25.0361 5820	============================================================
08:15:25.0361 5820	Scan started
08:15:25.0361 5820	Mode: Manual; SigCheck; TDLFS; 
08:15:25.0361 5820	============================================================
08:15:27.0155 5820	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
08:15:27.0358 5820	1394ohci - ok
08:15:27.0592 5820	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
08:15:27.0639 5820	ACPI - ok
08:15:27.0857 5820	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
08:15:27.0998 5820	AcpiPmi - ok
08:15:28.0279 5820	acsock          (ae954c42547605408cddf03bb13845b8) C:\Windows\system32\DRIVERS\acsock.sys
08:15:28.0466 5820	acsock - ok
08:15:28.0731 5820	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
08:15:28.0778 5820	adp94xx - ok
08:15:28.0996 5820	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
08:15:29.0043 5820	adpahci - ok
08:15:29.0261 5820	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
08:15:29.0293 5820	adpu320 - ok
08:15:29.0511 5820	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
08:15:29.0605 5820	AFD - ok
08:15:29.0823 5820	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
08:15:29.0839 5820	agp440 - ok
08:15:30.0057 5820	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
08:15:30.0088 5820	aic78xx - ok
08:15:30.0338 5820	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
08:15:30.0353 5820	aliide - ok
08:15:30.0400 5820	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
08:15:30.0416 5820	amdagp - ok
08:15:30.0634 5820	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
08:15:30.0650 5820	amdide - ok
08:15:30.0868 5820	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
08:15:30.0962 5820	AmdK8 - ok
08:15:31.0180 5820	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
08:15:31.0243 5820	AmdPPM - ok
08:15:31.0477 5820	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
08:15:31.0492 5820	amdsata - ok
08:15:31.0711 5820	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
08:15:31.0757 5820	amdsbs - ok
08:15:31.0804 5820	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
08:15:31.0835 5820	amdxata - ok
08:15:32.0054 5820	androidusb      (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\Windows\system32\Drivers\ssadadb.sys
08:15:32.0257 5820	androidusb - ok
08:15:32.0522 5820	ApfiltrService  (9325e49d555d8f12ce1735227dbb3d80) C:\Windows\system32\DRIVERS\Apfiltr.sys
08:15:32.0662 5820	ApfiltrService - ok
08:15:32.0865 5820	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
08:15:33.0037 5820	AppID - ok
08:15:33.0286 5820	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
08:15:33.0317 5820	arc - ok
08:15:33.0349 5820	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
08:15:33.0380 5820	arcsas - ok
08:15:33.0583 5820	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
08:15:33.0754 5820	AsyncMac - ok
08:15:33.0973 5820	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
08:15:34.0004 5820	atapi - ok
08:15:34.0222 5820	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
08:15:34.0316 5820	avgntflt - ok
08:15:34.0347 5820	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
08:15:34.0425 5820	avipbb - ok
08:15:34.0597 5820	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
08:15:34.0721 5820	avkmgr - ok
08:15:34.0971 5820	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
08:15:35.0049 5820	b06bdrv - ok
08:15:35.0283 5820	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
08:15:35.0330 5820	b57nd60x - ok
08:15:35.0564 5820	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
08:15:35.0673 5820	Beep - ok
08:15:35.0876 5820	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
08:15:35.0938 5820	blbdrive - ok
08:15:36.0141 5820	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
08:15:36.0203 5820	bowser - ok
08:15:36.0250 5820	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:15:36.0375 5820	BrFiltLo - ok
08:15:36.0562 5820	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:15:36.0625 5820	BrFiltUp - ok
08:15:36.0827 5820	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
08:15:36.0905 5820	Brserid - ok
08:15:37.0108 5820	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
08:15:37.0171 5820	BrSerWdm - ok
08:15:37.0358 5820	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:15:37.0436 5820	BrUsbMdm - ok
08:15:37.0623 5820	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
08:15:37.0701 5820	BrUsbSer - ok
08:15:37.0935 5820	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
08:15:38.0029 5820	BthEnum - ok
08:15:38.0231 5820	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
08:15:38.0309 5820	BTHMODEM - ok
08:15:38.0356 5820	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
08:15:38.0403 5820	BthPan - ok
08:15:38.0621 5820	BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
08:15:38.0731 5820	BTHPORT - ok
08:15:38.0933 5820	BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
08:15:38.0996 5820	BTHUSB - ok
08:15:39.0199 5820	btwaudio        (6a6d155fc891bf3a31071c8ac4493c86) C:\Windows\system32\drivers\btwaudio.sys
08:15:39.0339 5820	btwaudio - ok
08:15:39.0526 5820	btwavdt         (4871b5ed4757197135ff65be61da44b3) C:\Windows\system32\DRIVERS\btwavdt.sys
08:15:39.0667 5820	btwavdt - ok
08:15:39.0869 5820	btwl2cap        (6af9fd2aeebdc16a98d3e30e68440c5c) C:\Windows\system32\DRIVERS\btwl2cap.sys
08:15:39.0994 5820	btwl2cap - ok
08:15:40.0197 5820	btwrchid        (8aa03ad11e46c60cb6f95693b41787b9) C:\Windows\system32\DRIVERS\btwrchid.sys
08:15:40.0322 5820	btwrchid - ok
08:15:40.0447 5820	catchme - ok
08:15:40.0634 5820	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
08:15:40.0712 5820	cdfs - ok
08:15:40.0946 5820	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
08:15:40.0993 5820	cdrom - ok
08:15:41.0242 5820	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
08:15:41.0305 5820	circlass - ok
08:15:41.0461 5820	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
08:15:41.0492 5820	CLFS - ok
08:15:41.0741 5820	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
08:15:41.0773 5820	CmBatt - ok
08:15:41.0851 5820	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
08:15:41.0866 5820	cmdide - ok
08:15:42.0085 5820	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
08:15:42.0131 5820	CNG - ok
08:15:42.0319 5820	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
08:15:42.0350 5820	Compbatt - ok
08:15:42.0568 5820	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
08:15:42.0615 5820	CompositeBus - ok
08:15:42.0880 5820	connctfy        (f483412cb726f5f09d73d92fe395f548) C:\Windows\system32\DRIVERS\connctfy.sys
08:15:43.0036 5820	connctfy - ok
08:15:43.0067 5820	connctfyMP      (f483412cb726f5f09d73d92fe395f548) C:\Windows\system32\DRIVERS\connctfy.sys
08:15:43.0192 5820	connctfyMP - ok
08:15:43.0379 5820	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
08:15:43.0411 5820	crcdisk - ok
08:15:43.0645 5820	CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
08:15:43.0738 5820	CSC - ok
08:15:43.0941 5820	CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
08:15:44.0003 5820	CVirtA - ok
08:15:44.0253 5820	CVPNDRVA        (cb90b2762b1a1d0b40496400c55b6ade) C:\Windows\system32\Drivers\CVPNDRVA.sys
08:15:44.0300 5820	CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
08:15:44.0300 5820	CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
08:15:44.0534 5820	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
08:15:44.0627 5820	DfsC - ok
08:15:44.0815 5820	dgderdrv - ok
08:15:44.0877 5820	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
08:15:44.0971 5820	discache - ok
08:15:45.0173 5820	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
08:15:45.0205 5820	Disk - ok
08:15:45.0407 5820	DMICall         (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
08:15:45.0423 5820	DMICall - ok
08:15:45.0626 5820	DNE             (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
08:15:45.0641 5820	DNE - ok
08:15:45.0891 5820	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
08:15:45.0953 5820	drmkaud - ok
08:15:46.0172 5820	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
08:15:46.0219 5820	DXGKrnl - ok
08:15:46.0453 5820	e1yexpress      (8eef52ad831471e323ee7364a8656d35) C:\Windows\system32\DRIVERS\e1y6032.sys
08:15:46.0499 5820	e1yexpress - ok
08:15:46.0827 5820	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
08:15:46.0967 5820	ebdrv - ok
08:15:47.0186 5820	ElbyCDIO        (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
08:15:47.0326 5820	ElbyCDIO - ok
08:15:47.0560 5820	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
08:15:47.0607 5820	elxstor - ok
08:15:47.0654 5820	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
08:15:47.0701 5820	ErrDev - ok
08:15:47.0903 5820	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
08:15:47.0981 5820	exfat - ok
08:15:48.0013 5820	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
08:15:48.0091 5820	fastfat - ok
08:15:48.0325 5820	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
08:15:48.0371 5820	fdc - ok
08:15:48.0434 5820	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
08:15:48.0449 5820	FileInfo - ok
08:15:48.0652 5820	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
08:15:48.0746 5820	Filetrace - ok
08:15:48.0964 5820	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
08:15:49.0027 5820	flpydisk - ok
08:15:49.0214 5820	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
08:15:49.0245 5820	FltMgr - ok
08:15:49.0463 5820	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
08:15:49.0495 5820	FsDepends - ok
08:15:49.0541 5820	FsUsbExDisk     (b07663a810e861eebfd0eac7e82ca62d) C:\Windows\system32\FsUsbExDisk.SYS
08:15:49.0588 5820	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
08:15:49.0588 5820	FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
08:15:49.0838 5820	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
08:15:49.0869 5820	Fs_Rec - ok
08:15:49.0947 5820	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
08:15:49.0978 5820	fvevol - ok
08:15:50.0212 5820	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:15:50.0243 5820	gagp30kx - ok
08:15:50.0602 5820	GizmoDrv        (e48da656df32eda6e5b9d06e3d410b49) C:\Windows\system32\drivers\GizmoDrv.sys
08:15:50.0680 5820	GizmoDrv - ok
08:15:50.0977 5820	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
08:15:51.0164 5820	hcw85cir - ok
08:15:51.0928 5820	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
08:15:51.0991 5820	HdAudAddService - ok
08:15:52.0303 5820	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
08:15:52.0365 5820	HDAudBus - ok
08:15:52.0724 5820	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
08:15:52.0802 5820	HidBatt - ok
08:15:53.0114 5820	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
08:15:53.0176 5820	HidBth - ok
08:15:53.0551 5820	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
08:15:53.0613 5820	HidIr - ok
08:15:54.0487 5820	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
08:15:54.0502 5820	HidUsb - ok
08:15:54.0970 5820	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
08:15:55.0001 5820	HpSAMD - ok
08:15:55.0516 5820	HSF_DPV         (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
08:15:55.0594 5820	HSF_DPV - ok
08:15:55.0938 5820	HSXHWAZL        (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
08:15:56.0000 5820	HSXHWAZL - ok
08:15:56.0515 5820	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
08:15:56.0640 5820	HTTP - ok
08:15:56.0967 5820	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
08:15:56.0983 5820	hwpolicy - ok
08:15:57.0326 5820	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
08:15:57.0388 5820	i8042prt - ok
08:15:58.0402 5820	iaStor          (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
08:15:58.0449 5820	iaStor - ok
08:15:58.0886 5820	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
08:15:58.0933 5820	iaStorV - ok
08:15:59.0370 5820	igfx            (c7fee838fd0216ee0ad3d765ab4f40f4) C:\Windows\system32\DRIVERS\igdkmd32.sys
08:15:59.0744 5820	igfx - ok
08:16:00.0165 5820	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
08:16:00.0196 5820	iirsp - ok
08:16:01.0398 5820	IntcAzAudAddService (4a0f260df9a5333c07f4ab40ca9d4f4b) C:\Windows\system32\drivers\RTKVHDA.sys
08:16:01.0554 5820	IntcAzAudAddService - ok
08:16:01.0897 5820	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
08:16:01.0912 5820	intelide - ok
08:16:02.0131 5820	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
08:16:02.0193 5820	intelppm - ok
08:16:02.0458 5820	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:16:02.0521 5820	IpFilterDriver - ok
08:16:02.0833 5820	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
08:16:02.0895 5820	IPMIDRV - ok
08:16:03.0285 5820	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
08:16:03.0332 5820	IPNAT - ok
08:16:03.0660 5820	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
08:16:03.0706 5820	IRENUM - ok
08:16:04.0315 5820	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
08:16:04.0330 5820	isapnp - ok
08:16:04.0658 5820	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
08:16:04.0705 5820	iScsiPrt - ok
08:16:05.0048 5820	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
08:16:05.0079 5820	kbdclass - ok
08:16:05.0329 5820	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
08:16:05.0376 5820	kbdhid - ok
08:16:05.0906 5820	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
08:16:05.0937 5820	KSecDD - ok
08:16:06.0327 5820	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
08:16:06.0343 5820	KSecPkg - ok
08:16:06.0795 5820	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
08:16:06.0904 5820	lltdio - ok
08:16:07.0435 5820	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:16:07.0466 5820	LSI_FC - ok
08:16:07.0794 5820	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:16:07.0825 5820	LSI_SAS - ok
08:16:08.0152 5820	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:16:08.0184 5820	LSI_SAS2 - ok
08:16:08.0433 5820	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:16:08.0464 5820	LSI_SCSI - ok
08:16:08.0854 5820	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
08:16:08.0948 5820	luafv - ok
08:16:09.0229 5820	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
08:16:09.0322 5820	MBAMProtector - ok
08:16:09.0634 5820	mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
08:16:09.0666 5820	mdmxsdk - ok
08:16:09.0993 5820	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
08:16:10.0024 5820	megasas - ok
08:16:10.0368 5820	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
08:16:10.0399 5820	MegaSR - ok
08:16:10.0695 5820	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
08:16:10.0804 5820	Modem - ok
08:16:11.0148 5820	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
08:16:11.0210 5820	monitor - ok
08:16:11.0475 5820	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
08:16:11.0491 5820	mouclass - ok
08:16:11.0834 5820	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
08:16:11.0865 5820	mouhid - ok
08:16:12.0380 5820	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
08:16:12.0396 5820	mountmgr - ok
08:16:12.0708 5820	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
08:16:12.0739 5820	mpio - ok
08:16:12.0957 5820	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
08:16:13.0035 5820	mpsdrv - ok
08:16:13.0285 5820	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
08:16:13.0394 5820	MRxDAV - ok
08:16:13.0690 5820	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:16:13.0768 5820	mrxsmb - ok
08:16:13.0987 5820	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:16:14.0034 5820	mrxsmb10 - ok
08:16:14.0314 5820	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:16:14.0392 5820	mrxsmb20 - ok
08:16:14.0704 5820	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
08:16:14.0736 5820	msahci - ok
08:16:15.0032 5820	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
08:16:15.0063 5820	msdsm - ok
08:16:15.0344 5820	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
08:16:15.0422 5820	Msfs - ok
08:16:15.0765 5820	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
08:16:15.0812 5820	mshidkmdf - ok
08:16:16.0124 5820	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
08:16:16.0155 5820	msisadrv - ok
08:16:16.0467 5820	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
08:16:16.0561 5820	MSKSSRV - ok
08:16:17.0076 5820	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
08:16:17.0169 5820	MSPCLOCK - ok
08:16:17.0450 5820	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
08:16:17.0528 5820	MSPQM - ok
08:16:17.0934 5820	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
08:16:17.0965 5820	MsRPC - ok
08:16:18.0183 5820	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
08:16:18.0199 5820	mssmbios - ok
08:16:18.0558 5820	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
08:16:18.0636 5820	MSTEE - ok
08:16:18.0916 5820	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
08:16:18.0963 5820	MTConfig - ok
08:16:19.0244 5820	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
08:16:19.0260 5820	Mup - ok
08:16:19.0681 5820	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
08:16:19.0743 5820	NativeWifiP - ok
08:16:20.0180 5820	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
08:16:20.0258 5820	NDIS - ok
08:16:20.0617 5820	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
08:16:20.0726 5820	NdisCap - ok
08:16:21.0038 5820	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
08:16:21.0116 5820	NdisTapi - ok
08:16:21.0350 5820	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
08:16:21.0428 5820	Ndisuio - ok
08:16:21.0506 5820	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
08:16:21.0600 5820	NdisWan - ok
08:16:21.0865 5820	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
08:16:21.0927 5820	NDProxy - ok
08:16:22.0192 5820	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
08:16:22.0286 5820	NetBIOS - ok
08:16:22.0723 5820	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
08:16:22.0816 5820	NetBT - ok
08:16:24.0002 5820	NETw5v32        (f0c42e0cdce558d658fa53a222b4ccb1) C:\Windows\system32\DRIVERS\NETw5v32.sys
08:16:24.0267 5820	NETw5v32 - ok
08:16:24.0548 5820	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
08:16:24.0579 5820	nfrd960 - ok
08:16:24.0891 5820	nmwcdnsu - ok
08:16:25.0110 5820	nmwcdnsuc - ok
08:16:25.0172 5820	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
08:16:25.0266 5820	Npfs - ok
08:16:25.0609 5820	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
08:16:25.0687 5820	nsiproxy - ok
08:16:26.0155 5820	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
08:16:26.0248 5820	Ntfs - ok
08:16:26.0763 5820	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
08:16:26.0826 5820	Null - ok
08:16:27.0512 5820	nvlddmkm        (9c42e75dadadd18a16482bcba773a63c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:16:27.0902 5820	nvlddmkm - ok
08:16:28.0276 5820	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
08:16:28.0308 5820	nvraid - ok
08:16:28.0620 5820	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
08:16:28.0651 5820	nvstor - ok
08:16:28.0994 5820	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
08:16:29.0025 5820	nv_agp - ok
08:16:29.0509 5820	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
08:16:29.0556 5820	ohci1394 - ok
08:16:29.0946 5820	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
08:16:29.0992 5820	Parport - ok
08:16:30.0258 5820	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
08:16:30.0289 5820	partmgr - ok
08:16:30.0570 5820	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
08:16:30.0616 5820	Parvdm - ok
08:16:30.0819 5820	pccsmcfd - ok
08:16:30.0913 5820	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
08:16:30.0944 5820	pci - ok
08:16:31.0396 5820	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
08:16:31.0428 5820	pciide - ok
08:16:31.0755 5820	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
08:16:31.0786 5820	pcmcia - ok
08:16:32.0130 5820	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
08:16:32.0161 5820	pcw - ok
08:16:32.0691 5820	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
08:16:32.0785 5820	PEAUTH - ok
08:16:33.0128 5820	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
08:16:33.0190 5820	PptpMiniport - ok
08:16:33.0596 5820	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
08:16:33.0658 5820	Processor - ok
08:16:33.0924 5820	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
08:16:33.0986 5820	Psched - ok
08:16:34.0267 5820	PSI             (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
08:16:34.0376 5820	PSI - ok
08:16:34.0766 5820	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
08:16:34.0891 5820	PxHelp20 - ok
08:16:35.0328 5820	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
08:16:35.0421 5820	ql2300 - ok
08:16:35.0796 5820	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
08:16:35.0827 5820	ql40xx - ok
08:16:36.0108 5820	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
08:16:36.0139 5820	QWAVEdrv - ok
08:16:36.0310 5820	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
08:16:36.0388 5820	RasAcd - ok
08:16:36.0513 5820	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:16:36.0576 5820	RasAgileVpn - ok
08:16:36.0903 5820	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:16:36.0997 5820	Rasl2tp - ok
08:16:37.0200 5820	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
08:16:37.0278 5820	RasPppoe - ok
08:16:37.0496 5820	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
08:16:37.0574 5820	RasSstp - ok
08:16:37.0792 5820	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
08:16:37.0870 5820	rdbss - ok
08:16:38.0073 5820	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
08:16:38.0104 5820	rdpbus - ok
08:16:38.0167 5820	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:16:38.0229 5820	RDPCDD - ok
08:16:38.0432 5820	RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
08:16:38.0479 5820	RDPDR - ok
08:16:38.0682 5820	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
08:16:38.0760 5820	RDPENCDD - ok
08:16:38.0931 5820	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
08:16:38.0978 5820	RDPREFMP - ok
08:16:39.0056 5820	RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
08:16:39.0118 5820	RDPWD - ok
08:16:39.0337 5820	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
08:16:39.0368 5820	rdyboost - ok
08:16:39.0399 5820	regi            (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
08:16:39.0430 5820	regi - ok
08:16:39.0633 5820	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
08:16:39.0711 5820	RFCOMM - ok
08:16:39.0945 5820	rimsptsk        (f2993908be03181c781228daadc55230) C:\Windows\system32\DRIVERS\rimsptsk.sys
08:16:39.0976 5820	rimsptsk - ok
08:16:40.0273 5820	risdptsk        (53ea7c7d1d3c4b11ae0ea7c8d75c4e82) C:\Windows\system32\DRIVERS\risdptsk.sys
08:16:40.0351 5820	risdptsk - ok
08:16:40.0600 5820	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
08:16:40.0678 5820	rspndr - ok
08:16:40.0897 5820	s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
08:16:40.0975 5820	s3cap - ok
08:16:41.0146 5820	SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
08:16:41.0209 5820	SASKUTIL - ok
08:16:41.0458 5820	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
08:16:41.0490 5820	sbp2port - ok
08:16:41.0692 5820	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
08:16:41.0786 5820	scfilter - ok
08:16:42.0051 5820	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
08:16:42.0129 5820	secdrv - ok
08:16:42.0410 5820	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
08:16:42.0457 5820	Serenum - ok
08:16:42.0706 5820	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
08:16:42.0769 5820	Serial - ok
08:16:43.0003 5820	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
08:16:43.0065 5820	sermouse - ok
08:16:43.0346 5820	SFEP            (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
08:16:43.0408 5820	SFEP - ok
08:16:43.0674 5820	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
08:16:43.0736 5820	sffdisk - ok
08:16:44.0017 5820	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
08:16:44.0064 5820	sffp_mmc - ok
08:16:44.0298 5820	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
08:16:44.0344 5820	sffp_sd - ok
08:16:44.0625 5820	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
08:16:44.0672 5820	sfloppy - ok
08:16:44.0953 5820	shpf            (8d278fea49890e1526e44e41b1b74ddb) C:\Windows\system32\DRIVERS\shpf.sys
08:16:45.0031 5820	shpf - ok
08:16:45.0249 5820	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
08:16:45.0280 5820	sisagp - ok
08:16:45.0546 5820	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:16:45.0577 5820	SiSRaid2 - ok
08:16:45.0624 5820	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
08:16:45.0655 5820	SiSRaid4 - ok
08:16:45.0936 5820	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
08:16:45.0998 5820	Smb - ok
08:16:46.0185 5820	SPI             (225a17c6ad0207a058d728c0fa87e61d) C:\Windows\system32\DRIVERS\SonyPI.sys
08:16:46.0248 5820	SPI - ok
08:16:46.0435 5820	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
08:16:46.0450 5820	spldr - ok
08:16:46.0840 5820	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
08:16:46.0934 5820	srv - ok
08:16:47.0152 5820	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
08:16:47.0230 5820	srv2 - ok
08:16:47.0480 5820	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
08:16:47.0542 5820	srvnet - ok
08:16:47.0823 5820	ssadbus         (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys
08:16:47.0917 5820	ssadbus - ok
08:16:48.0198 5820	ssadmdfl        (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys
08:16:48.0322 5820	ssadmdfl - ok
08:16:48.0603 5820	ssadmdm         (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys
08:16:48.0712 5820	ssadmdm - ok
08:16:48.0962 5820	sscdbus         (069351a1d7d291013177a90ae6edccbc) C:\Windows\system32\DRIVERS\sscdbus.sys
08:16:49.0087 5820	sscdbus - ok
08:16:49.0305 5820	sscdmdfl        (1c925be223a5c0f9f469252292a48df6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
08:16:49.0430 5820	sscdmdfl - ok
08:16:49.0664 5820	sscdmdm         (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\Windows\system32\DRIVERS\sscdmdm.sys
08:16:49.0742 5820	sscdmdm - ok
08:16:49.0914 5820	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
08:16:49.0945 5820	ssmdrv - ok
08:16:49.0992 5820	StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
08:16:50.0023 5820	StarOpen ( UnsignedFile.Multi.Generic ) - warning
08:16:50.0023 5820	StarOpen - detected UnsignedFile.Multi.Generic (1)
08:16:50.0304 5820	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
08:16:50.0335 5820	stexstor - ok
08:16:50.0584 5820	storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
08:16:50.0616 5820	storflt - ok
08:16:51.0006 5820	storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
08:16:51.0037 5820	storvsc - ok
08:16:51.0302 5820	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
08:16:51.0333 5820	swenum - ok
08:16:51.0692 5820	Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
08:16:51.0770 5820	Tcpip - ok
08:16:52.0222 5820	TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
08:16:52.0254 5820	TCPIP6 - ok
08:16:52.0612 5820	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
08:16:52.0690 5820	tcpipreg - ok
08:16:53.0158 5820	TcUsb           (53900527fa5e2ccc818c5894383772d1) C:\Windows\system32\Drivers\tcusb.sys
08:16:53.0283 5820	TcUsb - ok
08:16:53.0548 5820	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
08:16:53.0642 5820	TDPIPE - ok
08:16:53.0860 5820	TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
08:16:53.0954 5820	TDTCP - ok
08:16:54.0204 5820	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
08:16:54.0297 5820	tdx - ok
08:16:54.0594 5820	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
08:16:54.0625 5820	TermDD - ok
08:16:54.0890 5820	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:16:54.0937 5820	tssecsrv - ok
08:16:55.0202 5820	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
08:16:55.0233 5820	TsUsbFlt - ok
08:16:55.0483 5820	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
08:16:55.0561 5820	tunnel - ok
08:16:55.0826 5820	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
08:16:55.0857 5820	uagp35 - ok
08:16:56.0060 5820	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
08:16:56.0154 5820	udfs - ok
08:16:56.0419 5820	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
08:16:56.0450 5820	uliagpkx - ok
08:16:56.0684 5820	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
08:16:56.0746 5820	umbus - ok
08:16:56.0824 5820	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
08:16:56.0871 5820	UmPass - ok
08:16:57.0121 5820	usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
08:16:57.0183 5820	usbaudio - ok
08:16:57.0417 5820	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
08:16:57.0480 5820	usbccgp - ok
08:16:57.0729 5820	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
08:16:57.0807 5820	usbcir - ok
08:16:58.0041 5820	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
08:16:58.0088 5820	usbehci - ok
08:16:58.0353 5820	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
08:16:58.0400 5820	usbhub - ok
08:16:58.0728 5820	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
08:16:58.0790 5820	usbohci - ok
08:16:59.0071 5820	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
08:16:59.0149 5820	usbprint - ok
08:16:59.0492 5820	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:16:59.0554 5820	USBSTOR - ok
08:16:59.0929 5820	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
08:16:59.0976 5820	usbuhci - ok
08:17:00.0334 5820	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
08:17:00.0381 5820	usbvideo - ok
08:17:00.0646 5820	usb_rndisx      (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
08:17:00.0724 5820	usb_rndisx - ok
08:17:01.0036 5820	VClone          (9bf2ea54e5ed5acdf96f1dec84c117c4) C:\Windows\system32\DRIVERS\VClone.sys
08:17:01.0161 5820	VClone - ok
08:17:01.0489 5820	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
08:17:01.0520 5820	vdrvroot - ok
08:17:01.0738 5820	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
08:17:01.0816 5820	vga - ok
08:17:02.0019 5820	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
08:17:02.0082 5820	VgaSave - ok
08:17:02.0440 5820	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
08:17:02.0456 5820	vhdmp - ok
08:17:02.0752 5820	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
08:17:02.0784 5820	viaagp - ok
08:17:03.0080 5820	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
08:17:03.0142 5820	ViaC7 - ok
08:17:03.0408 5820	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
08:17:03.0454 5820	viaide - ok
08:17:03.0688 5820	vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
08:17:03.0720 5820	vmbus - ok
08:17:04.0000 5820	VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
08:17:04.0063 5820	VMBusHID - ok
08:17:04.0297 5820	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
08:17:04.0328 5820	volmgr - ok
08:17:04.0624 5820	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
08:17:04.0640 5820	volmgrx - ok
08:17:05.0046 5820	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
08:17:05.0077 5820	volsnap - ok
08:17:05.0482 5820	vpnva           (1b7c80c66742dafaa31f98af4c3a5bc2) C:\Windows\system32\DRIVERS\vpnva.sys
08:17:05.0498 5820	vpnva - ok
08:17:05.0810 5820	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
08:17:05.0826 5820	vsmraid - ok
08:17:06.0169 5820	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
08:17:06.0216 5820	vwifibus - ok
08:17:06.0465 5820	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
08:17:06.0496 5820	WacomPen - ok
08:17:06.0777 5820	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
08:17:06.0793 5820	WANARP - ok
08:17:06.0793 5820	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
08:17:06.0824 5820	Wanarpv6 - ok
08:17:07.0105 5820	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
08:17:07.0136 5820	Wd - ok
08:17:07.0479 5820	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
08:17:07.0526 5820	Wdf01000 - ok
08:17:07.0869 5820	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
08:17:07.0978 5820	WfpLwf - ok
08:17:08.0228 5820	WimFltr         (090a2b8f055343815556a01f725f6c35) C:\Windows\system32\DRIVERS\wimfltr.sys
08:17:08.0244 5820	WimFltr - ok
08:17:08.0493 5820	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
08:17:08.0509 5820	WIMMount - ok
08:17:08.0790 5820	winachsf        (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
08:17:08.0852 5820	winachsf - ok
08:17:09.0226 5820	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
08:17:09.0273 5820	WinUsb - ok
08:17:09.0601 5820	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
08:17:09.0663 5820	WmiAcpi - ok
08:17:09.0928 5820	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
08:17:10.0006 5820	ws2ifsl - ok
08:17:10.0396 5820	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
08:17:10.0443 5820	WudfPf - ok
08:17:10.0708 5820	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:17:10.0724 5820	WUDFRd - ok
08:17:10.0942 5820	XAudio          (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
08:17:10.0989 5820	XAudio - ok
08:17:11.0270 5820	yukonw7         (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
08:17:11.0286 5820	yukonw7 - ok
08:17:11.0364 5820	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:17:11.0598 5820	\Device\Harddisk0\DR0 - ok
08:17:11.0613 5820	Boot (0x1200)   (ee6c8e7722f3e624661741eeb8a0c5e8) \Device\Harddisk0\DR0\Partition0
08:17:11.0613 5820	\Device\Harddisk0\DR0\Partition0 - ok
08:17:11.0613 5820	============================================================
08:17:11.0613 5820	Scan finished
08:17:11.0613 5820	============================================================
08:17:11.0629 5812	Detected object count: 3
08:17:11.0629 5812	Actual detected object count: 3
08:17:31.0878 5812	CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
08:17:31.0878 5812	CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:17:31.0878 5812	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
08:17:31.0878 5812	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:17:31.0878 5812	StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
08:17:31.0878 5812	StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
Geändert von c_w (27.02.2012 um 08:38 Uhr)

Alt 27.02.2012, 10:41   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Searchcompletion hat Firefoxsuche übernommen - Standard

Searchcompletion hat Firefoxsuche übernommen


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.02.2012, 11:58   #12
c_w
 
Searchcompletion hat Firefoxsuche übernommen - Standard

Searchcompletion hat Firefoxsuche übernommen


[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-02-25.02 - Thomas 27.02.2012  11:45:09.2.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3003.1919 [GMT 1:00]
ausgeführt von:: c:\users\Thomas\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\muzapp.exe
c:\windows\system32\remover.exe
c:\windows\system32\system32
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MaJUtilLib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCaller.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\MetaStore2.dll
c:\windows\system32\system32\Microsoft.Synchronization.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\system32\Synchronization2.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-27 bis 2012-02-27  ))))))))))))))))))))))))))))))
.
.
2012-02-27 10:54 . 2012-02-27 10:54	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-02-27 10:54 . 2012-02-27 10:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-26 21:18 . 2012-02-27 07:11	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-02-24 19:29 . 2012-02-24 19:29	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9495231-C821-49A3-B8E3-750DE510134F}\offreg.dll
2012-02-24 16:18 . 2012-02-08 06:03	6552120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9495231-C821-49A3-B8E3-750DE510134F}\mpengine.dll
2012-02-15 17:19 . 2011-12-30 05:27	478720	----a-w-	c:\windows\system32\timedate.cpl
2012-02-15 17:19 . 2011-12-16 07:52	690688	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-15 17:19 . 2012-01-14 03:35	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-02-03 21:32 . 2012-02-03 21:32	--------	d-----r-	c:\program files\Skype
2012-02-03 21:32 . 2012-02-03 21:32	--------	d-----w-	c:\program files\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 16:55 . 2011-05-19 14:45	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 13:46 . 2011-10-14 18:01	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-02-15 17:19 . 2003-10-17 10:44	499712	----a-w-	c:\windows\system32\msvcp71.dll
2012-01-29 04:10 . 2009-10-03 09:11	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-01-20 17:15 . 2009-08-18 10:30	564632	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-01-20 17:15 . 2009-08-18 10:24	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-10 12:57 . 2012-01-01 14:07	637848	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-01-10 12:57 . 2010-08-04 16:07	567696	----a-w-	c:\windows\system32\deployJava1.dll
2011-12-10 14:24 . 2010-08-04 20:56	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-29 15:39 . 2011-06-01 18:27	4659712	----a-w-	c:\windows\system32\Redemption.dll
2011-11-29 15:38 . 2011-11-29 15:38	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2011-11-29 15:38 . 2011-11-29 15:38	325552	----a-w-	c:\windows\MASetupCaller.dll
2011-11-29 15:38 . 2011-11-29 15:38	30568	----a-w-	c:\windows\MusiccityDownload.exe
2011-11-29 15:38 . 2012-01-01 15:21	821824	----a-w-	c:\windows\system32\dgderapi.dll
2012-02-21 21:09 . 2011-03-10 16:33	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-07-30 262144]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-11-29 935312]
"GizmoDriveDelegate"="c:\program files\Gizmo\gizmo.exe" [2011-11-26 223640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-06-06 122880]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-10-03 24576]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-02 151064]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-22 13797920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-03-23 519632]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2011-12-16 220744]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-11-29 3508624]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-02-15 296056]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-17 26530760]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-21 768552]
Gizmo.lnk - c:\program files\Gizmo\gizmo.exe [2011-11-26 223640]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2010-12-21 291896]
VPN Client.lnk - c:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico [2011-7-9 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-02-26 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-15 16:04	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 135664]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2011-03-23 77968]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-10-27 30312]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-31 29736]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [2011-03-07 29248]
R3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [2011-03-07 29248]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 135664]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-10-27 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-10-27 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-10-27 136808]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-10 1343400]
R3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2008-06-26 22944]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 GizmoDrv;Gizmo Device Driver; [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2012-02-26 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-02-26 116608]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-09-06 217088]
S2 Gizmo Central;Gizmo Central;c:\program files\Gizmo\gservice.exe [2011-11-26 34728]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-07-30 299008]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2010-12-21 987704]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2010-12-21 399416]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-08-06 411488]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-03-23 435152]
S3 e1yexpress;Intel(R) Gigabit-Netzwerkverbindungstreiber;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-09-06 36640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-05-28 4233728]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-04-01 9344]
S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [2008-04-01 14720]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1086568]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 88250157
*Deregistered* - 88250157
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
{3BDC22CA-F1E2-47F9-BD4B0368F8B265BB}
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 16:12]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-28 16:12]
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-830961823-3395450180-1696562346-1003Core.job
- c:\users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-14 17:42]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-830961823-3395450180-1696562346-1003UA.job
- c:\users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-14 17:42]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 134.130.4.1 134.130.5.1
FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\yy3dg203.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-830961823-3395450180-1696562346-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:06,a9,81,da,35,1d,3d,32,9c,84,b8,b6,5d,bc,b4,3f,a9,b6,32,93,9e,14,17,
   a1,0f,00,bd,7b,a7,d1,99,a6,36,05,74,a3,d1,00,c6,2e,12,55,54,20,4a,2b,d2,00,\
"??"=hex:43,bd,a1,b0,41,87,37,4d,88,91,b8,2e,f5,59,78,ea
.
[HKEY_USERS\S-1-5-21-830961823-3395450180-1696562346-1003\Software\SecuROM\License information*]
"datasecu"=hex:f2,ec,a3,d3,3c,6c,c3,59,5c,d0,11,7a,ec,07,8a,68,9d,c8,f5,76,ad,
   74,f9,0f,2a,1d,ed,03,69,41,68,57,14,07,57,88,36,b2,fd,3f,b1,cc,74,0f,3a,d2,\
"rkeysecu"=hex:b1,4b,28,43,d0,ba,be,20,9c,6f,98,e6,8f,0a,a7,51
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-02-27  11:56:48
ComboFix-quarantined-files.txt  2012-02-27 10:56
ComboFix2.txt  2010-08-07 13:32
.
Vor Suchlauf: 19 Verzeichnis(se), 10.480.828.416 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 10.274.152.448 Bytes frei
.
- - End Of File - - 0CC745C23F53FD49B4E3A0A4EDDDE1A0
--- --- ---
Alt 27.02.2012, 12:35   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Searchcompletion hat Firefoxsuche übernommen - Standard

Searchcompletion hat Firefoxsuche übernommen


Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 28.02.2012, 16:30   #14
c_w
 
Searchcompletion hat Firefoxsuche übernommen - Standard

Searchcompletion hat Firefoxsuche übernommen


Hallo,

GMER hat im 2ten Durchlauf funktioniert (hat aber echt lange gedauert ;-) ).

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-28 16:28:36
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LB01
Running: sl6v5cvg.exe; Driver: C:\Users\Thomas\AppData\Local\Temp\uwddipoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKey + 13D1                                                                         8305D369 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                83096D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?               C:\Windows\system32\Drivers\PROCEXP113.SYS                                                            Das System kann die angegebene Datei nicht finden. !
?               C:\Users\Thomas\AppData\Local\Temp\catchme.sys                                                        Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Mozilla Thunderbird\thunderbird.exe[648] ntdll.dll!LdrLoadDll                        7766223E 5 Bytes  JMP 5AAFF6CD C:\Program Files\Mozilla Thunderbird\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Real\RealPlayer\Update\realsched.exe[4120] kernel32.dll!SetUnhandledExceptionFilter  7712F4FB 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[4244] USER32.dll!GetWindowInfo                  77774B5E 5 Bytes  JMP 5D040924 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[4244] USER32.dll!TrackPopupMenu                 77782228 3 Bytes  JMP 5D040ECF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[4244] USER32.dll!TrackPopupMenu + 4             7778222C 1 Byte  [E5]
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4680] ntdll.dll!LdrLoadDll                               7766223E 5 Bytes  JMP 5CEC5B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\explorer.exe[5844] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc]                       [743E2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5844] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup]                  [743C5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5844] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown]                 [743C56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5844] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree]                        [743E24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5844] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics]              [743D8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5844] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage]                [743D4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5844] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth]               [743D506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5844] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight]              [743D5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5844] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP]     [743D6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5844] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC]               [743D826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5844] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode]          [743D87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5844] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode]        [743D901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5844] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI]              [743DE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5844] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage]                  [743D4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000062                                                                     halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00214f5015db                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings                             
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00214f5015db (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)         

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                                 malicious Win32:MBRoot code @ sector 390719923

---- EOF - GMER 1.0.15 ----
--- --- ---


OSAM und aswMBR mach ich dann jetzt.

OSAM:

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:38:35 on 28.02.2012

OS: Windows 7  Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 10.0.2

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-830961823-3395450180-1696562346-1003Core.job" - "Google Inc." - C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-830961823-3395450180-1696562346-1003UA.job" - "Google Inc." - C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
"RTSndMgr.cpl" - "Realtek Semiconductor Corp." - C:\Windows\system32\RTSndMgr.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"PROSet Tools" - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\iproset.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acsock" (acsock) - "Cisco Systems, Inc." - C:\Windows\System32\DRIVERS\acsock.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Thomas\AppData\Local\Temp\catchme.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys
"connctfyMP" (connctfyMP) - "Connectify" - C:\Windows\System32\DRIVERS\connctfy.sys
"Connectify Service" (connctfy) - "Connectify" - C:\Windows\System32\DRIVERS\connctfy.sys
"dgderdrv" (dgderdrv) - ? - C:\Windows\System32\drivers\dgderdrv.sys  (File not found)
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"Gizmo Device Driver" (GizmoDrv) - "Arainia Solutions LLC" - C:\Windows\system32\drivers\GizmoDrv.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"Nokia USB Flashing Generic" (nmwcdnsuc) - ? - C:\Windows\System32\drivers\nmwcdnsuc.sys  (File not found)
"Nokia USB Flashing Phone Parent" (nmwcdnsu) - ? - C:\Windows\System32\drivers\nmwcdnsu.sys  (File not found)
"PCCS Mode Change Filter Driver" (pccsmcfd) - ? - C:\Windows\System32\DRIVERS\pccsmcfd.sys  (File not found)
"PSI" (PSI) - "Secunia" - C:\Windows\System32\DRIVERS\psi_mf.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"Service for Realtek HD Audio (WDM)" (IntcAzAudAddService) - "Realtek Semiconductor Corp." - C:\Windows\System32\drivers\RTKVHDA.sys
"Sony DMI Call service" (DMICall) - "Sony Corporation" - C:\Windows\System32\DRIVERS\DMICall.sys
"Sony HDD Protection Filter Driver" (shpf) - "Sony Corporation" - C:\Windows\System32\DRIVERS\shpf.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"uwddipoc" (uwddipoc) - ? - C:\Users\Thomas\AppData\Local\Temp\uwddipoc.sys  (Hidden registry entry, rootkit activity | File not found)
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{30351346-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{30351347-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{30351348-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134A-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134B-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134C-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134D-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134E-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134F-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{30351350-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{C5994560-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994561-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994562-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994563-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994564-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994565-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994566-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994567-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994568-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.7.0_03" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0_03" - ? - C:\Program Files\Java\jre7\bin\npjpi160_31.dll  (File not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.3.0" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Secunia PSI Tray.lnk" - "Secunia" - C:\Program Files\Secunia\PSI\psi_tray.exe  (Shortcut exists | File exists)
"Gizmo.lnk" - "Arainia Solutions" - C:\Program Files\Gizmo\gizmo.exe  (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"GizmoDriveDelegate" - "Arainia Solutions" - "C:\Program Files\Gizmo\gizmo.exe" /RemountStartupImages
"KiesHelper" - "Samsung" - C:\Program Files\Samsung\Kies\KiesHelper.exe /s
"NSUFloatingUI" - "Sony Corporation" - "C:\Program Files\Sony\Network Utility\LANUtil.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Cisco AnyConnect Secure Mobility Agent for Windows" - "Cisco Systems, Inc." - "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"ISBMgr.exe" - ? - "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
"KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"MarketingTools" - "Sony Corporation" - C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"PDFPrint" - "Geek Software GmbH" - C:\Program Files\PDF24\pdf24.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
"VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"BJ Language Monitor3_2" - "CANON INC." - C:\Windows\system32\CNBLM3_2.DLL
"PCL hpz3llhn" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3llhn.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
"Cisco AnyConnect Secure Mobility Agent" (vpnagent) - "Cisco Systems, Inc." - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
"FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe
"Gizmo Central" (Gizmo Central) - "Arainia Solutions" - C:\Program Files\Gizmo\gservice.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NMSAccessU" (NMSAccessU) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"NSUService" (NSUService) - "Sony Corporation" - C:\Program Files\Sony\Network Utility\NSUService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
"Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Program Files\Secunia\PSI\PSIA.exe
"Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Program Files\Secunia\PSI\sua.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
"VAIO Power Management" (VAIO Power Management) - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
"VUAgent" (VUAgent) - "Sony Corporation" - C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"VESWinlogon" - "Sony Corporation" - C:\Windows\system32\VESWinlogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
[/code]
Geändert von c_w (28.02.2012 um 16:39 Uhr)

Alt 28.02.2012, 20:45   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Searchcompletion hat Firefoxsuche übernommen - Standard

Searchcompletion hat Firefoxsuche übernommen


Was ist mit aswMBR?
Wenn das abstürzt:
Starte aswMBR neu, wähle unten links im Drobdownmenü bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 1 von 3 1 23

Themen zu Searchcompletion hat Firefoxsuche übernommen
.com, about, adressleiste, android, archive, bereits, config, durchführen, eset, führt, gefunde, hilft, hänge, malwarebytes, neuste, online, problem, programm, scan, secunia psi, suche, system, thread, verändert, ähnliches


« ist das ein trojaner oder was | "Achtung! Ihr Windows System wurde blockiert" - Bildschirm nach der Anmeldung »


Ähnliche Themen: Searchcompletion hat Firefoxsuche übernommen


  1. isearch.searchcompletion.com (Search Completion) entfernen
    Anleitungen, FAQs & Links - 03.08.2014 (2)
  2. Pc schon 3 übernommen und nichts half.
    Log-Analyse und Auswertung - 04.03.2014 (1)
  3. Bankautomaten per USB-Stick übernommen
    Nachrichten - 03.01.2014 (0)
  4. Search.searchcompletion.com übernimmt Google Suchmaschine
    Plagegeister aller Art und deren Bekämpfung - 11.09.2012 (29)
  5. search.searchcompletion.com hat meinen Firefox
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (27)
  6. Android- und Nokia-Smartphones per NFC übernommen
    Nachrichten - 26.07.2012 (0)
  7. Umleitung auf searchcompletion.com
    Log-Analyse und Auswertung - 17.04.2012 (36)
  8. Trojaner - 50 € zahlen + http://search.searchcompletion.com
    Log-Analyse und Auswertung - 15.01.2012 (3)
  9. Google wurde durch searchcompletion ersetzt
    Plagegeister aller Art und deren Bekämpfung - 07.11.2011 (26)
  10. searchcompletion.com hat Firefox übernommen
    Log-Analyse und Auswertung - 11.10.2011 (33)
  11. Searchcompletion.com hat mein Google übernommen
    Plagegeister aller Art und deren Bekämpfung - 24.09.2011 (34)
  12. Searchcompletion.com tritt sporadisch auf
    Log-Analyse und Auswertung - 24.09.2011 (11)
  13. Festplatte übernommen. Nun geht die Virenjagt los..
    Log-Analyse und Auswertung - 04.05.2011 (8)
  14. Gpedit Einstellungen Werden Nicht übernommen
    Alles rund um Windows - 13.07.2010 (0)
  15. PC übernommen und einige Probleme
    Log-Analyse und Auswertung - 27.06.2007 (8)
  16. Verseuchter Laptop übernommen :/
    Log-Analyse und Auswertung - 04.11.2006 (2)
  17. systemeinstellungen werden nicht übernommen
    Alles rund um Windows - 12.01.2006 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Searchcompletion hat Firefoxsuche übernommen - Hallo, ich habe ein ähnliches Problem wie in diesem Thread hier beschrieben: http://www.trojaner-board.de/103772-...bernommen.html D.h. die Suche über die Adressleiste von Firefox führt immer auf die searchcompletion.com Website. Den entsprechenden Wert - Searchcompletion hat Firefoxsuche übernommen...
Archiv
Du betrachtest: Searchcompletion hat Firefoxsuche übernommen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131