Trojaner-Board - Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten!

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten! (https://www.trojaner-board.de/107723-malwarebytes-findet-pup-vshareredir-registry-bitte-logfile-auswerten.html)

Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten!

Guten Tag an alle,

habe ein Problem Malwarebytes identifiziert PUP.VShareRedir als infizierte Regdatei. Was kann das sein? Was kann ich tun? ... Ich nutze Windows 7 SP1 und habe als Antivirlösung Avira und halte meine Software mit Secunia Up to Date. Ebenso ist wie schon bemerkt Malwarebytes im Einsatz. Hier mein OTL Log:

OTL logfile created on: 07.01.2012 13:58:14 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\****\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,97 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 60,28% Memory free
5,93 Gb Paging File | 4,69 Gb Available in Paging File | 79,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40,09 Gb Total Space | 8,10 Gb Free Space | 20,20% Space Free | Partition Type: NTFS
Drive D: | 245,00 Gb Total Space | 26,63 Gb Free Space | 10,87% Space Free | Partition Type: NTFS

Computer Name: ****-PC | User Name: ****| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - D:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - D:\Programme\WINRAR\RarExt.dll ()
MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ()

========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Microsoft Office Groove Audit Service) -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.26 12:01:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011.12.01 12:55:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2011.12.26 12:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.17 06:09:01 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.17 02:38:42 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011.12.17 02:25:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.17 02:38:42 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011.12.17 02:38:42 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011.12.17 02:38:42 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GrooveMonitor] D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\OFFICE~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Games\poker2\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - D:\Games\poker\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 78.42.43.62 82.212.62.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B11D610-01F6-4AAB-B0AF-233A52D16215}: DhcpNameServer = 192.168.0.1 78.42.43.62 82.212.62.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1161126A-9E83-4B0A-8005-392BF17A62E6}: DhcpNameServer = 192.168.0.1 78.42.43.62 82.212.62.62
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Programme\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Programme\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8222de6c-5002-11df-ba60-001377febcec}\Shell - "" = AutoRun
O33 - MountPoints2\{8222de6c-5002-11df-ba60-001377febcec}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{eee052c5-306c-11df-9967-001377febcec}\Shell - "" = AutoRun
O33 - MountPoints2\{eee052c5-306c-11df-9967-001377febcec}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: hpqSRMon - hkey= - key= - C:\Programme\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - File not found
MsConfig - StartUpReg: Linkury Chrome Smartbar - hkey= - key= - C:\Program Files\Linkury\Linkury.exe (Linkury)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: nmapp - hkey= - key= - File not found
MsConfig - StartUpReg: nmctxth - hkey= - key= - File not found
MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012.01.07 13:03:55 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\backups
[2012.01.07 12:59:28 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\****\Desktop\HiJackThis204.exe
[2012.01.04 13:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012.01.04 13:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012.01.04 13:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012.01.03 21:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter
[2012.01.03 21:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Free M4a to MP3 Converter
[2012.01.02 18:34:26 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\WindowsUpdate
[2011.12.18 15:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARIS Business Performance Edition
[2011.12.18 15:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\ARIS7.1
[2011.12.18 13:59:30 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\ARIS710_PLATFORM_501900
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\****\Desktop\*.tmp files -> C:\Users\****\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.01.07 14:02:09 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.07 14:02:09 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.07 13:58:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.07 13:58:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.07 13:54:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.07 13:54:17 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.07 13:53:20 | 000,000,020 | ---- | M] () -- C:\Users\****\defogger_reenable
[2012.01.07 13:51:18 | 000,302,592 | ---- | M] () -- C:\Users\****\Desktop\v7h3t9bo.exe
[2012.01.07 13:51:10 | 000,050,477 | ---- | M] () -- C:\Users\****\Desktop\Defogger.exe
[2012.01.07 12:59:28 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\****\Desktop\HiJackThis204.exe
[2012.01.07 11:55:25 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.07 11:55:25 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.07 11:55:25 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.07 11:55:25 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.04 13:26:51 | 002,086,240 | ---- | M] () -- C:\Users\****\Desktop\SecurityTaskManager_Setup.exe
[2012.01.03 21:49:24 | 000,001,027 | ---- | M] () -- C:\Users\****\Desktop\Free M4a to MP3 Converter.lnk
[2012.01.03 12:54:49 | 003,477,536 | ---- | M] () -- C:\Users\****\Desktop\WRT160Nv3_0_03_003.code1.bin
[2012.01.03 12:13:35 | 000,416,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.26 12:14:37 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.12.26 12:01:17 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.12.18 15:14:45 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\ARIS Business Architect 7.1.lnk
[2011.12.18 15:12:29 | 000,021,617 | ---- | M] () -- C:\Windows\System32\drivers\etc\services
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\****\Desktop\*.tmp files -> C:\Users\****\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.01.07 13:53:06 | 000,000,020 | ---- | C] () -- C:\Users\****\defogger_reenable
[2012.01.07 13:51:18 | 000,302,592 | ---- | C] () -- C:\Users\****\Desktop\v7h3t9bo.exe
[2012.01.07 13:51:10 | 000,050,477 | ---- | C] () -- C:\Users\****\Desktop\Defogger.exe
[2012.01.04 13:26:50 | 002,086,240 | ---- | C] () -- C:\Users\****\Desktop\SecurityTaskManager_Setup.exe
[2012.01.03 21:49:24 | 000,001,027 | ---- | C] () -- C:\Users\****\Desktop\Free M4a to MP3 Converter.lnk
[2012.01.03 12:54:49 | 003,477,536 | ---- | C] () -- C:\Users\****\Desktop\WRT160Nv3_0_03_003.code1.bin
[2011.12.26 12:14:37 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.12.26 12:01:17 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.12.18 15:14:45 | 000,002,124 | ---- | C] () -- C:\Users\Public\Desktop\ARIS Business Architect 7.1.lnk
[2011.11.03 19:26:42 | 001,064,960 | ---- | C] () -- C:\Windows\System32\h5krnl32.dll
[2011.11.03 19:26:42 | 000,188,928 | ---- | C] () -- C:\Windows\System32\h5icon32.dll
[2011.11.03 19:26:42 | 000,175,616 | ---- | C] () -- C:\Windows\System32\h5menu32.dll
[2011.11.03 19:26:42 | 000,095,744 | ---- | C] () -- C:\Windows\System32\h5rtf32.dll
[2011.11.03 19:26:42 | 000,051,200 | ---- | C] () -- C:\Windows\System32\h5tool32.dll
[2011.05.31 20:41:40 | 000,000,000 | ---- | C] () -- C:\Users\****\AppData\Local\{09C41884-1F45-41E1-8676-A7BCD1DF561F}
[2010.11.27 01:20:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.25 01:47:52 | 000,000,614 | ---- | C] () -- C:\Windows\eReg.dat
[2010.04.24 19:56:04 | 000,000,273 | ---- | C] () -- C:\Windows\game.ini
[2010.03.21 19:13:45 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.03.16 18:54:10 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb
[2010.03.16 18:49:09 | 000,000,133 | ---- | C] () -- C:\Users\****\AppData\Roaming\burnaware.ini
[2010.03.16 09:13:28 | 000,226,695 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010.03.16 09:13:28 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2010.03.11 13:11:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.09.30 04:14:28 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.09.30 04:14:28 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.09.30 04:14:28 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.09.30 04:14:28 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,416,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.02.18 17:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.02.03 20:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe

========== LOP Check ==========

[2010.03.15 20:26:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Alle meine Passworte
[2011.07.16 22:49:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\avidemux
[2010.03.16 18:38:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe Limited
[2010.04.25 01:37:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2010.03.26 17:01:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\GetRightToGo
[2011.12.19 14:10:22 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ
[2010.03.23 13:53:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\NCH Swift Sound
[2011.11.06 15:26:55 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenCandy
[2010.05.25 17:05:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera
[2011.01.12 15:26:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\pschmid.net
[2011.12.22 16:02:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SAP
[2010.03.23 13:54:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\streamripper
[2011.01.25 22:34:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TS3Client
[2011.11.17 13:52:59 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2011.11.30 09:21:44 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.07.31 12:25:01 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache
[2011.09.30 13:51:13 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.01.06 20:10:45 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2009.10.04 11:20:23 | 000,000,000 | ---D | M] -- C:\divx
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.07.04 10:47:45 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.08.14 11:49:49 | 000,000,000 | ---D | M] -- C:\Downloads
[2009.04.28 09:11:03 | 000,000,000 | ---D | M] -- C:\Intel
[2009.09.19 13:16:19 | 000,000,000 | ---D | M] -- C:\KM900
[2011.07.14 13:05:52 | 000,000,000 | ---D | M] -- C:\Neuer Ordner
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.07 12:45:46 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.04 13:27:35 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.07.04 10:47:45 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.03.11 13:28:37 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.11.04 08:18:29 | 000,000,000 | ---D | M] -- C:\SAP
[2010.07.27 09:46:40 | 000,000,000 | ---D | M] -- C:\swsetup
[2012.01.07 14:01:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.11.30 09:21:26 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.06 10:37:34 | 000,000,000 | ---D | M] -- C:\Windows
[2010.04.22 19:29:06 | 000,000,000 | ---D | M] -- C:\Windows.old
[2011.07.15 11:29:50 | 000,000,000 | ---D | M] -- C:\WinSetupFromUSB

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >

< MD5 for: AFD.SYS >
[2011.04.25 03:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2010.11.20 09:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys
[2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011.04.25 03:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011.04.25 04:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2009.07.14 00:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
[2008.04.14 07:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\Neuer Ordner\I386\REGEDIT.EXE
[2008.04.14 07:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\Users\****\Desktop\Neuer Ordner\I386\REGEDIT.EXE

< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WININIT.EXE >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-06 09:42:36

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:15D5AA51
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D31BE97C
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:260575F1

< End of report >

Ich danke euch schonmal im Voraus für eure Hilfe!

Zitat:

Was kann das sein?

Können wir die nicht sagen weil das Log von Malwarebytes nicht gepostet wurde

Immer alle Logs davon posten!!

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hier die MB Logs:

Code:

 Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org
 

Datenbank Version: 8096
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421
 

06.11.2011 12:46:27

mbam-log-2011-11-06 (12-46-27).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 174890

Laufzeit: 6 Minute(n), 32 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Code:

 Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org
 

Datenbank Version: 8096
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421
 

07.11.2011 22:14:23

mbam-log-2011-11-07 (22-14-23).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 176182

Laufzeit: 8 Minute(n), 6 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Code:

 Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org
 

Datenbank Version: 8251
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421
 

27.11.2011 11:29:19

mbam-log-2011-11-27 (11-29-19).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 174413

Laufzeit: 6 Minute(n), 57 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Code:

 Malwarebytes Anti-Malware (Test) 1.60.0.1800

www.malwarebytes.org
 

Datenbank Version: v2012.01.07.01
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Jan :: JAN-PC [Administrator]
 

Schutz: Aktiviert
 

07.01.2012 12:43:02

mbam-log-2012-01-07 (12-43-02).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 0

Laufzeit: 5 Sekunde(n) [Abgebrochen]
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

 Malwarebytes Anti-Malware (Test) 1.60.0.1800

www.malwarebytes.org
 

Datenbank Version: v2012.01.07.01
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Jan :: JAN-PC [Administrator]
 

Schutz: Aktiviert
 

07.01.2012 15:25:01

mbam-log-2012-01-07 (15-25-01).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 370937

Laufzeit: 1 Stunde(n), 33 Minute(n), 40 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Ah, das scheint von vShare TV Plugin zu sein. Haste sowas installiert (gehabt)?

ist gut möglich aber wäre dann schon länger her. Deswegen erscheint es mir auch komisch, dass MB es erst jetzt anzeigt. wie sieht es mit meinem OTL log aus kannst du mir dazu was sagen ob der sauber ist?

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hiho..

also ich will mich bis hierhin ersteinmal recht herzlich für die strukturierte Hilfe bedanken. Es ist sicherlich nicht selbstverständlich, dass hier freiwillig so viel Zeit für die Pc Wehwechen anderer eingesetzt wird.

Der Virenscan kommt, habe ihn leider unterschätzt läuft jetzt schon 2.5h und kein Ende in Sicht :).

Hmm und das ist alles :D ? ... ESEt hat 5mal win32/toolbar linkury als infiziert entdeckt sonst nichts.

Code:

 ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

Sorry ... habs das erstemal ohne Adminrechte ausgeführt... hier das ausführliche LOG.

Code:

 ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=a18822e12e657243813aeb9350fb5e86

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-08 03:57:51

# local_time=2012-01-08 04:57:51 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1797 16775165 100 100 507665 101540849 8045 0

# compatibility_mode=5893 16776573 100 94 19917 77660333 0 0

# compatibility_mode=8192 67108863 100 0 77196 77196 0 0

# scanned=184365

# found=5

# cleaned=0

# scan_time=9128

C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_5.dll        Win32/Toolbar.Linkury application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_6.dll        Win32/Toolbar.Linkury application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files\Linkury\linkuryfirefoxremoteplugin@linkury.com\components\LinkuryFireFoxRemotePlugin_7.dll        Win32/Toolbar.Linkury application (unable to clean)        00000000000000000000000000000000        I

C:\Users\****\AppData\Roaming\OpenCandy\1489F122F0C64AD99FB499332F35AE4B\LinkuryInstaller.msi        Win32/Toolbar.Linkury application (unable to clean)        00000000000000000000000000000000        I

C:\Windows\Installer\f174e7.msi        Win32/Toolbar.Linkury application (unable to clean)        00000000000000000000000000000000        I

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hier der aktuelle Log::

OTL Logfile:

Code:

OTL logfile created on: 08.01.2012 21:09:54 - Run 4

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\**** \Desktop

 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,97 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 73,86% Memory free

5,93 Gb Paging File | 4,96 Gb Available in Paging File | 83,66% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 40,09 Gb Total Space | 7,81 Gb Free Space | 19,48% Space Free | Partition Type: NTFS

Drive D: | 245,00 Gb Total Space | 25,27 Gb Free Space | 10,31% Space Free | Partition Type: NTFS

 

Computer Name: **** | User Name: **** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Users\**** \Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia)

PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia)

PRC - C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Windows\System32\atieclxx.exe (AMD)

PRC - C:\Windows\System32\atiesrxx.exe (AMD)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - D:\Programme\WINRAR\RarExt.dll ()

MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)

SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (Microsoft Office Groove Audit Service) -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)

DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\URLSearchHook:  - No CLSID value found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.26 12:01:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

 

[2011.12.01 12:55:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**** \AppData\Roaming\mozilla\Extensions

[2011.12.26 12:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.12.17 06:09:01 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.12.17 02:38:42 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

[2011.12.17 02:25:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.12.17 02:38:42 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

[2011.12.17 02:38:42 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

[2011.12.17 02:38:42 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

 

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [GrooveMonitor] D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\OFFICE~1\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Games\poker2\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - D:\Games\poker\PokerStarsUpdate.exe (PokerStars)

O13 - gopher Prefix: missing

O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (Reg Error: Key error.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 78.42.43.62 82.212.62.62

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B11D610-01F6-4AAB-B0AF-233A52D16215}: DhcpNameServer = 192.168.0.1 78.42.43.62 82.212.62.62

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1161126A-9E83-4B0A-8005-392BF17A62E6}: DhcpNameServer = 192.168.0.1 78.42.43.62 82.212.62.62

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Programme\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)

O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Programme\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{8222de6c-5002-11df-ba60-001377febcec}\Shell - "" = AutoRun

O33 - MountPoints2\{8222de6c-5002-11df-ba60-001377febcec}\Shell\AutoRun\command - "" = F:\autorun.exe

O33 - MountPoints2\{eee052c5-306c-11df-9967-001377febcec}\Shell - "" = AutoRun

O33 - MountPoints2\{eee052c5-306c-11df-9967-001377febcec}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a

O33 - MountPoints2\I\Shell - "" = AutoRun

O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

MsConfig - StartUpReg: hpqSRMon - hkey= - key= - C:\Programme\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)

MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)

MsConfig - StartUpReg: iTunesHelper - hkey= - key= -  File not found

MsConfig - StartUpReg: Linkury Chrome Smartbar - hkey= - key= - C:\Program Files\Linkury\Linkury.exe (Linkury)

MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

MsConfig - StartUpReg: nmapp - hkey= - key= -  File not found

MsConfig - StartUpReg: nmctxth - hkey= - key= -  File not found

MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

MsConfig - State: "startup" - 2

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.01.07 17:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.01.07 13:03:55 | 000,000,000 | ---D | C] -- C:\Users\**** \Desktop\backups

[2012.01.07 12:59:28 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\**** \Desktop\HiJackThis204.exe

[2012.01.04 13:35:58 | 001,076,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2012.01.04 13:35:57 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2012.01.04 13:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan

[2012.01.04 13:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager

[2012.01.04 13:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager

[2012.01.03 21:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter

[2012.01.03 21:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Free M4a to MP3 Converter

[2012.01.02 18:46:35 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe

[2012.01.02 18:46:31 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys

[2012.01.02 18:46:30 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe

[2012.01.02 18:45:53 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll

[2012.01.02 18:45:53 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll

[2012.01.02 18:45:52 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll

[2012.01.02 18:45:52 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll

[2012.01.02 18:45:52 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll

[2012.01.02 18:45:52 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll

[2012.01.02 18:45:50 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2012.01.02 18:45:49 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2012.01.02 18:45:45 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2012.01.02 18:45:44 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2012.01.02 18:45:42 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys

[2012.01.02 18:45:42 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys

[2012.01.02 18:44:56 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys

[2012.01.02 18:42:03 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys

[2012.01.02 18:34:26 | 000,000,000 | ---D | C] -- C:\Users\**** \AppData\Local\WindowsUpdate

[2011.12.18 15:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARIS Business Performance Edition

[2011.12.18 15:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\ARIS7.1

[2011.12.18 13:59:30 | 000,000,000 | ---D | C] -- C:\Users\**** \Desktop\ARIS710_PLATFORM_501900

[2011.12.16 16:32:14 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011.12.16 16:32:13 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2011.12.16 16:32:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011.12.16 16:32:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011.12.16 16:32:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011.12.16 16:32:09 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2011.12.16 08:26:31 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011.12.16 08:26:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2011.12.16 08:26:16 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll

[2011.12.16 08:26:15 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll

[2011.12.16 08:26:13 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2011.12.16 08:26:12 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[1 C:\Users\**** \Desktop\*.tmp files -> C:\Users\**** \Desktop\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.01.08 20:58:04 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.01.08 20:50:18 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.01.08 20:50:18 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.01.08 20:42:59 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.01.08 20:42:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.01.08 20:42:37 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys

[2012.01.07 15:08:34 | 000,001,284 | ---- | M] () -- C:\Users\**** \Desktop\gmer.zip

[2012.01.07 13:53:20 | 000,000,020 | ---- | M] () -- C:\Users\**** \defogger_reenable

[2012.01.07 13:51:18 | 000,302,592 | ---- | M] () -- C:\Users\**** \Desktop\v7h3t9bo.exe

[2012.01.07 13:51:10 | 000,050,477 | ---- | M] () -- C:\Users\**** \Desktop\Defogger.exe

[2012.01.07 12:59:28 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\**** \Desktop\HiJackThis204.exe

[2012.01.07 11:55:25 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.01.07 11:55:25 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.01.07 11:55:25 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.01.07 11:55:25 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.01.04 13:26:51 | 002,086,240 | ---- | M] () -- C:\Users\**** \Desktop\SecurityTaskManager_Setup.exe

[2012.01.03 21:49:24 | 000,001,027 | ---- | M] () -- C:\Users\**** \Desktop\Free M4a to MP3 Converter.lnk

[2012.01.03 12:54:49 | 003,477,536 | ---- | M] () -- C:\Users\**** \Desktop\WRT160Nv3_0_03_003.code1.bin

[2012.01.03 12:13:35 | 000,416,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.12.26 12:14:37 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2011.12.26 12:01:17 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011.12.18 15:14:45 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\ARIS Business Architect 7.1.lnk

[2011.12.18 15:12:29 | 000,021,617 | ---- | M] () -- C:\Windows\System32\drivers\etc\services

[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[1 C:\Users\**** \Desktop\*.tmp files -> C:\Users\**** \Desktop\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.01.07 15:08:34 | 000,001,284 | ---- | C] () -- C:\Users\**** \Desktop\gmer.zip

[2012.01.07 13:53:06 | 000,000,020 | ---- | C] () -- C:\Users\**** \defogger_reenable

[2012.01.07 13:51:18 | 000,302,592 | ---- | C] () -- C:\Users\**** \Desktop\v7h3t9bo.exe

[2012.01.07 13:51:10 | 000,050,477 | ---- | C] () -- C:\Users\**** \Desktop\Defogger.exe

[2012.01.04 13:26:50 | 002,086,240 | ---- | C] () -- C:\Users\**** \Desktop\SecurityTaskManager_Setup.exe

[2012.01.03 21:49:24 | 000,001,027 | ---- | C] () -- C:\Users\**** \Desktop\Free M4a to MP3 Converter.lnk

[2012.01.03 12:54:49 | 003,477,536 | ---- | C] () -- C:\Users\**** \Desktop\WRT160Nv3_0_03_003.code1.bin

[2011.12.26 12:14:37 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2011.12.26 12:01:17 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011.12.18 15:14:45 | 000,002,124 | ---- | C] () -- C:\Users\Public\Desktop\ARIS Business Architect 7.1.lnk

[2011.11.03 19:26:42 | 001,064,960 | ---- | C] () -- C:\Windows\System32\h5krnl32.dll

[2011.11.03 19:26:42 | 000,188,928 | ---- | C] () -- C:\Windows\System32\h5icon32.dll

[2011.11.03 19:26:42 | 000,175,616 | ---- | C] () -- C:\Windows\System32\h5menu32.dll

[2011.11.03 19:26:42 | 000,095,744 | ---- | C] () -- C:\Windows\System32\h5rtf32.dll

[2011.11.03 19:26:42 | 000,051,200 | ---- | C] () -- C:\Windows\System32\h5tool32.dll

[2011.05.31 20:41:40 | 000,000,000 | ---- | C] () -- C:\Users\**** \AppData\Local\{09C41884-1F45-41E1-8676-A7BCD1DF561F}

[2010.11.27 01:20:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.04.25 01:47:52 | 000,000,614 | ---- | C] () -- C:\Windows\eReg.dat

[2010.04.24 19:56:04 | 000,000,273 | ---- | C] () -- C:\Windows\game.ini

[2010.03.21 19:13:45 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2010.03.16 18:54:10 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb

[2010.03.16 18:49:09 | 000,000,133 | ---- | C] () -- C:\Users\**** \AppData\Roaming\burnaware.ini

[2010.03.16 09:13:28 | 000,226,695 | ---- | C] () -- C:\Windows\hpoins18.dat

[2010.03.16 09:13:28 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat

[2010.03.11 13:11:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2009.09.30 04:14:28 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2009.09.30 04:14:28 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2009.09.30 04:14:28 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2009.09.30 04:14:28 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 05:33:53 | 000,416,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009.07.14 03:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009.07.14 03:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2009.02.18 17:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe

[2009.02.03 20:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.03.14 19:26:07 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\Adobe

[2010.03.15 20:26:18 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\Alle meine Passworte

[2010.11.03 23:30:15 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\Apple Computer

[2011.07.16 22:49:28 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\avidemux

[2010.03.16 18:38:07 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\Canneverbe Limited

[2010.04.25 01:37:52 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\DAEMON Tools Lite

[2011.10.20 18:46:18 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\dvdcss

[2010.03.26 17:01:56 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\GetRightToGo

[2010.03.24 08:51:14 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\HP

[2011.12.19 14:10:22 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\ICQ

[2010.03.11 13:29:01 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\Identities

[2010.03.11 14:16:34 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\Macromedia

[2010.11.05 14:43:30 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\Malwarebytes

[2009.07.14 08:48:18 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\Media Center Programs

[2011.10.14 19:50:12 | 000,000,000 | --SD | M] -- C:\Users\**** \AppData\Roaming\Microsoft

[2011.11.21 20:24:20 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\mIRC

[2011.12.01 12:55:00 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\Mozilla

[2010.03.19 16:04:02 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\NCH Software

[2010.03.23 13:53:26 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\NCH Swift Sound

[2011.11.06 15:26:55 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\OpenCandy

[2010.05.25 17:05:01 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\Opera

[2011.01.12 15:26:39 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\pschmid.net

[2011.12.22 16:02:11 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\SAP

[2011.04.12 22:57:05 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\Skype

[2011.04.12 21:01:32 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\skypePM

[2010.03.23 13:54:34 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\streamripper

[2011.01.25 22:34:49 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\TS3Client

[2012.01.08 17:14:57 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\vlc

[2010.03.11 13:45:46 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\winamp

[2010.03.16 13:34:45 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\winamp)

[2010.03.13 23:16:33 | 000,000,000 | ---D | M] -- C:\Users\**** \AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2010.03.21 19:15:07 | 000,010,134 | R--- | M] () -- C:\Users\**** \AppData\Roaming\Microsoft\Installer\{3EB37B26-432C-467C-9FBC-9BDA0E6FBDD7}\ARPPRODUCTICON.exe

[2010.12.28 12:06:33 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\**** \AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

[2011.11.06 15:27:06 | 005,750,064 | ---- | M] () -- C:\Users\**** \AppData\Roaming\OpenCandy\1489F122F0C64AD99FB499332F35AE4B\LinkuryInstaller_p1v6.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2011.06.14 19:26:00 | 017,826,376 | ---- | M] () .cab file -- C:\Neuer Ordner\I386\sp3.cab:AGP440.sys

[2011.06.14 19:26:00 | 017,826,376 | ---- | M] () .cab file -- C:\Users\**** \Desktop\Neuer Ordner\I386\sp3.cab:AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2011.06.14 19:26:00 | 017,826,376 | ---- | M] () .cab file -- C:\Neuer Ordner\I386\sp3.cab:atapi.sys

[2011.06.14 19:26:00 | 017,826,376 | ---- | M] () .cab file -- C:\Users\**** \Desktop\Neuer Ordner\I386\sp3.cab:atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys

[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys

[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys

[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys

[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys

[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys

[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys

[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys

[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys

[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll

[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:15D5AA51

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D31BE97C

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:260575F1
 

< End of report >

--- --- ---
[/code]

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\..\URLSearchHook:  - No CLSID value found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{8222de6c-5002-11df-ba60-001377febcec}\Shell - "" = AutoRun

O33 - MountPoints2\{8222de6c-5002-11df-ba60-001377febcec}\Shell\AutoRun\command - "" = F:\autorun.exe

O33 - MountPoints2\{eee052c5-306c-11df-9967-001377febcec}\Shell - "" = AutoRun

O33 - MountPoints2\{eee052c5-306c-11df-9967-001377febcec}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a

O33 - MountPoints2\I\Shell - "" = AutoRun

O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:15D5AA51

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D31BE97C

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:260575F1

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Und hier der neue Log :

Code:

 All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8222de6c-5002-11df-ba60-001377febcec}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8222de6c-5002-11df-ba60-001377febcec}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8222de6c-5002-11df-ba60-001377febcec}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8222de6c-5002-11df-ba60-001377febcec}\ not found.

File F:\autorun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eee052c5-306c-11df-9967-001377febcec}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eee052c5-306c-11df-9967-001377febcec}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eee052c5-306c-11df-9967-001377febcec}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eee052c5-306c-11df-9967-001377febcec}\ not found.

File I:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.

File I:\LaunchU3.exe -a not found.

ADS C:\ProgramData\TEMP:15D5AA51 deleted successfully.

ADS C:\ProgramData\TEMP:D31BE97C deleted successfully.

ADS C:\ProgramData\TEMP:260575F1 deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: FH

->Temp folder emptied: 13789485 bytes

->Temporary Internet Files folder emptied: 22237064 bytes

->Java cache emptied: 0 bytes

->Opera cache emptied: 24417622 bytes

->Flash cache emptied: 4978 bytes

 

User: ****

->Temp folder emptied: 204178393 bytes

->Temporary Internet Files folder emptied: 226894608 bytes

->Java cache emptied: 9720888 bytes

->FireFox cache emptied: 213052942 bytes

->Opera cache emptied: 27369596 bytes

->Flash cache emptied: 727 bytes

 

User: Public

 

User: Xtix

->Temp folder emptied: 38577794 bytes

->Temporary Internet Files folder emptied: 2672011 bytes

->Java cache emptied: 0 bytes

->Opera cache emptied: 12949987 bytes

->Flash cache emptied: 611 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 50752195 bytes

RecycleBin emptied: 2050325 bytes

 

Total Files Cleaned = 809,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 01082012_221424
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Und weiter gehts ;)

Code:

 22:33:15.0846 3532        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

22:33:15.0911 3532        ============================================================

22:33:15.0911 3532        Current date / time: 2012/01/08 22:33:15.0911

22:33:15.0911 3532        SystemInfo:

22:33:15.0911 3532        

22:33:15.0911 3532        OS Version: 6.1.7601 ServicePack: 1.0

22:33:15.0911 3532        Product type: Workstation

22:33:15.0913 3532        ComputerName: ***-PC

22:33:15.0913 3532        UserName: ****

22:33:15.0913 3532        Windows directory: C:\Windows

22:33:15.0913 3532        System windows directory: C:\Windows

22:33:15.0913 3532        Processor architecture: Intel x86

22:33:15.0913 3532        Number of processors: 2

22:33:15.0913 3532        Page size: 0x1000

22:33:15.0913 3532        Boot type: Normal boot

22:33:15.0913 3532        ============================================================

22:33:17.0538 3532        Initialize success

22:34:00.0249 0984        ============================================================

22:34:00.0249 0984        Scan started

22:34:00.0249 0984        Mode: Manual; SigCheck; TDLFS; 

22:34:00.0249 0984        ============================================================

22:34:00.0814 0984        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

22:34:00.0931 0984        1394ohci - ok

22:34:00.0994 0984        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

22:34:01.0011 0984        ACPI - ok

22:34:01.0059 0984        AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

22:34:01.0086 0984        AcpiPmi - ok

22:34:01.0206 0984        adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

22:34:01.0226 0984        adp94xx - ok

22:34:01.0429 0984        adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

22:34:01.0449 0984        adpahci - ok

22:34:01.0474 0984        adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

22:34:01.0486 0984        adpu320 - ok

22:34:01.0561 0984        AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

22:34:01.0679 0984        AFD - ok

22:34:01.0726 0984        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

22:34:01.0741 0984        agp440 - ok

22:34:01.0789 0984        aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

22:34:01.0801 0984        aic78xx - ok

22:34:01.0901 0984        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

22:34:01.0919 0984        aliide - ok

22:34:01.0959 0984        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

22:34:01.0969 0984        amdagp - ok

22:34:02.0001 0984        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

22:34:02.0014 0984        amdide - ok

22:34:02.0111 0984        AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

22:34:02.0181 0984        AmdK8 - ok

22:34:02.0214 0984        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

22:34:02.0241 0984        AmdPPM - ok

22:34:02.0289 0984        amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

22:34:02.0301 0984        amdsata - ok

22:34:02.0331 0984        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

22:34:02.0344 0984        amdsbs - ok

22:34:02.0361 0984        amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

22:34:02.0371 0984        amdxata - ok

22:34:02.0516 0984        AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

22:34:02.0556 0984        AppID - ok

22:34:02.0601 0984        arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

22:34:02.0614 0984        arc - ok

22:34:02.0636 0984        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

22:34:02.0649 0984        arcsas - ok

22:34:02.0691 0984        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

22:34:02.0824 0984        AsyncMac - ok

22:34:03.0034 0984        atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

22:34:03.0046 0984        atapi - ok

22:34:03.0131 0984        athr            (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys

22:34:03.0196 0984        athr - ok

22:34:03.0391 0984        atikmdag        (745c79700646c3f285cd09775618a04b) C:\Windows\system32\DRIVERS\atikmdag.sys

22:34:03.0521 0984        atikmdag - ok

22:34:03.0631 0984        avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

22:34:03.0644 0984        avgio - ok

22:34:03.0769 0984        avgntflt        (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys

22:34:03.0814 0984        avgntflt - ok

22:34:03.0839 0984        avipbb          (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys

22:34:03.0854 0984        avipbb - ok

22:34:03.0936 0984        b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

22:34:03.0976 0984        b06bdrv - ok

22:34:04.0059 0984        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

22:34:04.0091 0984        b57nd60x - ok

22:34:04.0131 0984        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

22:34:04.0181 0984        Beep - ok

22:34:04.0221 0984        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

22:34:04.0261 0984        blbdrive - ok

22:34:04.0309 0984        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

22:34:04.0349 0984        bowser - ok

22:34:04.0384 0984        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

22:34:04.0429 0984        BrFiltLo - ok

22:34:04.0641 0984        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

22:34:04.0689 0984        BrFiltUp - ok

22:34:04.0726 0984        Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

22:34:04.0759 0984        Brserid - ok

22:34:04.0791 0984        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

22:34:04.0819 0984        BrSerWdm - ok

22:34:04.0854 0984        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

22:34:04.0909 0984        BrUsbMdm - ok

22:34:04.0941 0984        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

22:34:04.0991 0984        BrUsbSer - ok

22:34:05.0019 0984        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

22:34:05.0059 0984        BTHMODEM - ok

22:34:05.0101 0984        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

22:34:05.0146 0984        cdfs - ok

22:34:05.0219 0984        cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys

22:34:05.0251 0984        cdrom - ok

22:34:05.0294 0984        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

22:34:05.0334 0984        circlass - ok

22:34:05.0384 0984        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

22:34:05.0399 0984        CLFS - ok

22:34:05.0469 0984        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

22:34:05.0496 0984        CmBatt - ok

22:34:05.0541 0984        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

22:34:05.0551 0984        cmdide - ok

22:34:05.0581 0984        CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

22:34:05.0601 0984        CNG - ok

22:34:05.0624 0984        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

22:34:05.0634 0984        Compbatt - ok

22:34:05.0676 0984        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

22:34:05.0691 0984        CompositeBus - ok

22:34:05.0726 0984        crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

22:34:05.0736 0984        crcdisk - ok

22:34:05.0816 0984        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

22:34:05.0874 0984        DfsC - ok

22:34:05.0896 0984        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

22:34:05.0946 0984        discache - ok

22:34:05.0991 0984        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

22:34:06.0004 0984        Disk - ok

22:34:06.0066 0984        Dot4            (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys

22:34:06.0099 0984        Dot4 - ok

22:34:06.0221 0984        Dot4Print       (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys

22:34:06.0281 0984        Dot4Print - ok

22:34:06.0366 0984        dot4usb         (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys

22:34:06.0411 0984        dot4usb - ok

22:34:06.0526 0984        drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

22:34:06.0556 0984        drmkaud - ok

22:34:06.0614 0984        DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

22:34:06.0644 0984        DXGKrnl - ok

22:34:06.0774 0984        ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

22:34:06.0864 0984        ebdrv - ok

22:34:06.0909 0984        elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

22:34:06.0927 0984        elxstor - ok

22:34:06.0969 0984        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

22:34:06.0999 0984        ErrDev - ok

22:34:07.0042 0984        exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

22:34:07.0089 0984        exfat - ok

22:34:07.0119 0984        fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

22:34:07.0172 0984        fastfat - ok

22:34:07.0212 0984        fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

22:34:07.0239 0984        fdc - ok

22:34:07.0269 0984        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

22:34:07.0282 0984        FileInfo - ok

22:34:07.0307 0984        Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

22:34:07.0357 0984        Filetrace - ok

22:34:07.0389 0984        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

22:34:07.0424 0984        flpydisk - ok

22:34:07.0477 0984        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

22:34:07.0494 0984        FltMgr - ok

22:34:07.0524 0984        FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

22:34:07.0537 0984        FsDepends - ok

22:34:07.0564 0984        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

22:34:07.0577 0984        Fs_Rec - ok

22:34:07.0642 0984        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

22:34:07.0659 0984        fvevol - ok

22:34:07.0729 0984        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

22:34:07.0744 0984        gagp30kx - ok

22:34:07.0829 0984        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

22:34:07.0859 0984        hcw85cir - ok

22:34:07.0917 0984        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

22:34:07.0954 0984        HdAudAddService - ok

22:34:08.0009 0984        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

22:34:08.0044 0984        HDAudBus - ok

22:34:08.0082 0984        HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

22:34:08.0114 0984        HidBatt - ok

22:34:08.0149 0984        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

22:34:08.0192 0984        HidBth - ok

22:34:08.0232 0984        HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

22:34:08.0259 0984        HidIr - ok

22:34:08.0322 0984        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

22:34:08.0359 0984        HidUsb - ok

22:34:08.0447 0984        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

22:34:08.0462 0984        HpSAMD - ok

22:34:08.0539 0984        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

22:34:08.0594 0984        HTTP - ok

22:34:08.0647 0984        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

22:34:08.0659 0984        hwpolicy - ok

22:34:08.0704 0984        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

22:34:08.0747 0984        i8042prt - ok

22:34:08.0809 0984        iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

22:34:08.0827 0984        iaStorV - ok

22:34:08.0874 0984        iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

22:34:08.0887 0984        iirsp - ok

22:34:08.0917 0984        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

22:34:08.0927 0984        intelide - ok

22:34:08.0969 0984        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

22:34:08.0984 0984        intelppm - ok

22:34:09.0182 0984        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:34:09.0239 0984        IpFilterDriver - ok

22:34:09.0287 0984        IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

22:34:09.0302 0984        IPMIDRV - ok

22:34:09.0372 0984        IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

22:34:09.0419 0984        IPNAT - ok

22:34:09.0459 0984        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

22:34:09.0499 0984        IRENUM - ok

22:34:09.0539 0984        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

22:34:09.0549 0984        isapnp - ok

22:34:09.0594 0984        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

22:34:09.0609 0984        iScsiPrt - ok

22:34:09.0664 0984        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

22:34:09.0682 0984        kbdclass - ok

22:34:09.0727 0984        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

22:34:09.0742 0984        kbdhid - ok

22:34:09.0797 0984        KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

22:34:09.0809 0984        KSecDD - ok

22:34:09.0849 0984        KSecPkg         (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

22:34:09.0862 0984        KSecPkg - ok

22:34:09.0907 0984        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

22:34:09.0962 0984        lltdio - ok

22:34:10.0017 0984        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

22:34:10.0029 0984        LSI_FC - ok

22:34:10.0059 0984        LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

22:34:10.0072 0984        LSI_SAS - ok

22:34:10.0099 0984        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

22:34:10.0109 0984        LSI_SAS2 - ok

22:34:10.0297 0984        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

22:34:10.0312 0984        LSI_SCSI - ok

22:34:10.0352 0984        luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

22:34:10.0397 0984        luafv - ok

22:34:10.0484 0984        MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

22:34:10.0497 0984        MBAMProtector - ok

22:34:10.0564 0984        megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

22:34:10.0577 0984        megasas - ok

22:34:10.0779 0984        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

22:34:10.0794 0984        MegaSR - ok

22:34:10.0842 0984        Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

22:34:10.0907 0984        Modem - ok

22:34:10.0944 0984        monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

22:34:10.0977 0984        monitor - ok

22:34:11.0034 0984        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

22:34:11.0049 0984        mouclass - ok

22:34:11.0082 0984        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

22:34:11.0114 0984        mouhid - ok

22:34:11.0167 0984        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

22:34:11.0179 0984        mountmgr - ok

22:34:11.0227 0984        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

22:34:11.0239 0984        mpio - ok

22:34:11.0257 0984        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

22:34:11.0307 0984        mpsdrv - ok

22:34:11.0382 0984        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

22:34:11.0424 0984        MRxDAV - ok

22:34:11.0582 0984        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

22:34:11.0624 0984        mrxsmb - ok

22:34:11.0667 0984        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:34:11.0682 0984        mrxsmb10 - ok

22:34:11.0724 0984        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:34:11.0739 0984        mrxsmb20 - ok

22:34:11.0784 0984        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

22:34:11.0799 0984        msahci - ok

22:34:11.0842 0984        msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

22:34:11.0854 0984        msdsm - ok

22:34:11.0927 0984        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

22:34:11.0982 0984        Msfs - ok

22:34:12.0012 0984        mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

22:34:12.0052 0984        mshidkmdf - ok

22:34:12.0099 0984        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

22:34:12.0112 0984        msisadrv - ok

22:34:12.0159 0984        MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

22:34:12.0209 0984        MSKSSRV - ok

22:34:12.0239 0984        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

22:34:12.0284 0984        MSPCLOCK - ok

22:34:12.0317 0984        MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

22:34:12.0349 0984        MSPQM - ok

22:34:12.0379 0984        MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

22:34:12.0392 0984        MsRPC - ok

22:34:12.0419 0984        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

22:34:12.0429 0984        mssmbios - ok

22:34:12.0614 0984        MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

22:34:12.0659 0984        MSTEE - ok

22:34:12.0859 0984        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

22:34:12.0902 0984        MTConfig - ok

22:34:12.0924 0984        Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

22:34:12.0934 0984        Mup - ok

22:34:12.0984 0984        NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

22:34:13.0004 0984        NativeWifiP - ok

22:34:13.0079 0984        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

22:34:13.0102 0984        NDIS - ok

22:34:13.0127 0984        NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

22:34:13.0172 0984        NdisCap - ok

22:34:13.0212 0984        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

22:34:13.0262 0984        NdisTapi - ok

22:34:13.0319 0984        Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

22:34:13.0367 0984        Ndisuio - ok

22:34:13.0422 0984        NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

22:34:13.0472 0984        NdisWan - ok

22:34:13.0519 0984        NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

22:34:13.0574 0984        NDProxy - ok

22:34:13.0649 0984        NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

22:34:13.0707 0984        NetBIOS - ok

22:34:13.0759 0984        NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

22:34:13.0817 0984        NetBT - ok

22:34:13.0902 0984        netr28u         (9067a7689d108c4f15ed2fcf2c572b5c) C:\Windows\system32\DRIVERS\netr28u.sys

22:34:13.0922 0984        netr28u - ok

22:34:13.0982 0984        nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

22:34:13.0994 0984        nfrd960 - ok

22:34:14.0029 0984        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

22:34:14.0077 0984        Npfs - ok

22:34:14.0107 0984        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

22:34:14.0159 0984        nsiproxy - ok

22:34:14.0242 0984        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

22:34:14.0274 0984        Ntfs - ok

22:34:14.0292 0984        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

22:34:14.0344 0984        Null - ok

22:34:14.0397 0984        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

22:34:14.0409 0984        nvraid - ok

22:34:14.0444 0984        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

22:34:14.0457 0984        nvstor - ok

22:34:14.0509 0984        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

22:34:14.0524 0984        nv_agp - ok

22:34:14.0737 0984        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

22:34:14.0772 0984        ohci1394 - ok

22:34:14.0832 0984        Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

22:34:14.0874 0984        Parport - ok

22:34:14.0927 0984        partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

22:34:14.0939 0984        partmgr - ok

22:34:15.0049 0984        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

22:34:15.0084 0984        Parvdm - ok

22:34:15.0137 0984        pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

22:34:15.0149 0984        pci - ok

22:34:15.0184 0984        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

22:34:15.0197 0984        pciide - ok

22:34:15.0234 0984        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

22:34:15.0249 0984        pcmcia - ok

22:34:15.0272 0984        pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

22:34:15.0284 0984        pcw - ok

22:34:15.0322 0984        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

22:34:15.0384 0984        PEAUTH - ok

22:34:15.0492 0984        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

22:34:15.0632 0984        PptpMiniport - ok

22:34:15.0662 0984        Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

22:34:15.0692 0984        Processor - ok

22:34:15.0737 0984        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

22:34:15.0799 0984        Psched - ok

22:34:15.0894 0984        PSI             (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys

22:34:15.0907 0984        PSI - ok

22:34:15.0967 0984        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

22:34:15.0999 0984        ql2300 - ok

22:34:16.0032 0984        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

22:34:16.0044 0984        ql40xx - ok

22:34:16.0072 0984        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

22:34:16.0087 0984        QWAVEdrv - ok

22:34:16.0184 0984        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

22:34:16.0234 0984        RasAcd - ok

22:34:16.0297 0984        RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

22:34:16.0334 0984        RasAgileVpn - ok

22:34:16.0359 0984        Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

22:34:16.0387 0984        Rasl2tp - ok

22:34:16.0434 0984        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

22:34:16.0479 0984        RasPppoe - ok

22:34:16.0502 0984        RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

22:34:16.0552 0984        RasSstp - ok

22:34:16.0602 0984        rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

22:34:16.0669 0984        rdbss - ok

22:34:16.0854 0984        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

22:34:16.0872 0984        rdpbus - ok

22:34:16.0919 0984        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

22:34:16.0967 0984        RDPCDD - ok

22:34:17.0002 0984        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

22:34:17.0027 0984        RDPENCDD - ok

22:34:17.0052 0984        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

22:34:17.0097 0984        RDPREFMP - ok

22:34:17.0159 0984        RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

22:34:17.0202 0984        RDPWD - ok

22:34:17.0264 0984        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

22:34:17.0279 0984        rdyboost - ok

22:34:17.0329 0984        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

22:34:17.0377 0984        rspndr - ok

22:34:17.0462 0984        SABI            (6e5fbb7cbaec47038b945d5e9b144a64) C:\Windows\system32\Drivers\SABI.sys

22:34:17.0472 0984        SABI - ok

22:34:17.0509 0984        SANDRA - ok

22:34:17.0569 0984        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

22:34:17.0582 0984        sbp2port - ok

22:34:17.0634 0984        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

22:34:17.0674 0984        scfilter - ok

22:34:17.0747 0984        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

22:34:17.0804 0984        secdrv - ok

22:34:17.0879 0984        Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

22:34:17.0904 0984        Serenum - ok

22:34:17.0949 0984        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

22:34:17.0964 0984        Serial - ok

22:34:18.0009 0984        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

22:34:18.0042 0984        sermouse - ok

22:34:18.0152 0984        sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

22:34:18.0172 0984        sffdisk - ok

22:34:18.0214 0984        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

22:34:18.0239 0984        sffp_mmc - ok

22:34:18.0287 0984        sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

22:34:18.0317 0984        sffp_sd - ok

22:34:18.0352 0984        sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

22:34:18.0379 0984        sfloppy - ok

22:34:18.0422 0984        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

22:34:18.0434 0984        sisagp - ok

22:34:18.0502 0984        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

22:34:18.0517 0984        SiSRaid2 - ok

22:34:18.0549 0984        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

22:34:18.0562 0984        SiSRaid4 - ok

22:34:18.0612 0984        Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

22:34:18.0654 0984        Smb - ok

22:34:18.0702 0984        spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

22:34:18.0712 0984        spldr - ok

22:34:18.0777 0984        sptd - ok

22:34:18.0824 0984        srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

22:34:18.0862 0984        srv - ok

22:34:18.0917 0984        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

22:34:18.0949 0984        srv2 - ok

22:34:18.0972 0984        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

22:34:19.0004 0984        srvnet - ok

22:34:19.0062 0984        ssmdrv          (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys

22:34:19.0074 0984        ssmdrv - ok

22:34:19.0107 0984        StarOpen - ok

22:34:19.0174 0984        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

22:34:19.0184 0984        stexstor - ok

22:34:19.0227 0984        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

22:34:19.0239 0984        swenum - ok

22:34:19.0319 0984        Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys

22:34:19.0352 0984        Tcpip - ok

22:34:19.0394 0984        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys

22:34:19.0424 0984        TCPIP6 - ok

22:34:19.0482 0984        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

22:34:19.0542 0984        tcpipreg - ok

22:34:19.0597 0984        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

22:34:19.0637 0984        TDPIPE - ok

22:34:19.0677 0984        TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

22:34:19.0722 0984        TDTCP - ok

22:34:19.0767 0984        tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

22:34:19.0797 0984        tdx - ok

22:34:19.0837 0984        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

22:34:19.0852 0984        TermDD - ok

22:34:19.0892 0984        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

22:34:19.0934 0984        tssecsrv - ok

22:34:20.0009 0984        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

22:34:20.0037 0984        TsUsbFlt - ok

22:34:20.0109 0984        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

22:34:20.0137 0984        tunnel - ok

22:34:20.0189 0984        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

22:34:20.0202 0984        uagp35 - ok

22:34:20.0249 0984        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

22:34:20.0294 0984        udfs - ok

22:34:20.0362 0984        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

22:34:20.0374 0984        uliagpkx - ok

22:34:20.0437 0984        umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

22:34:20.0474 0984        umbus - ok

22:34:20.0519 0984        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

22:34:20.0554 0984        UmPass - ok

22:34:20.0774 0984        USBAAPL         (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys

22:34:20.0782 0984        USBAAPL ( UnsignedFile.Multi.Generic ) - warning

22:34:20.0782 0984        USBAAPL - detected UnsignedFile.Multi.Generic (1)

22:34:20.0837 0984        usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

22:34:21.0037 0984        usbccgp - ok

22:34:21.0249 0984        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

22:34:21.0292 0984        usbcir - ok

22:34:21.0322 0984        usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

22:34:21.0354 0984        usbehci - ok

22:34:21.0397 0984        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

22:34:21.0412 0984        usbhub - ok

22:34:21.0439 0984        usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys

22:34:21.0462 0984        usbohci - ok

22:34:21.0522 0984        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

22:34:21.0562 0984        usbprint - ok

22:34:21.0634 0984        usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

22:34:21.0694 0984        usbscan - ok

22:34:21.0744 0984        USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:34:21.0779 0984        USBSTOR - ok

22:34:21.0809 0984        usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys

22:34:21.0822 0984        usbuhci - ok

22:34:21.0887 0984        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys

22:34:21.0909 0984        usbvideo - ok

22:34:21.0969 0984        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

22:34:21.0979 0984        vdrvroot - ok

22:34:22.0039 0984        vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

22:34:22.0089 0984        vga - ok

22:34:22.0114 0984        VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

22:34:22.0144 0984        VgaSave - ok

22:34:22.0352 0984        vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

22:34:22.0364 0984        vhdmp - ok

22:34:22.0412 0984        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

22:34:22.0422 0984        viaagp - ok

22:34:22.0447 0984        ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

22:34:22.0484 0984        ViaC7 - ok

22:34:22.0534 0984        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

22:34:22.0547 0984        viaide - ok

22:34:22.0589 0984        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

22:34:22.0602 0984        volmgr - ok

22:34:22.0634 0984        volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

22:34:22.0649 0984        volmgrx - ok

22:34:22.0699 0984        volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

22:34:22.0714 0984        volsnap - ok

22:34:22.0762 0984        vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

22:34:22.0774 0984        vsmraid - ok

22:34:22.0804 0984        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

22:34:22.0837 0984        vwifibus - ok

22:34:22.0872 0984        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

22:34:22.0912 0984        vwififlt - ok

22:34:22.0952 0984        vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys

22:34:22.0984 0984        vwifimp - ok

22:34:23.0017 0984        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

22:34:23.0044 0984        WacomPen - ok

22:34:23.0107 0984        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

22:34:23.0149 0984        WANARP - ok

22:34:23.0154 0984        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

22:34:23.0182 0984        Wanarpv6 - ok

22:34:23.0224 0984        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

22:34:23.0237 0984        Wd - ok

22:34:23.0262 0984        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

22:34:23.0282 0984        Wdf01000 - ok

22:34:23.0334 0984        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

22:34:23.0362 0984        WfpLwf - ok

22:34:23.0387 0984        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

22:34:23.0399 0984        WIMMount - ok

22:34:23.0467 0984        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys

22:34:23.0482 0984        WinUsb - ok

22:34:23.0517 0984        WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

22:34:23.0554 0984        WmiAcpi - ok

22:34:23.0599 0984        ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

22:34:23.0639 0984        ws2ifsl - ok

22:34:23.0704 0984        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

22:34:23.0747 0984        WudfPf - ok

22:34:23.0797 0984        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

22:34:23.0839 0984        WUDFRd - ok

22:34:23.0919 0984        yukonw7         (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys

22:34:23.0937 0984        yukonw7 - ok

22:34:23.0992 0984        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

22:34:24.0217 0984        \Device\Harddisk0\DR0 - ok

22:34:24.0222 0984        Boot (0x1200)   (ca262f3f563ef38db9441f143d556f6e) \Device\Harddisk0\DR0\Partition0

22:34:24.0224 0984        \Device\Harddisk0\DR0\Partition0 - ok

22:34:24.0274 0984        Boot (0x1200)   (10108195033f5902dacd078f9f60e81e) \Device\Harddisk0\DR0\Partition1

22:34:24.0274 0984        \Device\Harddisk0\DR0\Partition1 - ok

22:34:24.0277 0984        ============================================================

22:34:24.0277 0984        Scan finished

22:34:24.0277 0984        ============================================================

22:34:24.0289 3720        Detected object count: 1

22:34:24.0289 3720        Actual detected object count: 1

22:36:13.0693 3720        USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user

22:36:13.0693 3720        USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip