Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BKA Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.08.2011, 01:31   #1
PamBam
 
BKA Trojaner - Standard

BKA Trojaner



Moin,

bei mir hat gestern mittag der BKA Trojaner zugeschlagen, habe mittlerweile dank Kaspersky Rescue CD wieder Zugriff auf den Rechner.

Möchte nun aber sicherstellen das auch alle Überreste beseitigt sind.

Mache gerade einen Vollscan mit Malwarebytes.
(Bitdefender läuft im Hintergrund und hat auch zwischendrin schonmal was im Zusammenhang mit Malwarebytes gemeldet, ist das hinderlich?)

Sobald der Scan durch ist poste ich die Log, anschließend wollte ich einen Scan mit OTL machen und werde die Log ebenfalls posten.

Braucht ihr fürs erste noch etwas abgesehen von den beiden Logs?

Freue mich auf kompetente Hilfe

Gruß
PamBam

Alt 04.08.2011, 10:53   #2
PamBam
 
BKA Trojaner - Standard

BKA Trojaner



Hab Malwarebytes die ganze Nacht durchlaufen lassen, lief auch bis zum ende aber irgendwie hat das mit dem Log nicht geklappt.

Soll ich jetzt einfach einen Vollscan mit OTL machen?
__________________


Alt 04.08.2011, 11:53   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - Standard

BKA Trojaner



Einfach im Reiter Logdateien von Malwarebytes mal nachsehen - alle Logs die dort sichtbar sind posten.
__________________
__________________

Alt 04.08.2011, 12:04   #4
PamBam
 
BKA Trojaner - Standard

BKA Trojaner



Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7367

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18828

04.08.2011 01:55:06
mbam-log-2011-08-04 (01-55-06).txt

Art des Suchlaufs: Flash-Scan
Durchsuchte Objekte: 134414
Laufzeit: 24 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7367

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18828

04.08.2011 01:58:58
mbam-log-2011-08-04 (01-58-58).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 172907
Laufzeit: 3 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7367

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18828

04.08.2011 11:24:39
mbam-log-2011-08-04 (11-24-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|)
Durchsuchte Objekte: 482070
Laufzeit: 1 Stunde(n), 31 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Computer\Desktop\reconnect\bat\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.

Alt 04.08.2011, 12:59   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - Standard

BKA Trojaner



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.08.2011, 14:30   #6
PamBam
 
BKA Trojaner - Standard

BKA Trojaner



Da fehlt noch was, ich lade es als Textdatei hoch.

edit:

geht auch nicht weil zu groß, ich versuches es nochmal so.

Alt 04.08.2011, 14:36   #7
PamBam
 
BKA Trojaner - Standard

BKA Trojaner



OTL logfile created on: 04.08.2011 14:57:52 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Computer\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,98 Gb Available Physical Memory | 74,55% Memory free
8,21 Gb Paging File | 6,34 Gb Available in Paging File | 77,16% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136,72 Gb Total Space | 1,24 Gb Free Space | 0,91% Space Free | Partition Type: NTFS
Drive D: | 253,91 Gb Total Space | 6,93 Gb Free Space | 2,73% Space Free | Partition Type: NTFS
Drive E: | 205,54 Gb Total Space | 7,13 Gb Free Space | 3,47% Space Free | Partition Type: NTFS
Drive H: | 909,90 Mb Total Space | 751,26 Mb Free Space | 82,57% Space Free | Partition Type: NTFS
Drive I: | 148,16 Gb Total Space | 136,49 Gb Free Space | 92,12% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.08.04 02:09:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Computer\Desktop\OTL.exe
PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.05.22 20:41:07 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009.03.20 02:03:00 | 001,904,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
PRC - [2008.06.03 02:06:34 | 005,964,800 | ---- | M] () -- C:\Programme\ASUS\Six Engine\SixEngine.exe


========== Modules (SafeList) ==========

MOD - [2011.08.04 02:09:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Computer\Desktop\OTL.exe
MOD - [2011.04.07 16:57:57 | 000,276,992 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2011\Active Virus Control\Midas_00081_013\plugin_nt.m32
MOD - [2011.04.01 15:29:31 | 000,166,912 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2011\Active Virus Control\Midas_00081_013\plugin_extra.m32
MOD - [2011.04.01 15:29:31 | 000,089,600 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2011\Active Virus Control\Midas_00081_013\plugin_net.m32
MOD - [2011.04.01 15:29:29 | 000,657,408 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2011\Active Virus Control\Midas_00081_013\plugin_fragments.m32
MOD - [2011.04.01 15:29:29 | 000,136,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2011\Active Virus Control\Midas_00081_013\plugin_base.m32
MOD - [2011.04.01 15:29:28 | 000,232,968 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2011\Active Virus Control\Midas_00081_013\midas32.dll
MOD - [2011.04.01 15:29:28 | 000,120,832 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2011\Active Virus Control\Midas_00081_013\plugin_registry.m32
MOD - [2009.12.08 21:03:42 | 000,116,224 | ---- | M] (BitDefender SRL) -- C:\Programme\BitDefender\BitDefender 2011\Active Virus Control\Midas_00081_013\leaktests.m32
MOD - [2008.01.19 00:26:36 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.07.22 16:48:25 | 002,660,624 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV)
SRV:64bit: - [2011.06.03 12:37:11 | 000,053,224 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (Updatesrv)
SRV:64bit: - [2011.05.25 05:03:38 | 000,204,288 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.09.03 17:40:41 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2008.01.19 01:00:54 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.05.22 20:41:07 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.02.23 18:07:32 | 000,467,248 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Programme\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2010.06.30 17:28:46 | 000,040,960 | ---- | M] () [Disabled | Stopped] -- C:\Users\Computer\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009.09.03 17:41:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.07.16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2008.07.27 20:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011.07.06 19:52:42 | 000,025,912 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.05.25 06:26:56 | 009,359,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.05.25 06:26:56 | 009,359,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.25 04:25:42 | 000,309,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.04.02 09:24:56 | 000,431,176 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2011.03.28 10:52:52 | 000,053,840 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\uimx64.sys -- (UimBus)
DRV:64bit: - [2011.03.28 10:52:50 | 000,528,464 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2011.03.28 10:52:48 | 000,037,456 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.10 08:46:40 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.06.28 13:55:44 | 001,040,976 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\avckf.sys -- (avckf)
DRV:64bit: - [2010.06.28 13:55:38 | 000,692,816 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\avc3.sys -- (avc3)
DRV:64bit: - [2010.05.13 17:52:08 | 000,162,896 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bdfm.sys -- (BDFM)
DRV:64bit: - [2010.05.06 11:21:40 | 000,122,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.04.19 20:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.04.19 20:29:18 | 000,022,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2009.07.22 10:11:20 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\KeyMagic.sys -- (KeyMagic)
DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.20 02:03:00 | 000,460,800 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2009.03.20 02:03:00 | 000,014,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2009.01.23 10:49:08 | 000,046,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2008.06.30 19:28:00 | 000,056,320 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E)
DRV:64bit: - [2008.06.24 00:21:32 | 000,173,096 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2008.01.18 23:47:14 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008.01.15 10:42:24 | 000,120,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zebrsce.sys -- (zebrsce)
DRV:64bit: - [2008.01.15 10:42:22 | 000,145,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zebrmdmc.sys -- (zebrmdmc) Sony Ericsson mRouter Port (WDM)
DRV:64bit: - [2008.01.15 10:42:22 | 000,145,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zebrmdm.sys -- (zebrmdm) Sony Ericsson Port (WDM)
DRV:64bit: - [2008.01.15 10:42:22 | 000,018,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zebrmdfl.sys -- (zebrmdfl)
DRV:64bit: - [2008.01.15 10:42:20 | 000,108,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zebrbus.sys -- (zebrbus)
DRV:64bit: - [2008.01.15 10:42:20 | 000,081,280 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\zebrceb.sys -- (zebrceb) Sony Ericsson Cable Emulation Bus (WDM)
DRV:64bit: - [2007.03.20 11:33:28 | 000,016,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\libusb0.sys -- (libusb0)
DRV:64bit: - [2007.01.04 08:09:50 | 000,011,576 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2007.01.04 08:09:48 | 000,054,072 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\Drivers\DgiVecp.sys -- (DgiVecp)
DRV:64bit: - [2006.11.01 01:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2006.09.18 23:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010.11.16 17:54:13 | 000,115,280 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (Bdftdif)
DRV - [2010.05.24 00:14:23 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2009.05.08 16:54:44 | 000,007,168 | ---- | M] (MPlayer <hxxp://svn.mplayerhq.hu/mplayer/trunk/vidix/dhahelperwin/>) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\dhahelper.sys -- (DhaHelper)
DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2007.02.07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2004.05.17 23:04:16 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\DGIVECP.SYS -- (DgiVecp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: tabflick@xuldev.org:0.3.8
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..keyword.URL: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDAPHFFEXT\ [2011.06.30 15:40:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2011.06.30 15:40:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.30 15:23:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.30 15:23:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.07.28 11:38:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.06.29 19:53:35 | 000,000,000 | ---D | M]

[2010.09.08 14:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Extensions
[2010.09.08 14:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.08.04 11:30:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\ep4t8tlo.default\extensions
[2011.07.01 18:09:58 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\ep4t8tlo.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2009.04.05 10:07:12 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\ep4t8tlo.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009.03.16 11:48:38 | 000,000,000 | ---D | M] (Comfortbar) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\ep4t8tlo.default\extensions\comfort@bar
[2011.02.16 18:31:10 | 000,009,837 | ---- | M] () -- C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\ep4t8tlo.default\searchplugins\ddl-search-v2.xml
[2010.06.30 17:28:52 | 000,001,834 | ---- | M] () -- C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\ep4t8tlo.default\searchplugins\{AE533855-2E54-40CA-AD4D-8742D6F5ADCA}.xml
[2010.06.30 17:28:52 | 000,002,152 | ---- | M] () -- C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\ep4t8tlo.default\searchplugins\{CDE2FABF-4F9D-458E-9ECB-AA394A73A992}.xml
[2011.06.30 15:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.03.22 23:18:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.11 00:49:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011.06.30 15:40:43 | 000,000,000 | ---D | M] ("BitDefender Antiphishing Toolbar") -- C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDAPHFFEXT
() (No name found) -- C:\USERS\COMPUTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EP4T8TLO.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\COMPUTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EP4T8TLO.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\COMPUTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EP4T8TLO.DEFAULT\EXTENSIONS\TABFLICK@XULDEV.ORG.XPI
[2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.07.03 17:59:50 | 000,403,959 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O1 - Hosts: 127.0.0.1 007guard.com - 007guard and Free Antivirus
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 Free Spyware | Avast | Unzip Zip Files | Script Editor | Vim Scouring Powder at 0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 13975 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O3:64bit: - HKLM\..\Toolbar: (Bitdefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (Bitdefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2011\Antispam32\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v911/Navigram.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll ()
O24 - Desktop WallPaper: C:\Users\Computer\Desktop\5693666945_0fb1f70557_o.jpg
O24 - Desktop BackupWallPaper: C:\Users\Computer\Desktop\5693666945_0fb1f70557_o.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3a88f456-7640-11e0-89a2-001f3f03a36a}\Shell\AutoRun\command - "" = J:\PMBP_Win.exe
O33 - MountPoints2\{93ca2895-ec96-11df-87ab-001f3f03a36a}\Shell - "" = AutoRun
O33 - MountPoints2\{93ca2895-ec96-11df-87ab-001f3f03a36a}\Shell\AutoRun\command - "" = G:\start.exe
O33 - MountPoints2\{e6f52c89-5cf5-11e0-b968-001f3f03a36a}\Shell - "" = AutoRun
O33 - MountPoints2\{e6f52c89-5cf5-11e0-b968-001f3f03a36a}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{e776e7e1-5055-11de-ab8d-002215950fa6}\Shell - "" = AutoRun
O33 - MountPoints2\{e776e7e1-5055-11de-ab8d-002215950fa6}\Shell\AutoRun\command - "" = H:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll ()

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Air Mouse.lnk - C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: BitDefender Antiphishing Helper - hkey= - key= - C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
MsConfig:64bit - StartUpReg: ccleaner - hkey= - key= - C:\Program Files (x86)\CCleaner\CCleaner.exe (Piriform Ltd)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: LGODDFU - hkey= - key= - C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
MsConfig:64bit - StartUpReg: mRouterConfig - hkey= - key= - C:\Program Files (x86)\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe (Intuwave Ltd.)
MsConfig:64bit - StartUpReg: Ocs_SM - hkey= - key= - C:\Users\Computer\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
MsConfig:64bit - StartUpReg: PC Suite for Smartphones - hkey= - key= - C:\Program Files (x86)\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe ()
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: Samsung Common SM - hkey= - key= - C:\Windows\Samsung\ComSMMgr\ssmmgr.exe (Samsung Electronics.)
MsConfig:64bit - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: TBPanel - hkey= - key= - C:\Program Files (x86)\Vtune ATI\TBPanel.exe ()
MsConfig:64bit - StartUpReg: WindowsWelcomeCenter - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll ()
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll ()
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {25A0F77B-B2D8-9545-C1DE-A8970BB56833} - Microsoft Windows Media Player
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {9869180F-5826-D05A-1388-AD250B96B0C7} - Themes Setup
ActiveX:64bit: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

Alt 04.08.2011, 14:39   #8
PamBam
 
BKA Trojaner - Standard

BKA Trojaner



CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.08.04 02:09:34 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Computer\Desktop\OTL.exe
[2011.08.04 01:52:31 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\Malwarebytes
[2011.08.04 01:52:12 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.08.04 01:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.04 01:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.04 01:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.08.04 01:51:33 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Computer\Desktop\mbam-setup-1.51.1.1800.exe
[2011.07.29 18:39:17 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\Ruths Geburtstagsfeier 2011-07-24
[2011.07.29 00:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\backup
[2011.07.29 00:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\explauncher
[2011.07.29 00:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher
[2011.07.29 00:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup & Recovery™ 2011 Free
[2011.07.29 00:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paragon Software
[2011.07.28 11:47:51 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\Games
[2011.07.27 23:47:54 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\Lightroom_Export
[2011.07.26 11:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mediachance
[2011.07.26 11:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HotPixels
[2011.07.25 15:37:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E0AA18F2-09D6-4397-AE90-02E435694681}
[2011.07.25 15:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Topaz Labs
[2011.07.25 15:37:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\{7313A1C0-A06F-4C38-B9ED-E538350C744F}
[2011.07.25 15:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Topaz Labs
[2011.07.25 15:37:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Topaz Labs
[2011.07.25 15:37:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Topaz Labs
[2011.07.25 15:37:03 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\PackageAware
[2011.07.22 19:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SDA
[2011.07.22 19:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SD Formatter
[2011.07.22 18:35:30 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\Fotos Sicherung 22.07.11
[2011.07.22 18:33:28 | 000,418,816 | ---- | C] (c't Magazin für Computertechnik) -- C:\Users\Computer\Desktop\h2testw.exe
[2011.07.14 16:12:46 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\DSLR 14-07-2011
[2011.07.10 19:56:44 | 000,000,000 | -HSD | C] -- C:\Users\Computer\wc
[2011.07.10 19:51:38 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\10.07.11
[2011.07.09 22:56:03 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\HD Tune Pro
[2011.07.09 22:55:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro
[2011.07.09 22:55:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune Pro
[2011.07.09 22:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
[2011.07.09 22:45:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune
[2011.07.07 18:55:01 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\Ü-Band - Wieder mal Sommer Teil 1
[7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.08.04 14:56:20 | 001,482,714 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.08.04 14:56:20 | 000,642,482 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.08.04 14:56:20 | 000,607,470 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.08.04 14:56:20 | 000,131,828 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.08.04 14:56:20 | 000,108,742 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.08.04 14:51:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.04 13:27:34 | 000,003,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.04 13:27:34 | 000,003,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.04 11:27:30 | 4293,967,872 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.04 02:09:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Computer\Desktop\OTL.exe
[2011.08.04 01:59:09 | 000,000,466 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011.08.04 01:52:13 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.04 01:51:43 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Computer\Desktop\mbam-setup-1.51.1.1800.exe
[2011.08.04 01:30:26 | 003,108,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.08.03 14:12:34 | 000,000,680 | ---- | M] () -- C:\Users\Computer\AppData\Local\d3d9caps.dat
[2011.08.02 12:46:47 | 006,458,990 | ---- | M] () -- C:\Users\Computer\Desktop\xg-m.pdf
[2011.08.02 12:39:48 | 000,019,011 | ---- | M] () -- C:\Users\Computer\lightroom kifghtscribe.lsl
[2011.08.02 11:32:56 | 000,014,766 | ---- | M] () -- C:\Users\Computer\Desktop\lightroom.jpg
[2011.08.01 12:12:49 | 000,312,719 | ---- | M] () -- C:\Users\Computer\Desktop\Phaeno_001_IMGP1957_20110731.jpg
[2011.08.01 11:21:33 | 000,408,759 | ---- | M] () -- C:\Users\Computer\Desktop\Phaeno_001_IMGP1972_20110731.jpg
[2011.08.01 10:50:29 | 000,426,578 | ---- | M] () -- C:\Users\Computer\Desktop\20110731-IMGP1947-2.jpg
[2011.08.01 01:35:31 | 000,478,844 | ---- | M] () -- C:\Users\Computer\Desktop\20110731-IMGP1947.jpg
[2011.07.31 00:39:06 | 000,007,035 | ---- | M] () -- C:\Users\Computer\Desktop\IMGP0626.xmp
[2011.07.30 11:28:36 | 000,405,650 | ---- | M] () -- C:\Users\Computer\Desktop\20110730-IMGP1519.jpg
[2011.07.30 11:10:16 | 000,319,659 | ---- | M] () -- C:\Users\Computer\Desktop\Export_006_IMGP1519_20110730 (2).jpg
[2011.07.30 01:53:30 | 000,213,083 | ---- | M] () -- C:\Users\Computer\Desktop\Export_006_IMGP1519_20110730.jpg
[2011.07.30 01:39:25 | 006,649,303 | ---- | M] () -- C:\Users\Computer\Desktop\Export_002_IMGP1504_20110729-2.jpg
[2011.07.29 14:18:32 | 000,044,032 | ---- | M] () -- C:\Users\Computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.29 00:05:04 | 000,002,276 | ---- | M] () -- C:\Users\Public\Desktop\Paragon Backup & Recovery™ 2011 Free.lnk
[2011.07.26 11:30:28 | 004,716,232 | ---- | M] () -- C:\Users\Computer\Desktop\IMGP1221-2.JPG
[2011.07.26 11:29:03 | 000,090,509 | ---- | M] () -- C:\Users\Computer\Desktop\IMGP1188-2.JPG
[2011.07.26 11:28:02 | 000,001,724 | ---- | M] () -- C:\Users\Computer\Desktop\HotPixels.lnk
[2011.07.24 14:01:32 | 002,561,558 | ---- | M] () -- C:\Users\Computer\Desktop\IMGP1221.JPG
[2011.07.23 22:50:53 | 000,113,775 | ---- | M] () -- C:\Users\Computer\Desktop\IMGP1188.jpg
[2011.07.23 14:16:57 | 003,678,678 | ---- | M] () -- C:\Users\Computer\Desktop\5693666945_0fb1f70557_o.jpg
[2011.07.22 19:14:04 | 000,002,447 | ---- | M] () -- C:\Users\Computer\Desktop\SD Formatter.lnk
[2011.07.21 11:24:03 | 002,304,627 | ---- | M] () -- C:\Users\Computer\Desktop\Safaga 2011-06-011.jpg
[2011.07.20 16:05:02 | 010,259,169 | ---- | M] () -- C:\Users\Computer\Desktop\IMGP0626.PEF
[2011.07.20 16:04:55 | 010,366,862 | ---- | M] () -- C:\Users\Computer\Desktop\IMGP0774.PEF
[2011.07.20 16:04:45 | 010,218,958 | ---- | M] () -- C:\Users\Computer\Desktop\IMGP0849.PEF
[2011.07.20 16:04:26 | 010,519,950 | ---- | M] () -- C:\Users\Computer\Desktop\IMGP0941.PEF
[2011.07.20 16:04:22 | 010,386,743 | ---- | M] () -- C:\Users\Computer\Desktop\IMGP0967.PEF
[2011.07.11 15:52:57 | 000,001,757 | ---- | M] () -- C:\Users\Computer\Desktop\Photomatix Pro 4.0.2 (64-bit).lnk
[2011.07.11 11:58:34 | 000,648,329 | ---- | M] () -- C:\Users\Computer\Desktop\leva_final.jpg
[2011.07.11 11:57:11 | 000,551,727 | ---- | M] () -- C:\Users\Computer\Desktop\leva_00-2.jpg
[2011.07.11 11:52:10 | 000,602,137 | ---- | M] () -- C:\Users\Computer\Desktop\leva_00.jpg
[2011.07.07 18:33:54 | 445,798,119 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.07.06 19:52:42 | 000,025,912 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.08.04 01:59:09 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.08.04 01:52:13 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.04 01:52:07 | 000,025,912 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2011.08.04 01:29:21 | 4293,967,872 | -HS- | C] () -- C:\hiberfil.sys
[2011.08.03 14:12:34 | 000,000,680 | ---- | C] () -- C:\Users\Computer\AppData\Local\d3d9caps.dat
[2011.08.02 12:46:47 | 006,458,990 | ---- | C] () -- C:\Users\Computer\Desktop\xg-m.pdf
[2011.08.02 12:39:48 | 000,019,011 | ---- | C] () -- C:\Users\Computer\lightroom kifghtscribe.lsl
[2011.08.02 11:32:54 | 000,014,766 | ---- | C] () -- C:\Users\Computer\Desktop\lightroom.jpg
[2011.08.01 12:12:49 | 000,312,719 | ---- | C] () -- C:\Users\Computer\Desktop\Phaeno_001_IMGP1957_20110731.jpg
[2011.08.01 11:21:33 | 000,408,759 | ---- | C] () -- C:\Users\Computer\Desktop\Phaeno_001_IMGP1972_20110731.jpg
[2011.08.01 10:50:29 | 000,426,578 | ---- | C] () -- C:\Users\Computer\Desktop\20110731-IMGP1947-2.jpg
[2011.08.01 01:18:04 | 000,478,844 | ---- | C] () -- C:\Users\Computer\Desktop\20110731-IMGP1947.jpg
[2011.07.31 00:39:06 | 000,007,035 | ---- | C] () -- C:\Users\Computer\Desktop\IMGP0626.xmp
[2011.07.30 11:28:36 | 000,405,650 | ---- | C] () -- C:\Users\Computer\Desktop\20110730-IMGP1519.jpg
[2011.07.30 11:07:15 | 000,213,083 | ---- | C] () -- C:\Users\Computer\Desktop\Export_006_IMGP1519_20110730.jpg
[2011.07.30 01:39:34 | 000,319,659 | ---- | C] () -- C:\Users\Computer\Desktop\Export_006_IMGP1519_20110730 (2).jpg
[2011.07.30 01:39:21 | 006,649,303 | ---- | C] () -- C:\Users\Computer\Desktop\Export_002_IMGP1504_20110729-2.jpg
[2011.07.29 00:05:05 | 000,037,456 | ---- | C] () -- C:\Windows\SysNative\drivers\hotcore3.sys
[2011.07.29 00:05:04 | 000,002,276 | ---- | C] () -- C:\Users\Public\Desktop\Paragon Backup & Recovery™ 2011 Free.lnk
[2011.07.28 11:38:25 | 000,001,909 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011.07.26 11:30:26 | 004,716,232 | ---- | C] () -- C:\Users\Computer\Desktop\IMGP1221-2.JPG
[2011.07.26 11:29:00 | 000,090,509 | ---- | C] () -- C:\Users\Computer\Desktop\IMGP1188-2.JPG
[2011.07.26 11:28:02 | 000,001,724 | ---- | C] () -- C:\Users\Computer\Desktop\HotPixels.lnk
[2011.07.25 15:38:18 | 002,561,558 | ---- | C] () -- C:\Users\Computer\Desktop\IMGP1221.JPG
[2011.07.23 22:50:51 | 000,113,775 | ---- | C] () -- C:\Users\Computer\Desktop\IMGP1188.jpg
[2011.07.23 14:16:56 | 003,678,678 | ---- | C] () -- C:\Users\Computer\Desktop\5693666945_0fb1f70557_o.jpg
[2011.07.22 19:10:21 | 000,002,447 | ---- | C] () -- C:\Users\Computer\Desktop\SD Formatter.lnk
[2011.07.21 11:23:58 | 002,304,627 | ---- | C] () -- C:\Users\Computer\Desktop\Safaga 2011-06-011.jpg
[2011.07.20 16:05:02 | 010,259,169 | ---- | C] () -- C:\Users\Computer\Desktop\IMGP0626.PEF
[2011.07.20 16:04:55 | 010,366,862 | ---- | C] () -- C:\Users\Computer\Desktop\IMGP0774.PEF
[2011.07.20 16:04:44 | 010,218,958 | ---- | C] () -- C:\Users\Computer\Desktop\IMGP0849.PEF
[2011.07.20 16:04:25 | 010,519,950 | ---- | C] () -- C:\Users\Computer\Desktop\IMGP0941.PEF
[2011.07.20 16:04:13 | 010,386,743 | ---- | C] () -- C:\Users\Computer\Desktop\IMGP0967.PEF
[2011.07.11 15:52:57 | 000,001,757 | ---- | C] () -- C:\Users\Computer\Desktop\Photomatix Pro 4.0.2 (64-bit).lnk
[2011.07.11 11:58:34 | 000,648,329 | ---- | C] () -- C:\Users\Computer\Desktop\leva_final.jpg
[2011.07.11 11:57:11 | 000,551,727 | ---- | C] () -- C:\Users\Computer\Desktop\leva_00-2.jpg
[2011.07.11 11:52:09 | 000,602,137 | ---- | C] () -- C:\Users\Computer\Desktop\leva_00.jpg
[2011.07.11 08:53:25 | 125,760,040 | ---- | C] () -- C:\Users\Computer\Desktop\133945.flv
[2011.07.04 16:05:40 | 000,000,550 | ---- | C] () -- C:\Windows\wininit.ini
[2011.06.07 15:51:52 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.05.26 22:57:32 | 000,000,927 | ---- | C] () -- C:\Windows\posteriza.INI
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.05.22 20:41:09 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.05.22 20:41:07 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.05.05 19:47:40 | 000,000,343 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.02.02 20:26:52 | 000,000,415 | ---- | C] () -- C:\Windows\COVERE~1.INI
[2010.11.16 16:51:08 | 000,156,679 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010.07.08 11:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.12.26 11:11:14 | 000,002,045 | -H-- | C] () -- C:\Windows\SysWow64\whla32dd.dll
[2009.09.07 17:03:55 | 000,000,096 | ---- | C] () -- C:\Users\Computer\AppData\Local\fusioncache.dat
[2009.09.07 16:59:17 | 001,483,988 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.07.06 15:06:59 | 000,191,664 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2009.04.28 16:59:18 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.04.28 16:59:18 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.03.31 18:42:48 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2009.03.31 18:20:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.03.21 12:55:36 | 000,466,944 | ---- | C] () -- C:\Windows\ssndii.exe
[2009.03.16 11:43:03 | 000,044,032 | ---- | C] () -- C:\Users\Computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.16 11:27:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.03.16 11:08:48 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2009.03.16 10:59:34 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009.03.16 10:59:34 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009.03.16 10:59:32 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2009.03.16 10:59:32 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2009.03.16 10:42:19 | 000,033,780 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009.03.16 10:41:59 | 000,033,390 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.03.16 10:02:47 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.03.16 10:02:20 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2009.03.16 09:54:43 | 000,000,732 | ---- | C] () -- C:\Users\Computer\AppData\Local\d3d9caps64.dat
[2008.06.18 15:59:56 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2007.12.28 17:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2006.11.02 17:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2000.01.01 02:00:00 | 000,000,023 | RHS- | C] () -- C:\Windows\mtlid64s2.dat

========== LOP Check ==========

[2010.05.25 10:37:23 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\avidemux
[2010.11.16 17:22:19 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\BitDefender
[2010.05.25 10:25:01 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Boilsoft
[2011.04.16 01:05:22 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Cyberduck
[2009.03.17 15:38:38 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\DAEMON Tools
[2010.11.10 09:50:55 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\DAEMON Tools Lite
[2009.03.17 15:38:37 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\DAEMON Tools Pro
[2010.06.02 22:05:24 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\GrabIt
[2009.11.29 21:13:03 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\gtk-2.0
[2011.07.09 22:56:03 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\HD Tune Pro
[2011.01.16 15:39:38 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\HDRsoft
[2011.08.04 14:56:44 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\ICQ
[2009.10.02 20:32:07 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Inkscape
[2010.07.01 16:41:47 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\kikin
[2009.10.24 22:59:06 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\MP3toiPodAudioBookConverter
[2011.04.23 18:01:21 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\NCH Swift Sound
[2010.06.30 17:28:46 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\OCS
[2010.10.04 21:10:28 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\OpenOffice.org
[2010.06.30 17:28:52 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Opera
[2011.05.22 20:41:06 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\PunkBuster
[2009.04.08 11:58:18 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\QIP
[2010.11.16 17:14:09 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\QuickScan
[2009.03.31 18:22:34 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Red Kawa
[2009.06.18 10:25:13 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Teleca
[2010.09.08 14:40:30 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Thunderbird
[2010.07.15 17:23:17 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Ubisoft
[2011.04.16 00:44:06 | 000,000,000 | -HSD | M] -- C:\Users\Computer\AppData\Roaming\wyUpdate AU
[2011.08.04 11:26:01 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.07.03 18:17:48 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Adobe
[2009.03.17 17:53:23 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Ahead
[2009.11.13 13:29:10 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Apple Computer
[2009.03.16 11:28:09 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\ATI
[2010.05.25 10:37:23 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\avidemux
[2010.11.16 17:22:19 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\BitDefender
[2010.05.25 10:25:01 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Boilsoft
[2011.04.16 01:05:22 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Cyberduck
[2009.03.17 15:38:38 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\DAEMON Tools
[2010.11.10 09:50:55 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\DAEMON Tools Lite
[2009.03.17 15:38:37 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\DAEMON Tools Pro
[2009.09.03 17:30:08 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Download Manager
[2011.07.05 20:50:57 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\dvdcss
[2010.11.11 20:07:33 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\FastStone
[2010.06.02 22:05:24 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\GrabIt
[2009.11.29 21:13:03 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\gtk-2.0
[2011.07.09 22:56:03 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\HD Tune Pro
[2011.01.16 15:39:38 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\HDRsoft
[2011.08.04 14:56:44 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\ICQ
[2009.03.16 09:54:48 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Identities
[2009.10.02 20:32:07 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Inkscape
[2010.07.01 16:41:47 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\kikin
[2009.03.16 12:20:49 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Macromedia
[2011.08.04 01:52:31 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Malwarebytes
[2006.11.02 17:06:33 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Media Center Programs
[2011.05.03 20:32:38 | 000,000,000 | --SD | M] -- C:\Users\Computer\AppData\Roaming\Microsoft
[2009.03.16 11:48:39 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Mozilla
[2009.10.24 22:59:06 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\MP3toiPodAudioBookConverter
[2011.04.23 18:01:21 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\NCH Swift Sound
[2010.06.30 17:28:46 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\OCS
[2010.10.04 21:10:28 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\OpenOffice.org
[2010.06.30 17:28:52 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Opera
[2011.05.22 20:41:06 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\PunkBuster
[2009.04.08 11:58:18 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\QIP
[2010.11.16 17:14:09 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\QuickScan
[2009.03.31 18:22:34 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Red Kawa
[2010.02.02 16:27:03 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Roxio
[2009.12.25 10:16:29 | 000,000,000 | RH-D | M] -- C:\Users\Computer\AppData\Roaming\SecuROM
[2011.05.08 12:12:52 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Sony Corporation
[2009.06.18 08:13:47 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Sony Ericsson
[2009.03.20 16:31:58 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Talkback
[2009.06.18 10:25:13 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Teleca
[2010.09.08 14:40:30 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Thunderbird
[2010.07.15 17:23:17 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Ubisoft
[2011.05.22 21:28:29 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\vlc
[2009.03.16 12:01:25 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\WinRAR
[2011.04.16 00:44:06 | 000,000,000 | -HSD | M] -- C:\Users\Computer\AppData\Roaming\wyUpdate AU

< %APPDATA%\*.exe /s >
[2011.04.04 22:06:12 | 000,010,134 | R--- | M] () -- C:\Users\Computer\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\Foren.exe
[2011.04.04 22:06:12 | 000,000,766 | R--- | M] () -- C:\Users\Computer\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\htmledit.exe
[2010.11.24 17:50:11 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Computer\AppData\Roaming\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe
[2010.06.07 20:36:10 | 000,119,808 | R--- | M] () -- C:\Users\Computer\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
[2009.03.16 11:09:15 | 000,009,158 | R--- | M] () -- C:\Users\Computer\AppData\Roaming\Microsoft\Installer\{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}\ARPPRODUCTICON.exe
[2011.06.23 12:06:34 | 000,168,816 | ---- | M] (kikin) -- C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\ep4t8tlo.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\platform\WINNT\components\KikinCrashReporter.exe
[2011.06.23 12:06:28 | 000,576,880 | ---- | M] (kikin) -- C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\ep4t8tlo.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\platform\WINNT\components\KikinHelper.exe
[2010.06.30 17:28:46 | 000,106,496 | ---- | M] (OCS) -- C:\Users\Computer\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2010.06.30 17:28:46 | 000,040,960 | ---- | M] () -- C:\Users\Computer\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
[2011.02.24 17:07:45 | 000,835,440 | R--- | M] () -- C:\Users\Computer\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe

< %SYSTEMDRIVE%\*.exe >
[2007.03.12 19:59:00 | 000,299,008 | ---- | M] () -- C:\navigram_register.exe


< MD5 for: AGP440.SYS >
[2006.11.02 14:03:16 | 000,062,056 | ---- | M] () MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.19 01:09:10 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.01.19 01:07:48 | 000,022,584 | ---- | M] () MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\SysNative\drivers\atapi.sys
[2008.01.19 01:07:48 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008.01.09 03:52:57 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=3927EB6EBFC77BA93481F440221D5252 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_371e04d9dcfdf69e\atapi.sys
[2008.01.09 03:52:56 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=48021EB810BF8FB6EBFA4569B95AAD5F -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_380123c8f5d8000c\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] () MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2011.02.23 18:07:38 | 000,007,840 | ---- | M] () MD5=701074DC5B0399CCE49A8E1A4D4EF88C -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll

< MD5 for: IASTORV.SYS >
[2008.01.19 01:11:32 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
[2006.11.02 13:51:48 | 000,280,680 | ---- | M] () MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows\SysNative\drivers\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008.01.19 01:03:02 | 000,716,800 | ---- | M] () MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\SysNative\netlogon.dll
[2008.01.19 01:03:02 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f43b1d27cd0ab4\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
[2006.11.02 13:18:47 | 000,684,032 | ---- | M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f90caf36c48b9\netlogon.dll

< MD5 for: NVGTS.SYS >
[2009.07.22 19:13:14 | 000,145,440 | ---- | M] (NVIDIA Corporation) MD5=34EDF99EE707D9C6EA64761555811B5C -- C:\Users\Computer\Desktop\10.07.11\Boot Camp\Drivers\NVidia\NVidiaChipsetXP\IDE\WinXP\sata_ide\nvgts.sys
[2009.07.22 19:13:14 | 000,145,440 | ---- | M] (NVIDIA Corporation) MD5=DA4C9704B1007B4376F6C25056E7AE59 -- C:\Users\Computer\Desktop\10.07.11\Boot Camp\Drivers\NVidia\NVidiaChipsetXP\IDE\WinXP\sataraid\nvgts.sys

< MD5 for: NVSTOR.SYS >
[2006.11.02 14:02:51 | 000,048,232 | ---- | M] () MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.19 01:08:52 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2009.07.22 19:13:08 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=1199B2052F7861C1D39C2318E70904C9 -- C:\Users\Computer\Desktop\10.07.11\Boot Camp\Drivers\NVidia\NVidiaChipsetVista32\IDE\WinVista\sata_ide\nvstor32.sys
[2009.07.22 19:13:08 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=17E55BACBE90B0E97A2219B4B67A6011 -- C:\Users\Computer\Desktop\10.07.11\Boot Camp\Drivers\NVidia\NVidiaChipsetVista32\IDE\WinVista\sataraid\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2006.11.02 13:19:09 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_91f5bbe3948dcf74\scecli.dll
[2008.01.19 01:03:56 | 000,235,520 | ---- | M] () MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\SysNative\scecli.dll
[2008.01.19 01:03:56 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_9c4a6635c8ee916f\scecli.dll

< MD5 for: USER32.DLL >
[2006.11.02 11:44:25 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=00B53DCA0408CCD8F6BAF13994F6E3A0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_3174f01b5d2fa18f\user32.dll
[2007.07.14 02:23:35 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=296BA70E2A302E639CBD9E2A32DC65C4 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_31ad02315d0545af\user32.dll
[2008.01.19 00:32:20 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\SysWOW64\user32.dll
[2008.01.19 00:32:20 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2007.07.14 02:23:36 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=437C1C0CB2A42EA20083F21E9CAEF461 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_32359eb27623cc22\user32.dll
[2007.07.14 02:23:36 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=707CD582A4F93DB789336A5CE9527970 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_275857df28a483b4\user32.dll
[2006.11.02 13:19:10 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=95D5555CC7BD8F520996E35D36491EEF -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_272045c928cedf94\user32.dll
[2007.07.14 02:23:36 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=E4E3ED1E0D1D8C33A9C94ABEA1C8BC96 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_27e0f46041c30a27\user32.dll
[2008.01.19 01:04:24 | 000,820,224 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2008.01.19 01:04:24 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll

< MD5 for: USERINIT.EXE >
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2006.11.02 13:16:15 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=46D5B6B80E4A5997F508F938F96B7628 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_3610939d8d22586d\userinit.exe
[2008.01.19 01:00:42 | 000,028,160 | ---- | M] () MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.19 01:00:42 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WININIT.EXE >
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.19 01:00:46 | 000,123,904 | ---- | M] () MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.19 01:00:46 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
[2006.11.02 13:16:20 | 000,122,368 | ---- | M] (Microsoft Corporation) MD5=6F92CE5B50283B0C0A7A539ED552039A -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_8ada9256bfc30704\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2008.01.19 01:00:46 | 000,406,016 | ---- | M] () MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SysNative\winlogon.exe
[2008.01.19 01:00:46 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2006.11.02 13:16:20 | 000,397,312 | ---- | M] (Microsoft Corporation) MD5=9642EED809219A2F914DD8E40A09C48B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_c9aada9e9063dc57\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe
[2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2008.01.18 23:37:48 | 000,020,992 | ---- | M] () MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.18 23:37:48 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
[2006.11.02 11:47:52 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=C4EE49DB7EADC812DBC0ECCF2E7FB929 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_a96e7a5c834006a3\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< >

< End of report >

Alt 04.08.2011, 14:40   #9
PamBam
 
BKA Trojaner - Standard

BKA Trojaner



Jetzt wars doppelt drin

Alt 04.08.2011, 15:50   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - Standard

BKA Trojaner



Rel. unauffällig. Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.08.2011, 16:08   #11
PamBam
 
BKA Trojaner - Standard

BKA Trojaner



Eigene Dateien und Verknüpfungen scheinen in Ordnung zu sein.

2011/08/04 17:05:39.0287 3004 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/04 17:05:39.0435 3004 ================================================================================
2011/08/04 17:05:39.0435 3004 SystemInfo:
2011/08/04 17:05:39.0435 3004
2011/08/04 17:05:39.0436 3004 OS Version: 6.0.6001 ServicePack: 1.0
2011/08/04 17:05:39.0436 3004 Product type: Workstation
2011/08/04 17:05:39.0436 3004 ComputerName: COMPUTER
2011/08/04 17:05:39.0436 3004 UserName: Computer
2011/08/04 17:05:39.0436 3004 Windows directory: C:\Windows
2011/08/04 17:05:39.0436 3004 System windows directory: C:\Windows
2011/08/04 17:05:39.0436 3004 Running under WOW64
2011/08/04 17:05:39.0436 3004 Processor architecture: Intel x64
2011/08/04 17:05:39.0436 3004 Number of processors: 2
2011/08/04 17:05:39.0436 3004 Page size: 0x1000
2011/08/04 17:05:39.0436 3004 Boot type: Normal boot
2011/08/04 17:05:39.0436 3004 ================================================================================
2011/08/04 17:05:41.0508 3004 Initialize success
2011/08/04 17:05:44.0169 4712 ================================================================================
2011/08/04 17:05:44.0169 4712 Scan started
2011/08/04 17:05:44.0169 4712 Mode: Manual;
2011/08/04 17:05:44.0169 4712 ================================================================================
2011/08/04 17:05:45.0479 4712 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
2011/08/04 17:05:45.0544 4712 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
2011/08/04 17:05:45.0606 4712 adp94xx (9137451d37ba1c325cd6c2def3d2d692) C:\Windows\system32\drivers\adp94xx.sys
2011/08/04 17:05:45.0634 4712 adpahci (01f80898df5cc7df19b3b11351846263) C:\Windows\system32\drivers\adpahci.sys
2011/08/04 17:05:45.0659 4712 adpu160m (da001db13fff45dfe9109936e265b7cc) C:\Windows\system32\drivers\adpu160m.sys
2011/08/04 17:05:45.0680 4712 adpu320 (2b10c35c5b7c5c0c28f572e035319602) C:\Windows\system32\drivers\adpu320.sys
2011/08/04 17:05:45.0735 4712 AFD (db37041ab857abc7e179e856d8e1582c) C:\Windows\system32\drivers\afd.sys
2011/08/04 17:05:45.0764 4712 agp440 (5ccdd13bc602ae33cd8b62d33c29ab72) C:\Windows\system32\drivers\agp440.sys
2011/08/04 17:05:45.0785 4712 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/08/04 17:05:45.0823 4712 aliide (bfe5e136edc48f8ed2386639ca3bc687) C:\Windows\system32\drivers\aliide.sys
2011/08/04 17:05:45.0846 4712 amdide (9c5c3109e07c8a9f5d63f4c6171b9587) C:\Windows\system32\drivers\amdide.sys
2011/08/04 17:05:45.0862 4712 AmdK8 (de55dc52f7ceb89a967572d6b491ada2) C:\Windows\system32\drivers\amdk8.sys
2011/08/04 17:05:46.0053 4712 amdkmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/04 17:05:46.0298 4712 amdkmdap (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/08/04 17:05:46.0371 4712 arc (2e8623f2fed998a97129a3db919551c8) C:\Windows\system32\drivers\arc.sys
2011/08/04 17:05:46.0468 4712 arcsas (741a003c041a3ec480a2e71af71e9654) C:\Windows\system32\drivers\arcsas.sys
2011/08/04 17:05:46.0523 4712 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/04 17:05:46.0563 4712 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
2011/08/04 17:05:46.0625 4712 AtiHdmiService (6831c91c74afc9f1d88e1cccabada12b) C:\Windows\system32\drivers\AtiHdmi.sys
2011/08/04 17:05:46.0781 4712 atikmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/04 17:05:46.0911 4712 avc3 (d6ad5a019a914616c7a702c00149283a) C:\Windows\system32\DRIVERS\avc3.sys
2011/08/04 17:05:46.0988 4712 avckf (4598404e09f7bc80c53100c560b8c67e) C:\Windows\system32\DRIVERS\avckf.sys
2011/08/04 17:05:47.0040 4712 avmeject (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys
2011/08/04 17:05:47.0072 4712 BDFM (57a812537b752e2b0409576120183e4f) C:\Windows\system32\DRIVERS\bdfm.sys
2011/08/04 17:05:47.0113 4712 bdfsfltr (66116e0a4da8407ff7f2aaace52b8b54) C:\Windows\system32\DRIVERS\bdfsfltr.sys
2011/08/04 17:05:47.0263 4712 Bdftdif (27464666d1048910aeb7777638917c20) C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
2011/08/04 17:05:47.0376 4712 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/04 17:05:47.0408 4712 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/04 17:05:47.0423 4712 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/08/04 17:05:47.0465 4712 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/08/04 17:05:47.0482 4712 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/08/04 17:05:47.0498 4712 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/04 17:05:47.0514 4712 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/08/04 17:05:47.0530 4712 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/08/04 17:05:47.0547 4712 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/04 17:05:47.0602 4712 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/04 17:05:47.0624 4712 circlass (f28f00596824058bc61d5edf434c9b82) C:\Windows\system32\drivers\circlass.sys
2011/08/04 17:05:47.0649 4712 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys
2011/08/04 17:05:47.0706 4712 cmdide (689630948f770d4462b04b69d28cd5a1) C:\Windows\system32\drivers\cmdide.sys
2011/08/04 17:05:47.0723 4712 Compbatt (0e77a445640bf310817f60941c50560c) C:\Windows\system32\drivers\compbatt.sys
2011/08/04 17:05:47.0815 4712 crcdisk (b1192dcd5b9cf46beed0e2a9e5bcf59a) C:\Windows\system32\drivers\crcdisk.sys
2011/08/04 17:05:47.0865 4712 CSC (a25e4dd707714da07fe1febf1dc91d86) C:\Windows\system32\drivers\csc.sys
2011/08/04 17:05:47.0910 4712 DfsC (bd4acc56e477ad7419cbe90fceeb621b) C:\Windows\system32\Drivers\dfsc.sys
2011/08/04 17:05:47.0950 4712 DgiVecp (cfbb4907c7542180b5e0282301240006) C:\Windows\system32\Drivers\DgiVecp.sys
2011/08/04 17:05:48.0050 4712 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
2011/08/04 17:05:48.0111 4712 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/08/04 17:05:48.0159 4712 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/04 17:05:48.0229 4712 E1G60 (d57fe09b575545738a73a0c193d0616a) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/08/04 17:05:48.0270 4712 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
2011/08/04 17:05:48.0326 4712 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/08/04 17:05:48.0346 4712 elxstor (3d6298aff3fe06c0616ce5d090a3eeaa) C:\Windows\system32\drivers\elxstor.sys
2011/08/04 17:05:48.0392 4712 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
2011/08/04 17:05:48.0424 4712 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
2011/08/04 17:05:48.0456 4712 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/04 17:05:48.0498 4712 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/08/04 17:05:48.0514 4712 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/08/04 17:05:48.0568 4712 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/04 17:05:48.0598 4712 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
2011/08/04 17:05:48.0623 4712 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/04 17:05:48.0640 4712 fvevol (5cd88ce69bc24e5cfc0edcfc338b79e1) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/04 17:05:48.0748 4712 FWLANUSB (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys
2011/08/04 17:05:48.0778 4712 gagp30kx (b54520cc7b4b55134d7527b1cd3fc1f2) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/04 17:05:48.0807 4712 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/04 17:05:48.0863 4712 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/08/04 17:05:48.0904 4712 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/04 17:05:48.0920 4712 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/08/04 17:05:48.0936 4712 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/08/04 17:05:48.0983 4712 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/04 17:05:49.0025 4712 hotcore3 (ddf58c2e16527073fef370edfe970745) C:\Windows\system32\DRIVERS\hotcore3.sys
2011/08/04 17:05:49.0050 4712 HpCISSs (8edc820115df1e04763b2923676ea5b2) C:\Windows\system32\drivers\hpcisss.sys
2011/08/04 17:05:49.0086 4712 HTTP (7c39506bc3be2b77b7671bb320fdb736) C:\Windows\system32\drivers\HTTP.sys
2011/08/04 17:05:49.0118 4712 i2omp (f2901763845570ecac48e6a50ec50812) C:\Windows\system32\drivers\i2omp.sys
2011/08/04 17:05:49.0145 4712 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/04 17:05:49.0174 4712 iaStorV (72c3ee7ea3cd75a772e62ae0e5df8b8c) C:\Windows\system32\drivers\iastorv.sys
2011/08/04 17:05:49.0226 4712 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/08/04 17:05:49.0288 4712 IntcAzAudAddService (ffc65872f4b0a1075b2ab16c676a4aec) C:\Windows\system32\drivers\RTKVHD64.sys
2011/08/04 17:05:49.0356 4712 intelide (d61a91bc967937ec9ca81632bc12593e) C:\Windows\system32\drivers\intelide.sys
2011/08/04 17:05:49.0384 4712 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/04 17:05:49.0414 4712 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/04 17:05:49.0448 4712 IPMIDRV (eacdbbe429c6d170bdeee0effcbc317b) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/04 17:05:49.0465 4712 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/04 17:05:49.0489 4712 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/08/04 17:05:49.0521 4712 isapnp (d3bb520b31f28c1a065cd058e762ee73) C:\Windows\system32\drivers\isapnp.sys
2011/08/04 17:05:49.0565 4712 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/04 17:05:49.0603 4712 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/08/04 17:05:49.0635 4712 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/08/04 17:05:49.0672 4712 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/04 17:05:49.0745 4712 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/04 17:05:49.0889 4712 KeyMagic (cd8f342e5b262a6e347d710289cab25d) C:\Windows\system32\DRIVERS\KeyMagic.sys
2011/08/04 17:05:49.0934 4712 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/04 17:05:49.0984 4712 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/08/04 17:05:50.0024 4712 L1E (4180e9d6e51516371afc369f7e8f6652) C:\Windows\system32\DRIVERS\L1E60x64.sys
2011/08/04 17:05:50.0073 4712 libusb0 (020dfdb1927c996c990e70ed86cfdb06) C:\Windows\system32\DRIVERS\libusb0.sys
2011/08/04 17:05:50.0122 4712 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/04 17:05:50.0148 4712 LSI_FC (1572f8d999c0ab4376afdce058a78df9) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/04 17:05:50.0171 4712 LSI_SAS (64470979c3e3c9ff60edfb5230c56e0e) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/04 17:05:50.0192 4712 LSI_SCSI (4ced7d3b54bfc5bbae75c4a73c7f7428) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/04 17:05:50.0215 4712 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/08/04 17:05:50.0258 4712 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
2011/08/04 17:05:50.0280 4712 megasas (2f631c2939d5f2e8958935ee701d70d7) C:\Windows\system32\drivers\megasas.sys
2011/08/04 17:05:50.0311 4712 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/08/04 17:05:50.0337 4712 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/04 17:05:50.0363 4712 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/04 17:05:50.0379 4712 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/04 17:05:50.0437 4712 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/08/04 17:05:50.0513 4712 mpio (ed48eac719ee28db773359eb1b06e2b5) C:\Windows\system32\drivers\mpio.sys
2011/08/04 17:05:50.0553 4712 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/04 17:05:50.0573 4712 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/04 17:05:50.0599 4712 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
2011/08/04 17:05:50.0624 4712 mrxsmb (8e01ed1d845b0dac094a9be50d426187) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/04 17:05:50.0667 4712 mrxsmb10 (fbe643c568f40e6cc386e549013aec99) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/04 17:05:50.0687 4712 mrxsmb20 (168da84ebf8afbc6e8f8ee229cc6dc9f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/04 17:05:50.0731 4712 msahci (76c23e046b185cd3b5f232445031a359) C:\Windows\system32\drivers\msahci.sys
2011/08/04 17:05:50.0788 4712 msdsm (96d7c0a1b98434c6e4ff0c2e26a0e20a) C:\Windows\system32\drivers\msdsm.sys
2011/08/04 17:05:50.0841 4712 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/08/04 17:05:50.0872 4712 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/08/04 17:05:50.0903 4712 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/04 17:05:50.0999 4712 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/04 17:05:51.0014 4712 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/08/04 17:05:51.0048 4712 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
2011/08/04 17:05:51.0088 4712 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/04 17:05:51.0104 4712 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/08/04 17:05:51.0146 4712 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/08/04 17:05:51.0161 4712 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
2011/08/04 17:05:51.0182 4712 mv61xx (e884fd7fb31bc82041aab75be5c81eef) C:\Windows\system32\DRIVERS\mv61xx.sys
2011/08/04 17:05:51.0231 4712 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/04 17:05:51.0288 4712 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys
2011/08/04 17:05:51.0335 4712 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/04 17:05:51.0353 4712 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/04 17:05:51.0373 4712 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/04 17:05:51.0393 4712 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/08/04 17:05:51.0442 4712 Netaapl (307bc83250fc8e3b2878d81e7d760299) C:\Windows\system32\DRIVERS\netaapl64.sys
2011/08/04 17:05:51.0458 4712 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/04 17:05:51.0484 4712 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/04 17:05:51.0517 4712 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/08/04 17:05:51.0558 4712 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
2011/08/04 17:05:51.0583 4712 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/04 17:05:51.0642 4712 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
2011/08/04 17:05:51.0696 4712 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/08/04 17:05:51.0712 4712 nvraid (840eeb44dc49317a6161961f7682cd99) C:\Windows\system32\drivers\nvraid.sys
2011/08/04 17:05:51.0729 4712 nvstor (94c5334040a5d500897f4c5fd12aeede) C:\Windows\system32\drivers\nvstor.sys
2011/08/04 17:05:51.0746 4712 nv_agp (aa1b6c86a4763502e20b65c025f39bad) C:\Windows\system32\drivers\nv_agp.sys
2011/08/04 17:05:51.0823 4712 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/04 17:05:51.0859 4712 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/08/04 17:05:51.0889 4712 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
2011/08/04 17:05:51.0921 4712 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
2011/08/04 17:05:51.0964 4712 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2011/08/04 17:05:51.0999 4712 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/08/04 17:05:52.0031 4712 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/08/04 17:05:52.0199 4712 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/04 17:05:52.0216 4712 Processor (6bc78e5f12cbb74e7930aaaa4a0db387) C:\Windows\system32\drivers\processr.sys
2011/08/04 17:05:52.0269 4712 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/04 17:05:52.0302 4712 ql2300 (4a29d25704917161bad9b4659a248dfd) C:\Windows\system32\drivers\ql2300.sys
2011/08/04 17:05:52.0456 4712 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/08/04 17:05:52.0492 4712 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/04 17:05:52.0524 4712 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/04 17:05:52.0556 4712 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/04 17:05:52.0587 4712 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/04 17:05:52.0616 4712 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/04 17:05:52.0655 4712 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/04 17:05:52.0694 4712 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/04 17:05:52.0755 4712 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/08/04 17:05:52.0775 4712 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/04 17:05:52.0798 4712 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
2011/08/04 17:05:52.0893 4712 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
2011/08/04 17:05:52.0939 4712 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/04 17:05:52.0960 4712 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/08/04 17:05:53.0019 4712 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/04 17:05:53.0061 4712 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/04 17:05:53.0084 4712 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
2011/08/04 17:05:53.0111 4712 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/08/04 17:05:53.0145 4712 sffdisk (18c056b109da7cd823bfae223818eb2e) C:\Windows\system32\drivers\sffdisk.sys
2011/08/04 17:05:53.0160 4712 sffp_mmc (b387781ea1a47bbe08a6e4cbd82f9790) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/04 17:05:53.0176 4712 sffp_sd (4e6b82359dfbd84e914b4d01256ef3bf) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/04 17:05:53.0194 4712 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/08/04 17:05:53.0284 4712 SiSRaid2 (08dda16573fa44f8b13afe74597ad2e5) C:\Windows\system32\drivers\sisraid2.sys
2011/08/04 17:05:53.0301 4712 SiSRaid4 (c52259e9daaf3890d572d87ffee0979e) C:\Windows\system32\drivers\sisraid4.sys
2011/08/04 17:05:53.0346 4712 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
2011/08/04 17:05:53.0396 4712 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
2011/08/04 17:05:53.0453 4712 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/08/04 17:05:53.0453 4712 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/08/04 17:05:53.0458 4712 sptd - detected LockedFile.Multi.Generic (1)
2011/08/04 17:05:53.0502 4712 srv (fc9862dc5e67a6eb31e75feb43c64916) C:\Windows\system32\DRIVERS\srv.sys
2011/08/04 17:05:53.0550 4712 srv2 (56e686e35fce7a1931eb05c226bbae81) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/04 17:05:53.0589 4712 srvnet (4d0858b640cdbcba671c5439a8ef45cb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/04 17:05:53.0645 4712 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
2011/08/04 17:05:53.0681 4712 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/04 17:05:53.0716 4712 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/08/04 17:05:53.0743 4712 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/08/04 17:05:53.0764 4712 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/08/04 17:05:53.0808 4712 tbhsd (380aa9606d56e3c7d05fbf3655ec64ea) C:\Windows\system32\drivers\tbhsd.sys
2011/08/04 17:05:53.0861 4712 Tcpip (3bcd46be9988b09d3510a0ef54f0d65b) C:\Windows\system32\drivers\tcpip.sys
2011/08/04 17:05:53.0933 4712 Tcpip6 (3bcd46be9988b09d3510a0ef54f0d65b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/04 17:05:53.0976 4712 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/04 17:05:54.0013 4712 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/08/04 17:05:54.0036 4712 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/08/04 17:05:54.0062 4712 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/04 17:05:54.0098 4712 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/04 17:05:54.0147 4712 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/04 17:05:54.0173 4712 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/04 17:05:54.0198 4712 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/04 17:05:54.0225 4712 uagp35 (e4722dfbd6232acf17543ef2c2dce8d2) C:\Windows\system32\drivers\uagp35.sys
2011/08/04 17:05:54.0261 4712 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/04 17:05:54.0332 4712 UimBus (49b13845f0dbe39b47fc91dc46b2170a) C:\Windows\system32\DRIVERS\uimx64.sys
2011/08/04 17:05:54.0430 4712 Uim_IM (dd46bec773c011eaa5e502c43a73a1cc) C:\Windows\system32\Drivers\Uim_IMx64.sys
2011/08/04 17:05:54.0468 4712 uliagpkx (5663d7696abbe71f8c9d915c5374118a) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/04 17:05:54.0497 4712 uliahci (6030b68e86a30d1b315b51c4d7778b16) C:\Windows\system32\drivers\uliahci.sys
2011/08/04 17:05:54.0530 4712 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/08/04 17:05:54.0557 4712 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/08/04 17:05:54.0614 4712 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/04 17:05:54.0674 4712 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
2011/08/04 17:05:54.0704 4712 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/04 17:05:54.0734 4712 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/08/04 17:05:54.0780 4712 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/04 17:05:54.0818 4712 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/04 17:05:54.0843 4712 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/08/04 17:05:54.0860 4712 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
2011/08/04 17:05:54.0885 4712 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/04 17:05:54.0907 4712 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/04 17:05:54.0948 4712 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/04 17:05:54.0993 4712 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/08/04 17:05:55.0028 4712 viaide (9978da36ff889a28b590e74bf11b4764) C:\Windows\system32\drivers\viaide.sys
2011/08/04 17:05:55.0065 4712 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
2011/08/04 17:05:55.0093 4712 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
2011/08/04 17:05:55.0136 4712 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
2011/08/04 17:05:55.0171 4712 vsmraid (410ae2c141142c58bc617fc2c677f8b0) C:\Windows\system32\drivers\vsmraid.sys
2011/08/04 17:05:55.0209 4712 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/08/04 17:05:55.0246 4712 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/04 17:05:55.0267 4712 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/04 17:05:55.0302 4712 Wd (59b501b0a04c9672142b7ffa2bdbf663) C:\Windows\system32\drivers\wd.sys
2011/08/04 17:05:55.0351 4712 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/04 17:05:55.0453 4712 WmiAcpi (ae34218455d5dc12d1e45de85f160346) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/04 17:05:55.0557 4712 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/04 17:05:55.0607 4712 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/04 17:05:55.0658 4712 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/04 17:05:55.0720 4712 zebrbus (9284028ce534910467b83a5ed80b9a32) C:\Windows\system32\DRIVERS\zebrbus.sys
2011/08/04 17:05:55.0774 4712 zebrceb (0ce6a2593fcd0d5ba4241706a03e5a2c) C:\Windows\system32\DRIVERS\zebrceb.sys
2011/08/04 17:05:55.0822 4712 zebrmdfl (d5bdf3689b845629fe1df8b19411c365) C:\Windows\system32\DRIVERS\zebrmdfl.sys
2011/08/04 17:05:55.0846 4712 zebrmdm (5edfd1c634e9371f2f5e4fdfd438ebf1) C:\Windows\system32\DRIVERS\zebrmdm.sys
2011/08/04 17:05:55.0884 4712 zebrmdmc (f0834018f32833c32a201b8a234784ed) C:\Windows\system32\DRIVERS\zebrmdmc.sys
2011/08/04 17:05:55.0920 4712 zebrsce (86a1da0d04dc177c0d2b3b81777b8bee) C:\Windows\system32\DRIVERS\zebrsce.sys
2011/08/04 17:05:55.0975 4712 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
2011/08/04 17:05:55.0987 4712 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/04 17:05:55.0997 4712 Boot (0x1200) (05c3bdc35d9b43c6b23d6c9cade0aece) \Device\Harddisk1\DR1\Partition0
2011/08/04 17:05:56.0024 4712 Boot (0x1200) (6bdbfe36e8ef8af3534a56d9ae61ea53) \Device\Harddisk1\DR1\Partition1
2011/08/04 17:05:56.0051 4712 Boot (0x1200) (222eb45b100c28966791751273a9d13c) \Device\Harddisk1\DR1\Partition2
2011/08/04 17:05:56.0058 4712 Boot (0x1200) (e3f5717997beb0e2ebf8cd63394a5c12) \Device\Harddisk0\DR0\Partition0
2011/08/04 17:05:56.0068 4712 Boot (0x1200) (63625431204565aabbaf30581b739c7e) \Device\Harddisk0\DR0\Partition1
2011/08/04 17:05:56.0074 4712 ================================================================================
2011/08/04 17:05:56.0074 4712 Scan finished
2011/08/04 17:05:56.0074 4712 ================================================================================
2011/08/04 17:05:56.0082 5092 Detected object count: 1
2011/08/04 17:05:56.0082 5092 Actual detected object count: 1
2011/08/04 17:06:11.0101 5092 LockedFile.Multi.Generic(sptd) - User select action: Skip

Alt 04.08.2011, 16:09   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - Standard

BKA Trojaner



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.08.2011, 16:49   #13
PamBam
 
BKA Trojaner - Standard

BKA Trojaner



Combofix ist durch, gab etliche Male die Fehlermeldung "The procedure * could not be located in the DLL VERSION.dll", am Ende gabs noch einen Fehlercode (konnte ich so schnell nicht notieren) und der Rechner ist neu gestartet.

Jetzt gehen meine Browser allesamt nicht mehr (abgesehen vom Internet Explorer)
(Fehlermeldung: Konnte nicht gestartet werden weil VERSION.dll nicht gefunden wurde)

Log ging auch nicht auf und unter C:\ liegt er auch nicht.

edit: Auch etliche andere Programme öffnen nicht mehr

Geändert von PamBam (04.08.2011 um 17:01 Uhr)

Alt 04.08.2011, 19:42   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - Standard

BKA Trojaner



Starte Windows neu - die Programme sollten danach eigentlich alle wieder funktionieren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.08.2011, 21:31   #15
PamBam
 
BKA Trojaner - Standard

BKA Trojaner



Leider nicht, selbe Fehlermeldung

Antwort

Themen zu BKA Trojaner
beseitigt, bitdefender, bka trojaner, defender, ebenfalls, gemeldet, gestern, hintergrund, kaspersky, kaspersky rescue, log, poste, rescue, rescue cd, schließe, schonmal, sichers, sicherstellen, troja, trojane, trojaner, Überreste, zugriff, zusammenhang




Zum Thema BKA Trojaner - Moin, bei mir hat gestern mittag der BKA Trojaner zugeschlagen, habe mittlerweile dank Kaspersky Rescue CD wieder Zugriff auf den Rechner. Möchte nun aber sicherstellen das auch alle Überreste beseitigt - BKA Trojaner...
Archiv
Du betrachtest: BKA Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.