|
Plagegeister aller Art und deren Bekämpfung: BKA TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.08.2011, 01:31 | #1 |
| BKA Trojaner Moin, bei mir hat gestern mittag der BKA Trojaner zugeschlagen, habe mittlerweile dank Kaspersky Rescue CD wieder Zugriff auf den Rechner. Möchte nun aber sicherstellen das auch alle Überreste beseitigt sind. Mache gerade einen Vollscan mit Malwarebytes. (Bitdefender läuft im Hintergrund und hat auch zwischendrin schonmal was im Zusammenhang mit Malwarebytes gemeldet, ist das hinderlich?) Sobald der Scan durch ist poste ich die Log, anschließend wollte ich einen Scan mit OTL machen und werde die Log ebenfalls posten. Braucht ihr fürs erste noch etwas abgesehen von den beiden Logs? Freue mich auf kompetente Hilfe Gruß PamBam |
04.08.2011, 10:53 | #2 |
| BKA Trojaner Hab Malwarebytes die ganze Nacht durchlaufen lassen, lief auch bis zum ende aber irgendwie hat das mit dem Log nicht geklappt.
__________________Soll ich jetzt einfach einen Vollscan mit OTL machen? |
04.08.2011, 11:53 | #3 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner Einfach im Reiter Logdateien von Malwarebytes mal nachsehen - alle Logs die dort sichtbar sind posten.
__________________
__________________ |
04.08.2011, 12:04 | #4 |
| BKA Trojaner Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Datenbank Version: 7367 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18828 04.08.2011 01:55:06 mbam-log-2011-08-04 (01-55-06).txt Art des Suchlaufs: Flash-Scan Durchsuchte Objekte: 134414 Laufzeit: 24 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Datenbank Version: 7367 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18828 04.08.2011 01:58:58 mbam-log-2011-08-04 (01-58-58).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 172907 Laufzeit: 3 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Datenbank Version: 7367 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18828 04.08.2011 11:24:39 mbam-log-2011-08-04 (11-24-39).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|) Durchsuchte Objekte: 482070 Laufzeit: 1 Stunde(n), 31 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Computer\Desktop\reconnect\bat\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully. |
04.08.2011, 12:59 | #5 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
04.08.2011, 14:30 | #6 |
| BKA Trojaner Da fehlt noch was, ich lade es als Textdatei hoch. edit: geht auch nicht weil zu groß, ich versuches es nochmal so. |
04.08.2011, 14:36 | #7 |
| BKA Trojaner OTL logfile created on: 04.08.2011 14:57:52 - Run 2 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Computer\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18828) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,98 Gb Available Physical Memory | 74,55% Memory free 8,21 Gb Paging File | 6,34 Gb Available in Paging File | 77,16% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 136,72 Gb Total Space | 1,24 Gb Free Space | 0,91% Space Free | Partition Type: NTFS Drive D: | 253,91 Gb Total Space | 6,93 Gb Free Space | 2,73% Space Free | Partition Type: NTFS Drive E: | 205,54 Gb Total Space | 7,13 Gb Free Space | 3,47% Space Free | Partition Type: NTFS Drive H: | 909,90 Mb Total Space | 751,26 Mb Free Space | 82,57% Space Free | Partition Type: NTFS Drive I: | 148,16 Gb Total Space | 136,49 Gb Free Space | 92,12% Space Free | Partition Type: NTFS Computer Name: COMPUTER | User Name: Computer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.08.04 02:09:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Computer\Desktop\OTL.exe PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.05.22 20:41:07 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2009.03.20 02:03:00 | 001,904,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe PRC - [2008.06.03 02:06:34 | 005,964,800 | ---- | M] () -- C:\Programme\ASUS\Six Engine\SixEngine.exe ========== Modules (SafeList) ========== MOD - [2011.08.04 02:09:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Computer\Desktop\OTL.exe MOD - [2011.04.07 16:57:57 | 000,276,992 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2011\Active Virus Control\Midas_00081_013\plugin_nt.m32 MOD - [2011.04.01 15:29:31 | 000,166,912 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2011\Active Virus Control\Midas_00081_013\plugin_extra.m32 MOD - [2011.04.01 15:29:31 | 000,089,600 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2011\Active Virus Control\Midas_00081_013\plugin_net.m32 MOD - [2011.04.01 15:29:29 | 000,657,408 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2011\Active Virus Control\Midas_00081_013\plugin_fragments.m32 MOD - [2011.04.01 15:29:29 | 000,136,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2011\Active Virus Control\Midas_00081_013\plugin_base.m32 MOD - [2011.04.01 15:29:28 | 000,232,968 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2011\Active Virus Control\Midas_00081_013\midas32.dll MOD - [2011.04.01 15:29:28 | 000,120,832 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2011\Active Virus Control\Midas_00081_013\plugin_registry.m32 MOD - [2009.12.08 21:03:42 | 000,116,224 | ---- | M] (BitDefender SRL) -- C:\Programme\BitDefender\BitDefender 2011\Active Virus Control\Midas_00081_013\leaktests.m32 MOD - [2008.01.19 00:26:36 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.07.22 16:48:25 | 002,660,624 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV) SRV:64bit: - [2011.06.03 12:37:11 | 000,053,224 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (Updatesrv) SRV:64bit: - [2011.05.25 05:03:38 | 000,204,288 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.09.03 17:40:41 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2008.01.19 01:00:54 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.05.22 20:41:07 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.02.23 18:07:32 | 000,467,248 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Programme\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server) SRV - [2010.06.30 17:28:46 | 000,040,960 | ---- | M] () [Disabled | Stopped] -- C:\Users\Computer\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.10.24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2009.09.03 17:41:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.07.16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2008.07.27 20:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.07.06 19:52:42 | 000,025,912 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.05.25 06:26:56 | 009,359,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011.05.25 06:26:56 | 009,359,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.05.25 04:25:42 | 000,309,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.04.02 09:24:56 | 000,431,176 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\bdfsfltr.sys -- (bdfsfltr) DRV:64bit: - [2011.03.28 10:52:52 | 000,053,840 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\uimx64.sys -- (UimBus) DRV:64bit: - [2011.03.28 10:52:50 | 000,528,464 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\Uim_IMx64.sys -- (Uim_IM) DRV:64bit: - [2011.03.28 10:52:48 | 000,037,456 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hotcore3.sys -- (hotcore3) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.10 08:46:40 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.06.28 13:55:44 | 001,040,976 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\avckf.sys -- (avckf) DRV:64bit: - [2010.06.28 13:55:38 | 000,692,816 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\avc3.sys -- (avc3) DRV:64bit: - [2010.05.13 17:52:08 | 000,162,896 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bdfm.sys -- (BDFM) DRV:64bit: - [2010.05.06 11:21:40 | 000,122,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.04.19 20:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.04.19 20:29:18 | 000,022,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netaapl64.sys -- (Netaapl) DRV:64bit: - [2009.07.22 10:11:20 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\KeyMagic.sys -- (KeyMagic) DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.20 02:03:00 | 000,460,800 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2009.03.20 02:03:00 | 000,014,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2009.01.23 10:49:08 | 000,046,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd) DRV:64bit: - [2008.06.30 19:28:00 | 000,056,320 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E) DRV:64bit: - [2008.06.24 00:21:32 | 000,173,096 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\mv61xx.sys -- (mv61xx) DRV:64bit: - [2008.01.18 23:47:14 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2008.01.15 10:42:24 | 000,120,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zebrsce.sys -- (zebrsce) DRV:64bit: - [2008.01.15 10:42:22 | 000,145,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zebrmdmc.sys -- (zebrmdmc) Sony Ericsson mRouter Port (WDM) DRV:64bit: - [2008.01.15 10:42:22 | 000,145,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zebrmdm.sys -- (zebrmdm) Sony Ericsson Port (WDM) DRV:64bit: - [2008.01.15 10:42:22 | 000,018,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zebrmdfl.sys -- (zebrmdfl) DRV:64bit: - [2008.01.15 10:42:20 | 000,108,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zebrbus.sys -- (zebrbus) DRV:64bit: - [2008.01.15 10:42:20 | 000,081,280 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\zebrceb.sys -- (zebrceb) Sony Ericsson Cable Emulation Bus (WDM) DRV:64bit: - [2007.03.20 11:33:28 | 000,016,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\libusb0.sys -- (libusb0) DRV:64bit: - [2007.01.04 08:09:50 | 000,011,576 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\SSPORT.sys -- (SSPORT) DRV:64bit: - [2007.01.04 08:09:48 | 000,054,072 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\Drivers\DgiVecp.sys -- (DgiVecp) DRV:64bit: - [2006.11.01 01:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor) DRV:64bit: - [2006.09.18 23:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs) DRV - [2010.11.16 17:54:13 | 000,115,280 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (Bdftdif) DRV - [2010.05.24 00:14:23 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64) DRV - [2009.05.08 16:54:44 | 000,007,168 | ---- | M] (MPlayer <hxxp://svn.mplayerhq.hu/mplayer/trunk/vidix/dhahelperwin/>) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\dhahelper.sys -- (DhaHelper) DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs) DRV - [2007.02.07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan) DRV - [2004.05.17 23:04:16 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\DGIVECP.SYS -- (DgiVecp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: tabflick@xuldev.org:0.3.8 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8 FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0 FF - prefs.js..keyword.URL: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDAPHFFEXT\ [2011.06.30 15:40:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2011.06.30 15:40:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.30 15:23:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.30 15:23:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.07.28 11:38:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.06.29 19:53:35 | 000,000,000 | ---D | M] [2010.09.08 14:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Extensions [2010.09.08 14:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.08.04 11:30:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\ep4t8tlo.default\extensions [2011.07.01 18:09:58 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\ep4t8tlo.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2009.04.05 10:07:12 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\ep4t8tlo.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2009.03.16 11:48:38 | 000,000,000 | ---D | M] (Comfortbar) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\ep4t8tlo.default\extensions\comfort@bar [2011.02.16 18:31:10 | 000,009,837 | ---- | M] () -- C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\ep4t8tlo.default\searchplugins\ddl-search-v2.xml [2010.06.30 17:28:52 | 000,001,834 | ---- | M] () -- C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\ep4t8tlo.default\searchplugins\{AE533855-2E54-40CA-AD4D-8742D6F5ADCA}.xml [2010.06.30 17:28:52 | 000,002,152 | ---- | M] () -- C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\ep4t8tlo.default\searchplugins\{CDE2FABF-4F9D-458E-9ECB-AA394A73A992}.xml [2011.06.30 15:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.03.22 23:18:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.11 00:49:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} File not found (No name found) -- [2011.06.30 15:40:43 | 000,000,000 | ---D | M] ("BitDefender Antiphishing Toolbar") -- C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDAPHFFEXT () (No name found) -- C:\USERS\COMPUTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EP4T8TLO.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI () (No name found) -- C:\USERS\COMPUTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EP4T8TLO.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\COMPUTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EP4T8TLO.DEFAULT\EXTENSIONS\TABFLICK@XULDEV.ORG.XPI [2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.07.03 17:59:50 | 000,403,959 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 im.adtech.de O1 - Hosts: 127.0.0.1 adserver.adtech.de O1 - Hosts: 127.0.0.1 adtech.de O1 - Hosts: 127.0.0.1 atwola.com O1 - Hosts: 127.0.0.1 adserver.71i.de O1 - Hosts: 127.0.0.1 adicqserver.71i.de O1 - Hosts: 127.0.0.1 71i.de O1 - Hosts: 127.0.0.1 007guard.com - 007guard and Free Antivirus O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 Free Spyware | Avast | Unzip Zip Files | Script Editor | Vim Scouring Powder at 0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 13975 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O3:64bit: - HKLM\..\Toolbar: (Bitdefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.) O3 - HKLM\..\Toolbar: (Bitdefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2011\Antispam32\ietoolbar.dll (BitDefender S.R.L.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v911/Navigram.cab (Reg Error: Key error.) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab (DLM Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll () O24 - Desktop WallPaper: C:\Users\Computer\Desktop\5693666945_0fb1f70557_o.jpg O24 - Desktop BackupWallPaper: C:\Users\Computer\Desktop\5693666945_0fb1f70557_o.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3a88f456-7640-11e0-89a2-001f3f03a36a}\Shell\AutoRun\command - "" = J:\PMBP_Win.exe O33 - MountPoints2\{93ca2895-ec96-11df-87ab-001f3f03a36a}\Shell - "" = AutoRun O33 - MountPoints2\{93ca2895-ec96-11df-87ab-001f3f03a36a}\Shell\AutoRun\command - "" = G:\start.exe O33 - MountPoints2\{e6f52c89-5cf5-11e0-b968-001f3f03a36a}\Shell - "" = AutoRun O33 - MountPoints2\{e6f52c89-5cf5-11e0-b968-001f3f03a36a}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{e776e7e1-5055-11de-ab8d-002215950fa6}\Shell - "" = AutoRun O33 - MountPoints2\{e776e7e1-5055-11de-ab8d-002215950fa6}\Shell\AutoRun\command - "" = H:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll () MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Air Mouse.lnk - C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe - () MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: BitDefender Antiphishing Helper - hkey= - key= - C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.) MsConfig:64bit - StartUpReg: ccleaner - hkey= - key= - C:\Program Files (x86)\CCleaner\CCleaner.exe (Piriform Ltd) MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - File not found MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: LGODDFU - hkey= - key= - C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader) MsConfig:64bit - StartUpReg: mRouterConfig - hkey= - key= - C:\Program Files (x86)\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe (Intuwave Ltd.) MsConfig:64bit - StartUpReg: Ocs_SM - hkey= - key= - C:\Users\Computer\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) MsConfig:64bit - StartUpReg: PC Suite for Smartphones - hkey= - key= - C:\Program Files (x86)\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe () MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RAVCpl64.exe (Realtek Semiconductor) MsConfig:64bit - StartUpReg: Samsung Common SM - hkey= - key= - C:\Windows\Samsung\ComSMMgr\ssmmgr.exe (Samsung Electronics.) MsConfig:64bit - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found MsConfig:64bit - StartUpReg: TBPanel - hkey= - key= - C:\Program Files (x86)\Vtune ATI\TBPanel.exe () MsConfig:64bit - StartUpReg: WindowsWelcomeCenter - hkey= - key= - File not found MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll () SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll () SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {25A0F77B-B2D8-9545-C1DE-A8970BB56833} - Microsoft Windows Media Player ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {9869180F-5826-D05A-1388-AD250B96B0C7} - Themes Setup ActiveX:64bit: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297) ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm () Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org) |
04.08.2011, 14:39 | #8 |
| BKA Trojaner CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.08.04 02:09:34 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Computer\Desktop\OTL.exe [2011.08.04 01:52:31 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\Malwarebytes [2011.08.04 01:52:12 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.08.04 01:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.08.04 01:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.08.04 01:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.08.04 01:51:33 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Computer\Desktop\mbam-setup-1.51.1.1800.exe [2011.07.29 18:39:17 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\Ruths Geburtstagsfeier 2011-07-24 [2011.07.29 00:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\backup [2011.07.29 00:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\explauncher [2011.07.29 00:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher [2011.07.29 00:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup & Recovery™ 2011 Free [2011.07.29 00:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paragon Software [2011.07.28 11:47:51 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\Games [2011.07.27 23:47:54 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\Lightroom_Export [2011.07.26 11:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mediachance [2011.07.26 11:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HotPixels [2011.07.25 15:37:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E0AA18F2-09D6-4397-AE90-02E435694681} [2011.07.25 15:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Topaz Labs [2011.07.25 15:37:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\{7313A1C0-A06F-4C38-B9ED-E538350C744F} [2011.07.25 15:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Topaz Labs [2011.07.25 15:37:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Topaz Labs [2011.07.25 15:37:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Topaz Labs [2011.07.25 15:37:03 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\PackageAware [2011.07.22 19:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SDA [2011.07.22 19:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SD Formatter [2011.07.22 18:35:30 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\Fotos Sicherung 22.07.11 [2011.07.22 18:33:28 | 000,418,816 | ---- | C] (c't Magazin für Computertechnik) -- C:\Users\Computer\Desktop\h2testw.exe [2011.07.14 16:12:46 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\DSLR 14-07-2011 [2011.07.10 19:56:44 | 000,000,000 | -HSD | C] -- C:\Users\Computer\wc [2011.07.10 19:51:38 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\10.07.11 [2011.07.09 22:56:03 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\HD Tune Pro [2011.07.09 22:55:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro [2011.07.09 22:55:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune Pro [2011.07.09 22:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune [2011.07.09 22:45:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune [2011.07.07 18:55:01 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\Ü-Band - Wieder mal Sommer Teil 1 [7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.08.04 14:56:20 | 001,482,714 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.08.04 14:56:20 | 000,642,482 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.08.04 14:56:20 | 000,607,470 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.08.04 14:56:20 | 000,131,828 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.08.04 14:56:20 | 000,108,742 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.08.04 14:51:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.04 13:27:34 | 000,003,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.04 13:27:34 | 000,003,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.04 11:27:30 | 4293,967,872 | -HS- | M] () -- C:\hiberfil.sys [2011.08.04 02:09:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Computer\Desktop\OTL.exe [2011.08.04 01:59:09 | 000,000,466 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2011.08.04 01:52:13 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.04 01:51:43 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Computer\Desktop\mbam-setup-1.51.1.1800.exe [2011.08.04 01:30:26 | 003,108,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.08.03 14:12:34 | 000,000,680 | ---- | M] () -- C:\Users\Computer\AppData\Local\d3d9caps.dat [2011.08.02 12:46:47 | 006,458,990 | ---- | M] () -- C:\Users\Computer\Desktop\xg-m.pdf [2011.08.02 12:39:48 | 000,019,011 | ---- | M] () -- C:\Users\Computer\lightroom kifghtscribe.lsl [2011.08.02 11:32:56 | 000,014,766 | ---- | M] () -- C:\Users\Computer\Desktop\lightroom.jpg [2011.08.01 12:12:49 | 000,312,719 | ---- | M] () -- C:\Users\Computer\Desktop\Phaeno_001_IMGP1957_20110731.jpg [2011.08.01 11:21:33 | 000,408,759 | ---- | M] () -- C:\Users\Computer\Desktop\Phaeno_001_IMGP1972_20110731.jpg [2011.08.01 10:50:29 | 000,426,578 | ---- | M] () -- C:\Users\Computer\Desktop\20110731-IMGP1947-2.jpg [2011.08.01 01:35:31 | 000,478,844 | ---- | M] () -- C:\Users\Computer\Desktop\20110731-IMGP1947.jpg [2011.07.31 00:39:06 | 000,007,035 | ---- | M] () -- C:\Users\Computer\Desktop\IMGP0626.xmp [2011.07.30 11:28:36 | 000,405,650 | ---- | M] () -- C:\Users\Computer\Desktop\20110730-IMGP1519.jpg [2011.07.30 11:10:16 | 000,319,659 | ---- | M] () -- C:\Users\Computer\Desktop\Export_006_IMGP1519_20110730 (2).jpg [2011.07.30 01:53:30 | 000,213,083 | ---- | M] () -- C:\Users\Computer\Desktop\Export_006_IMGP1519_20110730.jpg [2011.07.30 01:39:25 | 006,649,303 | ---- | M] () -- C:\Users\Computer\Desktop\Export_002_IMGP1504_20110729-2.jpg [2011.07.29 14:18:32 | 000,044,032 | ---- | M] () -- C:\Users\Computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.29 00:05:04 | 000,002,276 | ---- | M] () -- C:\Users\Public\Desktop\Paragon Backup & Recovery™ 2011 Free.lnk [2011.07.26 11:30:28 | 004,716,232 | ---- | M] () -- C:\Users\Computer\Desktop\IMGP1221-2.JPG [2011.07.26 11:29:03 | 000,090,509 | ---- | M] () -- C:\Users\Computer\Desktop\IMGP1188-2.JPG [2011.07.26 11:28:02 | 000,001,724 | ---- | M] () -- C:\Users\Computer\Desktop\HotPixels.lnk [2011.07.24 14:01:32 | 002,561,558 | ---- | M] () -- C:\Users\Computer\Desktop\IMGP1221.JPG [2011.07.23 22:50:53 | 000,113,775 | ---- | M] () -- C:\Users\Computer\Desktop\IMGP1188.jpg [2011.07.23 14:16:57 | 003,678,678 | ---- | M] () -- C:\Users\Computer\Desktop\5693666945_0fb1f70557_o.jpg [2011.07.22 19:14:04 | 000,002,447 | ---- | M] () -- C:\Users\Computer\Desktop\SD Formatter.lnk [2011.07.21 11:24:03 | 002,304,627 | ---- | M] () -- C:\Users\Computer\Desktop\Safaga 2011-06-011.jpg [2011.07.20 16:05:02 | 010,259,169 | ---- | M] () -- C:\Users\Computer\Desktop\IMGP0626.PEF [2011.07.20 16:04:55 | 010,366,862 | ---- | M] () -- C:\Users\Computer\Desktop\IMGP0774.PEF [2011.07.20 16:04:45 | 010,218,958 | ---- | M] () -- C:\Users\Computer\Desktop\IMGP0849.PEF [2011.07.20 16:04:26 | 010,519,950 | ---- | M] () -- C:\Users\Computer\Desktop\IMGP0941.PEF [2011.07.20 16:04:22 | 010,386,743 | ---- | M] () -- C:\Users\Computer\Desktop\IMGP0967.PEF [2011.07.11 15:52:57 | 000,001,757 | ---- | M] () -- C:\Users\Computer\Desktop\Photomatix Pro 4.0.2 (64-bit).lnk [2011.07.11 11:58:34 | 000,648,329 | ---- | M] () -- C:\Users\Computer\Desktop\leva_final.jpg [2011.07.11 11:57:11 | 000,551,727 | ---- | M] () -- C:\Users\Computer\Desktop\leva_00-2.jpg [2011.07.11 11:52:10 | 000,602,137 | ---- | M] () -- C:\Users\Computer\Desktop\leva_00.jpg [2011.07.07 18:33:54 | 445,798,119 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.07.06 19:52:42 | 000,025,912 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys [7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.08.04 01:59:09 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.08.04 01:52:13 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.04 01:52:07 | 000,025,912 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys [2011.08.04 01:29:21 | 4293,967,872 | -HS- | C] () -- C:\hiberfil.sys [2011.08.03 14:12:34 | 000,000,680 | ---- | C] () -- C:\Users\Computer\AppData\Local\d3d9caps.dat [2011.08.02 12:46:47 | 006,458,990 | ---- | C] () -- C:\Users\Computer\Desktop\xg-m.pdf [2011.08.02 12:39:48 | 000,019,011 | ---- | C] () -- C:\Users\Computer\lightroom kifghtscribe.lsl [2011.08.02 11:32:54 | 000,014,766 | ---- | C] () -- C:\Users\Computer\Desktop\lightroom.jpg [2011.08.01 12:12:49 | 000,312,719 | ---- | C] () -- C:\Users\Computer\Desktop\Phaeno_001_IMGP1957_20110731.jpg [2011.08.01 11:21:33 | 000,408,759 | ---- | C] () -- C:\Users\Computer\Desktop\Phaeno_001_IMGP1972_20110731.jpg [2011.08.01 10:50:29 | 000,426,578 | ---- | C] () -- C:\Users\Computer\Desktop\20110731-IMGP1947-2.jpg [2011.08.01 01:18:04 | 000,478,844 | ---- | C] () -- C:\Users\Computer\Desktop\20110731-IMGP1947.jpg [2011.07.31 00:39:06 | 000,007,035 | ---- | C] () -- C:\Users\Computer\Desktop\IMGP0626.xmp [2011.07.30 11:28:36 | 000,405,650 | ---- | C] () -- C:\Users\Computer\Desktop\20110730-IMGP1519.jpg [2011.07.30 11:07:15 | 000,213,083 | ---- | C] () -- C:\Users\Computer\Desktop\Export_006_IMGP1519_20110730.jpg [2011.07.30 01:39:34 | 000,319,659 | ---- | C] () -- C:\Users\Computer\Desktop\Export_006_IMGP1519_20110730 (2).jpg [2011.07.30 01:39:21 | 006,649,303 | ---- | C] () -- C:\Users\Computer\Desktop\Export_002_IMGP1504_20110729-2.jpg [2011.07.29 00:05:05 | 000,037,456 | ---- | C] () -- C:\Windows\SysNative\drivers\hotcore3.sys [2011.07.29 00:05:04 | 000,002,276 | ---- | C] () -- C:\Users\Public\Desktop\Paragon Backup & Recovery™ 2011 Free.lnk [2011.07.28 11:38:25 | 000,001,909 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2011.07.26 11:30:26 | 004,716,232 | ---- | C] () -- C:\Users\Computer\Desktop\IMGP1221-2.JPG [2011.07.26 11:29:00 | 000,090,509 | ---- | C] () -- C:\Users\Computer\Desktop\IMGP1188-2.JPG [2011.07.26 11:28:02 | 000,001,724 | ---- | C] () -- C:\Users\Computer\Desktop\HotPixels.lnk [2011.07.25 15:38:18 | 002,561,558 | ---- | C] () -- C:\Users\Computer\Desktop\IMGP1221.JPG [2011.07.23 22:50:51 | 000,113,775 | ---- | C] () -- C:\Users\Computer\Desktop\IMGP1188.jpg [2011.07.23 14:16:56 | 003,678,678 | ---- | C] () -- C:\Users\Computer\Desktop\5693666945_0fb1f70557_o.jpg [2011.07.22 19:10:21 | 000,002,447 | ---- | C] () -- C:\Users\Computer\Desktop\SD Formatter.lnk [2011.07.21 11:23:58 | 002,304,627 | ---- | C] () -- C:\Users\Computer\Desktop\Safaga 2011-06-011.jpg [2011.07.20 16:05:02 | 010,259,169 | ---- | C] () -- C:\Users\Computer\Desktop\IMGP0626.PEF [2011.07.20 16:04:55 | 010,366,862 | ---- | C] () -- C:\Users\Computer\Desktop\IMGP0774.PEF [2011.07.20 16:04:44 | 010,218,958 | ---- | C] () -- C:\Users\Computer\Desktop\IMGP0849.PEF [2011.07.20 16:04:25 | 010,519,950 | ---- | C] () -- C:\Users\Computer\Desktop\IMGP0941.PEF [2011.07.20 16:04:13 | 010,386,743 | ---- | C] () -- C:\Users\Computer\Desktop\IMGP0967.PEF [2011.07.11 15:52:57 | 000,001,757 | ---- | C] () -- C:\Users\Computer\Desktop\Photomatix Pro 4.0.2 (64-bit).lnk [2011.07.11 11:58:34 | 000,648,329 | ---- | C] () -- C:\Users\Computer\Desktop\leva_final.jpg [2011.07.11 11:57:11 | 000,551,727 | ---- | C] () -- C:\Users\Computer\Desktop\leva_00-2.jpg [2011.07.11 11:52:09 | 000,602,137 | ---- | C] () -- C:\Users\Computer\Desktop\leva_00.jpg [2011.07.11 08:53:25 | 125,760,040 | ---- | C] () -- C:\Users\Computer\Desktop\133945.flv [2011.07.04 16:05:40 | 000,000,550 | ---- | C] () -- C:\Windows\wininit.ini [2011.06.07 15:51:52 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.05.26 22:57:32 | 000,000,927 | ---- | C] () -- C:\Windows\posteriza.INI [2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.05.22 20:41:09 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.05.22 20:41:07 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.05.05 19:47:40 | 000,000,343 | ---- | C] () -- C:\Windows\lgfwup.ini [2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.02.02 20:26:52 | 000,000,415 | ---- | C] () -- C:\Windows\COVERE~1.INI [2010.11.16 16:51:08 | 000,156,679 | ---- | C] () -- C:\ProgramData\bdinstall.bin [2010.07.08 11:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.12.26 11:11:14 | 000,002,045 | -H-- | C] () -- C:\Windows\SysWow64\whla32dd.dll [2009.09.07 17:03:55 | 000,000,096 | ---- | C] () -- C:\Users\Computer\AppData\Local\fusioncache.dat [2009.09.07 16:59:17 | 001,483,988 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.07.06 15:06:59 | 000,191,664 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2009.04.28 16:59:18 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009.04.28 16:59:18 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2009.03.31 18:42:48 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2009.03.31 18:20:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.03.21 12:55:36 | 000,466,944 | ---- | C] () -- C:\Windows\ssndii.exe [2009.03.16 11:43:03 | 000,044,032 | ---- | C] () -- C:\Users\Computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.03.16 11:27:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.03.16 11:08:48 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat [2009.03.16 10:59:34 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2009.03.16 10:59:34 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2009.03.16 10:59:32 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2009.03.16 10:59:32 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2009.03.16 10:42:19 | 000,033,780 | ---- | C] () -- C:\Windows\Ascd_log.ini [2009.03.16 10:41:59 | 000,033,390 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2009.03.16 10:02:47 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.03.16 10:02:20 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2009.03.16 09:54:43 | 000,000,732 | ---- | C] () -- C:\Users\Computer\AppData\Local\d3d9caps64.dat [2008.06.18 15:59:56 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2007.12.28 17:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2006.11.02 17:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2000.01.01 02:00:00 | 000,000,023 | RHS- | C] () -- C:\Windows\mtlid64s2.dat ========== LOP Check ========== [2010.05.25 10:37:23 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\avidemux [2010.11.16 17:22:19 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\BitDefender [2010.05.25 10:25:01 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Boilsoft [2011.04.16 01:05:22 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Cyberduck [2009.03.17 15:38:38 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\DAEMON Tools [2010.11.10 09:50:55 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\DAEMON Tools Lite [2009.03.17 15:38:37 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\DAEMON Tools Pro [2010.06.02 22:05:24 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\GrabIt [2009.11.29 21:13:03 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\gtk-2.0 [2011.07.09 22:56:03 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\HD Tune Pro [2011.01.16 15:39:38 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\HDRsoft [2011.08.04 14:56:44 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\ICQ [2009.10.02 20:32:07 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Inkscape [2010.07.01 16:41:47 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\kikin [2009.10.24 22:59:06 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\MP3toiPodAudioBookConverter [2011.04.23 18:01:21 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\NCH Swift Sound [2010.06.30 17:28:46 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\OCS [2010.10.04 21:10:28 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\OpenOffice.org [2010.06.30 17:28:52 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Opera [2011.05.22 20:41:06 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\PunkBuster [2009.04.08 11:58:18 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\QIP [2010.11.16 17:14:09 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\QuickScan [2009.03.31 18:22:34 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Red Kawa [2009.06.18 10:25:13 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Teleca [2010.09.08 14:40:30 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Thunderbird [2010.07.15 17:23:17 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Ubisoft [2011.04.16 00:44:06 | 000,000,000 | -HSD | M] -- C:\Users\Computer\AppData\Roaming\wyUpdate AU [2011.08.04 11:26:01 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.07.03 18:17:48 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Adobe [2009.03.17 17:53:23 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Ahead [2009.11.13 13:29:10 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Apple Computer [2009.03.16 11:28:09 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\ATI [2010.05.25 10:37:23 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\avidemux [2010.11.16 17:22:19 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\BitDefender [2010.05.25 10:25:01 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Boilsoft [2011.04.16 01:05:22 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Cyberduck [2009.03.17 15:38:38 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\DAEMON Tools [2010.11.10 09:50:55 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\DAEMON Tools Lite [2009.03.17 15:38:37 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\DAEMON Tools Pro [2009.09.03 17:30:08 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Download Manager [2011.07.05 20:50:57 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\dvdcss [2010.11.11 20:07:33 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\FastStone [2010.06.02 22:05:24 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\GrabIt [2009.11.29 21:13:03 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\gtk-2.0 [2011.07.09 22:56:03 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\HD Tune Pro [2011.01.16 15:39:38 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\HDRsoft [2011.08.04 14:56:44 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\ICQ [2009.03.16 09:54:48 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Identities [2009.10.02 20:32:07 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Inkscape [2010.07.01 16:41:47 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\kikin [2009.03.16 12:20:49 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Macromedia [2011.08.04 01:52:31 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Malwarebytes [2006.11.02 17:06:33 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Media Center Programs [2011.05.03 20:32:38 | 000,000,000 | --SD | M] -- C:\Users\Computer\AppData\Roaming\Microsoft [2009.03.16 11:48:39 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Mozilla [2009.10.24 22:59:06 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\MP3toiPodAudioBookConverter [2011.04.23 18:01:21 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\NCH Swift Sound [2010.06.30 17:28:46 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\OCS [2010.10.04 21:10:28 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\OpenOffice.org [2010.06.30 17:28:52 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Opera [2011.05.22 20:41:06 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\PunkBuster [2009.04.08 11:58:18 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\QIP [2010.11.16 17:14:09 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\QuickScan [2009.03.31 18:22:34 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Red Kawa [2010.02.02 16:27:03 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Roxio [2009.12.25 10:16:29 | 000,000,000 | RH-D | M] -- C:\Users\Computer\AppData\Roaming\SecuROM [2011.05.08 12:12:52 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Sony Corporation [2009.06.18 08:13:47 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Sony Ericsson [2009.03.20 16:31:58 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Talkback [2009.06.18 10:25:13 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Teleca [2010.09.08 14:40:30 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Thunderbird [2010.07.15 17:23:17 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Ubisoft [2011.05.22 21:28:29 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\vlc [2009.03.16 12:01:25 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\WinRAR [2011.04.16 00:44:06 | 000,000,000 | -HSD | M] -- C:\Users\Computer\AppData\Roaming\wyUpdate AU < %APPDATA%\*.exe /s > [2011.04.04 22:06:12 | 000,010,134 | R--- | M] () -- C:\Users\Computer\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\Foren.exe [2011.04.04 22:06:12 | 000,000,766 | R--- | M] () -- C:\Users\Computer\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\htmledit.exe [2010.11.24 17:50:11 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Computer\AppData\Roaming\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe [2010.06.07 20:36:10 | 000,119,808 | R--- | M] () -- C:\Users\Computer\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe [2009.03.16 11:09:15 | 000,009,158 | R--- | M] () -- C:\Users\Computer\AppData\Roaming\Microsoft\Installer\{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}\ARPPRODUCTICON.exe [2011.06.23 12:06:34 | 000,168,816 | ---- | M] (kikin) -- C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\ep4t8tlo.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\platform\WINNT\components\KikinCrashReporter.exe [2011.06.23 12:06:28 | 000,576,880 | ---- | M] (kikin) -- C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\ep4t8tlo.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\platform\WINNT\components\KikinHelper.exe [2010.06.30 17:28:46 | 000,106,496 | ---- | M] (OCS) -- C:\Users\Computer\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [2010.06.30 17:28:46 | 000,040,960 | ---- | M] () -- C:\Users\Computer\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2011.02.24 17:07:45 | 000,835,440 | R--- | M] () -- C:\Users\Computer\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe < %SYSTEMDRIVE%\*.exe > [2007.03.12 19:59:00 | 000,299,008 | ---- | M] () -- C:\navigram_register.exe < MD5 for: AGP440.SYS > [2006.11.02 14:03:16 | 000,062,056 | ---- | M] () MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows\SysNative\drivers\AGP440.sys [2008.01.19 01:09:10 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys < MD5 for: ATAPI.SYS > [2008.01.19 01:07:48 | 000,022,584 | ---- | M] () MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\SysNative\drivers\atapi.sys [2008.01.19 01:07:48 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2008.01.09 03:52:57 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=3927EB6EBFC77BA93481F440221D5252 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_371e04d9dcfdf69e\atapi.sys [2008.01.09 03:52:56 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=48021EB810BF8FB6EBFA4569B95AAD5F -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_380123c8f5d8000c\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 13:16:48 | 000,014,848 | ---- | M] () MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll [2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2011.02.23 18:07:38 | 000,007,840 | ---- | M] () MD5=701074DC5B0399CCE49A8E1A4D4EF88C -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll < MD5 for: IASTORV.SYS > [2008.01.19 01:11:32 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys [2006.11.02 13:51:48 | 000,280,680 | ---- | M] () MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows\SysNative\drivers\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.01.19 01:03:02 | 000,716,800 | ---- | M] () MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\SysNative\netlogon.dll [2008.01.19 01:03:02 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f43b1d27cd0ab4\netlogon.dll [2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll [2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll [2006.11.02 13:18:47 | 000,684,032 | ---- | M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f90caf36c48b9\netlogon.dll < MD5 for: NVGTS.SYS > [2009.07.22 19:13:14 | 000,145,440 | ---- | M] (NVIDIA Corporation) MD5=34EDF99EE707D9C6EA64761555811B5C -- C:\Users\Computer\Desktop\10.07.11\Boot Camp\Drivers\NVidia\NVidiaChipsetXP\IDE\WinXP\sata_ide\nvgts.sys [2009.07.22 19:13:14 | 000,145,440 | ---- | M] (NVIDIA Corporation) MD5=DA4C9704B1007B4376F6C25056E7AE59 -- C:\Users\Computer\Desktop\10.07.11\Boot Camp\Drivers\NVidia\NVidiaChipsetXP\IDE\WinXP\sataraid\nvgts.sys < MD5 for: NVSTOR.SYS > [2006.11.02 14:02:51 | 000,048,232 | ---- | M] () MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows\SysNative\drivers\nvstor.sys [2008.01.19 01:08:52 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: NVSTOR32.SYS > [2009.07.22 19:13:08 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=1199B2052F7861C1D39C2318E70904C9 -- C:\Users\Computer\Desktop\10.07.11\Boot Camp\Drivers\NVidia\NVidiaChipsetVista32\IDE\WinVista\sata_ide\nvstor32.sys [2009.07.22 19:13:08 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=17E55BACBE90B0E97A2219B4B67A6011 -- C:\Users\Computer\Desktop\10.07.11\Boot Camp\Drivers\NVidia\NVidiaChipsetVista32\IDE\WinVista\sataraid\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll [2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2006.11.02 13:19:09 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_91f5bbe3948dcf74\scecli.dll [2008.01.19 01:03:56 | 000,235,520 | ---- | M] () MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\SysNative\scecli.dll [2008.01.19 01:03:56 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_9c4a6635c8ee916f\scecli.dll < MD5 for: USER32.DLL > [2006.11.02 11:44:25 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=00B53DCA0408CCD8F6BAF13994F6E3A0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_3174f01b5d2fa18f\user32.dll [2007.07.14 02:23:35 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=296BA70E2A302E639CBD9E2A32DC65C4 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_31ad02315d0545af\user32.dll [2008.01.19 00:32:20 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\SysWOW64\user32.dll [2008.01.19 00:32:20 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll [2007.07.14 02:23:36 | 000,646,656 | ---- | M] (Microsoft Corporation) MD5=437C1C0CB2A42EA20083F21E9CAEF461 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_32359eb27623cc22\user32.dll [2007.07.14 02:23:36 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=707CD582A4F93DB789336A5CE9527970 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_275857df28a483b4\user32.dll [2006.11.02 13:19:10 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=95D5555CC7BD8F520996E35D36491EEF -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_272045c928cedf94\user32.dll [2007.07.14 02:23:36 | 000,810,496 | ---- | M] (Microsoft Corporation) MD5=E4E3ED1E0D1D8C33A9C94ABEA1C8BC96 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_27e0f46041c30a27\user32.dll [2008.01.19 01:04:24 | 000,820,224 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll [2008.01.19 01:04:24 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe [2006.11.02 13:16:15 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=46D5B6B80E4A5997F508F938F96B7628 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_3610939d8d22586d\userinit.exe [2008.01.19 01:00:42 | 000,028,160 | ---- | M] () MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.19 01:00:42 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe [2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2008.01.19 01:00:46 | 000,123,904 | ---- | M] () MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe [2008.01.19 01:00:46 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe [2006.11.02 13:16:20 | 000,122,368 | ---- | M] (Microsoft Corporation) MD5=6F92CE5B50283B0C0A7A539ED552039A -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_8ada9256bfc30704\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2008.01.19 01:00:46 | 000,406,016 | ---- | M] () MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SysNative\winlogon.exe [2008.01.19 01:00:46 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2006.11.02 13:16:20 | 000,397,312 | ---- | M] (Microsoft Corporation) MD5=9642EED809219A2F914DD8E40A09C48B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_c9aada9e9063dc57\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe [2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.18 23:37:48 | 000,020,992 | ---- | M] () MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2008.01.18 23:37:48 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys [2006.11.02 11:47:52 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=C4EE49DB7EADC812DBC0ECCF2E7FB929 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_a96e7a5c834006a3\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < > < End of report > |
04.08.2011, 14:40 | #9 |
| BKA Trojaner Jetzt wars doppelt drin |
04.08.2011, 15:50 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner Rel. unauffällig. Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
04.08.2011, 16:08 | #11 |
| BKA Trojaner Eigene Dateien und Verknüpfungen scheinen in Ordnung zu sein. 2011/08/04 17:05:39.0287 3004 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11 2011/08/04 17:05:39.0435 3004 ================================================================================ 2011/08/04 17:05:39.0435 3004 SystemInfo: 2011/08/04 17:05:39.0435 3004 2011/08/04 17:05:39.0436 3004 OS Version: 6.0.6001 ServicePack: 1.0 2011/08/04 17:05:39.0436 3004 Product type: Workstation 2011/08/04 17:05:39.0436 3004 ComputerName: COMPUTER 2011/08/04 17:05:39.0436 3004 UserName: Computer 2011/08/04 17:05:39.0436 3004 Windows directory: C:\Windows 2011/08/04 17:05:39.0436 3004 System windows directory: C:\Windows 2011/08/04 17:05:39.0436 3004 Running under WOW64 2011/08/04 17:05:39.0436 3004 Processor architecture: Intel x64 2011/08/04 17:05:39.0436 3004 Number of processors: 2 2011/08/04 17:05:39.0436 3004 Page size: 0x1000 2011/08/04 17:05:39.0436 3004 Boot type: Normal boot 2011/08/04 17:05:39.0436 3004 ================================================================================ 2011/08/04 17:05:41.0508 3004 Initialize success 2011/08/04 17:05:44.0169 4712 ================================================================================ 2011/08/04 17:05:44.0169 4712 Scan started 2011/08/04 17:05:44.0169 4712 Mode: Manual; 2011/08/04 17:05:44.0169 4712 ================================================================================ 2011/08/04 17:05:45.0479 4712 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys 2011/08/04 17:05:45.0544 4712 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys 2011/08/04 17:05:45.0606 4712 adp94xx (9137451d37ba1c325cd6c2def3d2d692) C:\Windows\system32\drivers\adp94xx.sys 2011/08/04 17:05:45.0634 4712 adpahci (01f80898df5cc7df19b3b11351846263) C:\Windows\system32\drivers\adpahci.sys 2011/08/04 17:05:45.0659 4712 adpu160m (da001db13fff45dfe9109936e265b7cc) C:\Windows\system32\drivers\adpu160m.sys 2011/08/04 17:05:45.0680 4712 adpu320 (2b10c35c5b7c5c0c28f572e035319602) C:\Windows\system32\drivers\adpu320.sys 2011/08/04 17:05:45.0735 4712 AFD (db37041ab857abc7e179e856d8e1582c) C:\Windows\system32\drivers\afd.sys 2011/08/04 17:05:45.0764 4712 agp440 (5ccdd13bc602ae33cd8b62d33c29ab72) C:\Windows\system32\drivers\agp440.sys 2011/08/04 17:05:45.0785 4712 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys 2011/08/04 17:05:45.0823 4712 aliide (bfe5e136edc48f8ed2386639ca3bc687) C:\Windows\system32\drivers\aliide.sys 2011/08/04 17:05:45.0846 4712 amdide (9c5c3109e07c8a9f5d63f4c6171b9587) C:\Windows\system32\drivers\amdide.sys 2011/08/04 17:05:45.0862 4712 AmdK8 (de55dc52f7ceb89a967572d6b491ada2) C:\Windows\system32\drivers\amdk8.sys 2011/08/04 17:05:46.0053 4712 amdkmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/08/04 17:05:46.0298 4712 amdkmdap (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys 2011/08/04 17:05:46.0371 4712 arc (2e8623f2fed998a97129a3db919551c8) C:\Windows\system32\drivers\arc.sys 2011/08/04 17:05:46.0468 4712 arcsas (741a003c041a3ec480a2e71af71e9654) C:\Windows\system32\drivers\arcsas.sys 2011/08/04 17:05:46.0523 4712 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/08/04 17:05:46.0563 4712 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys 2011/08/04 17:05:46.0625 4712 AtiHdmiService (6831c91c74afc9f1d88e1cccabada12b) C:\Windows\system32\drivers\AtiHdmi.sys 2011/08/04 17:05:46.0781 4712 atikmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/08/04 17:05:46.0911 4712 avc3 (d6ad5a019a914616c7a702c00149283a) C:\Windows\system32\DRIVERS\avc3.sys 2011/08/04 17:05:46.0988 4712 avckf (4598404e09f7bc80c53100c560b8c67e) C:\Windows\system32\DRIVERS\avckf.sys 2011/08/04 17:05:47.0040 4712 avmeject (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys 2011/08/04 17:05:47.0072 4712 BDFM (57a812537b752e2b0409576120183e4f) C:\Windows\system32\DRIVERS\bdfm.sys 2011/08/04 17:05:47.0113 4712 bdfsfltr (66116e0a4da8407ff7f2aaace52b8b54) C:\Windows\system32\DRIVERS\bdfsfltr.sys 2011/08/04 17:05:47.0263 4712 Bdftdif (27464666d1048910aeb7777638917c20) C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys 2011/08/04 17:05:47.0376 4712 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys 2011/08/04 17:05:47.0408 4712 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys 2011/08/04 17:05:47.0423 4712 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys 2011/08/04 17:05:47.0465 4712 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys 2011/08/04 17:05:47.0482 4712 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys 2011/08/04 17:05:47.0498 4712 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys 2011/08/04 17:05:47.0514 4712 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys 2011/08/04 17:05:47.0530 4712 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys 2011/08/04 17:05:47.0547 4712 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys 2011/08/04 17:05:47.0602 4712 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys 2011/08/04 17:05:47.0624 4712 circlass (f28f00596824058bc61d5edf434c9b82) C:\Windows\system32\drivers\circlass.sys 2011/08/04 17:05:47.0649 4712 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys 2011/08/04 17:05:47.0706 4712 cmdide (689630948f770d4462b04b69d28cd5a1) C:\Windows\system32\drivers\cmdide.sys 2011/08/04 17:05:47.0723 4712 Compbatt (0e77a445640bf310817f60941c50560c) C:\Windows\system32\drivers\compbatt.sys 2011/08/04 17:05:47.0815 4712 crcdisk (b1192dcd5b9cf46beed0e2a9e5bcf59a) C:\Windows\system32\drivers\crcdisk.sys 2011/08/04 17:05:47.0865 4712 CSC (a25e4dd707714da07fe1febf1dc91d86) C:\Windows\system32\drivers\csc.sys 2011/08/04 17:05:47.0910 4712 DfsC (bd4acc56e477ad7419cbe90fceeb621b) C:\Windows\system32\Drivers\dfsc.sys 2011/08/04 17:05:47.0950 4712 DgiVecp (cfbb4907c7542180b5e0282301240006) C:\Windows\system32\Drivers\DgiVecp.sys 2011/08/04 17:05:48.0050 4712 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys 2011/08/04 17:05:48.0111 4712 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys 2011/08/04 17:05:48.0159 4712 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys 2011/08/04 17:05:48.0229 4712 E1G60 (d57fe09b575545738a73a0c193d0616a) C:\Windows\system32\DRIVERS\E1G6032E.sys 2011/08/04 17:05:48.0270 4712 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys 2011/08/04 17:05:48.0326 4712 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys 2011/08/04 17:05:48.0346 4712 elxstor (3d6298aff3fe06c0616ce5d090a3eeaa) C:\Windows\system32\drivers\elxstor.sys 2011/08/04 17:05:48.0392 4712 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys 2011/08/04 17:05:48.0424 4712 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys 2011/08/04 17:05:48.0456 4712 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys 2011/08/04 17:05:48.0498 4712 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys 2011/08/04 17:05:48.0514 4712 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys 2011/08/04 17:05:48.0568 4712 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/08/04 17:05:48.0598 4712 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys 2011/08/04 17:05:48.0623 4712 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys 2011/08/04 17:05:48.0640 4712 fvevol (5cd88ce69bc24e5cfc0edcfc338b79e1) C:\Windows\system32\DRIVERS\fvevol.sys 2011/08/04 17:05:48.0748 4712 FWLANUSB (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys 2011/08/04 17:05:48.0778 4712 gagp30kx (b54520cc7b4b55134d7527b1cd3fc1f2) C:\Windows\system32\drivers\gagp30kx.sys 2011/08/04 17:05:48.0807 4712 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/08/04 17:05:48.0863 4712 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys 2011/08/04 17:05:48.0904 4712 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/08/04 17:05:48.0920 4712 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys 2011/08/04 17:05:48.0936 4712 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys 2011/08/04 17:05:48.0983 4712 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys 2011/08/04 17:05:49.0025 4712 hotcore3 (ddf58c2e16527073fef370edfe970745) C:\Windows\system32\DRIVERS\hotcore3.sys 2011/08/04 17:05:49.0050 4712 HpCISSs (8edc820115df1e04763b2923676ea5b2) C:\Windows\system32\drivers\hpcisss.sys 2011/08/04 17:05:49.0086 4712 HTTP (7c39506bc3be2b77b7671bb320fdb736) C:\Windows\system32\drivers\HTTP.sys 2011/08/04 17:05:49.0118 4712 i2omp (f2901763845570ecac48e6a50ec50812) C:\Windows\system32\drivers\i2omp.sys 2011/08/04 17:05:49.0145 4712 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/08/04 17:05:49.0174 4712 iaStorV (72c3ee7ea3cd75a772e62ae0e5df8b8c) C:\Windows\system32\drivers\iastorv.sys 2011/08/04 17:05:49.0226 4712 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys 2011/08/04 17:05:49.0288 4712 IntcAzAudAddService (ffc65872f4b0a1075b2ab16c676a4aec) C:\Windows\system32\drivers\RTKVHD64.sys 2011/08/04 17:05:49.0356 4712 intelide (d61a91bc967937ec9ca81632bc12593e) C:\Windows\system32\drivers\intelide.sys 2011/08/04 17:05:49.0384 4712 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys 2011/08/04 17:05:49.0414 4712 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/08/04 17:05:49.0448 4712 IPMIDRV (eacdbbe429c6d170bdeee0effcbc317b) C:\Windows\system32\drivers\ipmidrv.sys 2011/08/04 17:05:49.0465 4712 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys 2011/08/04 17:05:49.0489 4712 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys 2011/08/04 17:05:49.0521 4712 isapnp (d3bb520b31f28c1a065cd058e762ee73) C:\Windows\system32\drivers\isapnp.sys 2011/08/04 17:05:49.0565 4712 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/08/04 17:05:49.0603 4712 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys 2011/08/04 17:05:49.0635 4712 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys 2011/08/04 17:05:49.0672 4712 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/08/04 17:05:49.0745 4712 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/08/04 17:05:49.0889 4712 KeyMagic (cd8f342e5b262a6e347d710289cab25d) C:\Windows\system32\DRIVERS\KeyMagic.sys 2011/08/04 17:05:49.0934 4712 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys 2011/08/04 17:05:49.0984 4712 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys 2011/08/04 17:05:50.0024 4712 L1E (4180e9d6e51516371afc369f7e8f6652) C:\Windows\system32\DRIVERS\L1E60x64.sys 2011/08/04 17:05:50.0073 4712 libusb0 (020dfdb1927c996c990e70ed86cfdb06) C:\Windows\system32\DRIVERS\libusb0.sys 2011/08/04 17:05:50.0122 4712 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys 2011/08/04 17:05:50.0148 4712 LSI_FC (1572f8d999c0ab4376afdce058a78df9) C:\Windows\system32\drivers\lsi_fc.sys 2011/08/04 17:05:50.0171 4712 LSI_SAS (64470979c3e3c9ff60edfb5230c56e0e) C:\Windows\system32\drivers\lsi_sas.sys 2011/08/04 17:05:50.0192 4712 LSI_SCSI (4ced7d3b54bfc5bbae75c4a73c7f7428) C:\Windows\system32\drivers\lsi_scsi.sys 2011/08/04 17:05:50.0215 4712 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys 2011/08/04 17:05:50.0258 4712 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys 2011/08/04 17:05:50.0280 4712 megasas (2f631c2939d5f2e8958935ee701d70d7) C:\Windows\system32\drivers\megasas.sys 2011/08/04 17:05:50.0311 4712 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys 2011/08/04 17:05:50.0337 4712 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys 2011/08/04 17:05:50.0363 4712 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys 2011/08/04 17:05:50.0379 4712 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys 2011/08/04 17:05:50.0437 4712 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys 2011/08/04 17:05:50.0513 4712 mpio (ed48eac719ee28db773359eb1b06e2b5) C:\Windows\system32\drivers\mpio.sys 2011/08/04 17:05:50.0553 4712 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys 2011/08/04 17:05:50.0573 4712 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys 2011/08/04 17:05:50.0599 4712 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys 2011/08/04 17:05:50.0624 4712 mrxsmb (8e01ed1d845b0dac094a9be50d426187) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/08/04 17:05:50.0667 4712 mrxsmb10 (fbe643c568f40e6cc386e549013aec99) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/08/04 17:05:50.0687 4712 mrxsmb20 (168da84ebf8afbc6e8f8ee229cc6dc9f) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/08/04 17:05:50.0731 4712 msahci (76c23e046b185cd3b5f232445031a359) C:\Windows\system32\drivers\msahci.sys 2011/08/04 17:05:50.0788 4712 msdsm (96d7c0a1b98434c6e4ff0c2e26a0e20a) C:\Windows\system32\drivers\msdsm.sys 2011/08/04 17:05:50.0841 4712 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys 2011/08/04 17:05:50.0872 4712 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys 2011/08/04 17:05:50.0903 4712 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys 2011/08/04 17:05:50.0999 4712 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/08/04 17:05:51.0014 4712 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys 2011/08/04 17:05:51.0048 4712 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys 2011/08/04 17:05:51.0088 4712 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/08/04 17:05:51.0104 4712 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys 2011/08/04 17:05:51.0146 4712 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys 2011/08/04 17:05:51.0161 4712 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys 2011/08/04 17:05:51.0182 4712 mv61xx (e884fd7fb31bc82041aab75be5c81eef) C:\Windows\system32\DRIVERS\mv61xx.sys 2011/08/04 17:05:51.0231 4712 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys 2011/08/04 17:05:51.0288 4712 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys 2011/08/04 17:05:51.0335 4712 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/08/04 17:05:51.0353 4712 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/08/04 17:05:51.0373 4712 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/08/04 17:05:51.0393 4712 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys 2011/08/04 17:05:51.0442 4712 Netaapl (307bc83250fc8e3b2878d81e7d760299) C:\Windows\system32\DRIVERS\netaapl64.sys 2011/08/04 17:05:51.0458 4712 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys 2011/08/04 17:05:51.0484 4712 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys 2011/08/04 17:05:51.0517 4712 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys 2011/08/04 17:05:51.0558 4712 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys 2011/08/04 17:05:51.0583 4712 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys 2011/08/04 17:05:51.0642 4712 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys 2011/08/04 17:05:51.0696 4712 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys 2011/08/04 17:05:51.0712 4712 nvraid (840eeb44dc49317a6161961f7682cd99) C:\Windows\system32\drivers\nvraid.sys 2011/08/04 17:05:51.0729 4712 nvstor (94c5334040a5d500897f4c5fd12aeede) C:\Windows\system32\drivers\nvstor.sys 2011/08/04 17:05:51.0746 4712 nv_agp (aa1b6c86a4763502e20b65c025f39bad) C:\Windows\system32\drivers\nv_agp.sys 2011/08/04 17:05:51.0823 4712 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/08/04 17:05:51.0859 4712 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys 2011/08/04 17:05:51.0889 4712 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys 2011/08/04 17:05:51.0921 4712 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys 2011/08/04 17:05:51.0964 4712 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys 2011/08/04 17:05:51.0999 4712 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys 2011/08/04 17:05:52.0031 4712 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys 2011/08/04 17:05:52.0199 4712 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys 2011/08/04 17:05:52.0216 4712 Processor (6bc78e5f12cbb74e7930aaaa4a0db387) C:\Windows\system32\drivers\processr.sys 2011/08/04 17:05:52.0269 4712 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys 2011/08/04 17:05:52.0302 4712 ql2300 (4a29d25704917161bad9b4659a248dfd) C:\Windows\system32\drivers\ql2300.sys 2011/08/04 17:05:52.0456 4712 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys 2011/08/04 17:05:52.0492 4712 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys 2011/08/04 17:05:52.0524 4712 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys 2011/08/04 17:05:52.0556 4712 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/08/04 17:05:52.0587 4712 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/08/04 17:05:52.0616 4712 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys 2011/08/04 17:05:52.0655 4712 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys 2011/08/04 17:05:52.0694 4712 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/08/04 17:05:52.0755 4712 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\DRIVERS\rdpdr.sys 2011/08/04 17:05:52.0775 4712 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys 2011/08/04 17:05:52.0798 4712 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys 2011/08/04 17:05:52.0893 4712 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys 2011/08/04 17:05:52.0939 4712 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys 2011/08/04 17:05:52.0960 4712 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys 2011/08/04 17:05:53.0019 4712 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2011/08/04 17:05:53.0061 4712 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys 2011/08/04 17:05:53.0084 4712 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys 2011/08/04 17:05:53.0111 4712 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys 2011/08/04 17:05:53.0145 4712 sffdisk (18c056b109da7cd823bfae223818eb2e) C:\Windows\system32\drivers\sffdisk.sys 2011/08/04 17:05:53.0160 4712 sffp_mmc (b387781ea1a47bbe08a6e4cbd82f9790) C:\Windows\system32\drivers\sffp_mmc.sys 2011/08/04 17:05:53.0176 4712 sffp_sd (4e6b82359dfbd84e914b4d01256ef3bf) C:\Windows\system32\drivers\sffp_sd.sys 2011/08/04 17:05:53.0194 4712 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys 2011/08/04 17:05:53.0284 4712 SiSRaid2 (08dda16573fa44f8b13afe74597ad2e5) C:\Windows\system32\drivers\sisraid2.sys 2011/08/04 17:05:53.0301 4712 SiSRaid4 (c52259e9daaf3890d572d87ffee0979e) C:\Windows\system32\drivers\sisraid4.sys 2011/08/04 17:05:53.0346 4712 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys 2011/08/04 17:05:53.0396 4712 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys 2011/08/04 17:05:53.0453 4712 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys 2011/08/04 17:05:53.0453 4712 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb 2011/08/04 17:05:53.0458 4712 sptd - detected LockedFile.Multi.Generic (1) 2011/08/04 17:05:53.0502 4712 srv (fc9862dc5e67a6eb31e75feb43c64916) C:\Windows\system32\DRIVERS\srv.sys 2011/08/04 17:05:53.0550 4712 srv2 (56e686e35fce7a1931eb05c226bbae81) C:\Windows\system32\DRIVERS\srv2.sys 2011/08/04 17:05:53.0589 4712 srvnet (4d0858b640cdbcba671c5439a8ef45cb) C:\Windows\system32\DRIVERS\srvnet.sys 2011/08/04 17:05:53.0645 4712 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys 2011/08/04 17:05:53.0681 4712 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys 2011/08/04 17:05:53.0716 4712 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys 2011/08/04 17:05:53.0743 4712 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys 2011/08/04 17:05:53.0764 4712 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys 2011/08/04 17:05:53.0808 4712 tbhsd (380aa9606d56e3c7d05fbf3655ec64ea) C:\Windows\system32\drivers\tbhsd.sys 2011/08/04 17:05:53.0861 4712 Tcpip (3bcd46be9988b09d3510a0ef54f0d65b) C:\Windows\system32\drivers\tcpip.sys 2011/08/04 17:05:53.0933 4712 Tcpip6 (3bcd46be9988b09d3510a0ef54f0d65b) C:\Windows\system32\DRIVERS\tcpip.sys 2011/08/04 17:05:53.0976 4712 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys 2011/08/04 17:05:54.0013 4712 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys 2011/08/04 17:05:54.0036 4712 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys 2011/08/04 17:05:54.0062 4712 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys 2011/08/04 17:05:54.0098 4712 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys 2011/08/04 17:05:54.0147 4712 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/08/04 17:05:54.0173 4712 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys 2011/08/04 17:05:54.0198 4712 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys 2011/08/04 17:05:54.0225 4712 uagp35 (e4722dfbd6232acf17543ef2c2dce8d2) C:\Windows\system32\drivers\uagp35.sys 2011/08/04 17:05:54.0261 4712 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys 2011/08/04 17:05:54.0332 4712 UimBus (49b13845f0dbe39b47fc91dc46b2170a) C:\Windows\system32\DRIVERS\uimx64.sys 2011/08/04 17:05:54.0430 4712 Uim_IM (dd46bec773c011eaa5e502c43a73a1cc) C:\Windows\system32\Drivers\Uim_IMx64.sys 2011/08/04 17:05:54.0468 4712 uliagpkx (5663d7696abbe71f8c9d915c5374118a) C:\Windows\system32\drivers\uliagpkx.sys 2011/08/04 17:05:54.0497 4712 uliahci (6030b68e86a30d1b315b51c4d7778b16) C:\Windows\system32\drivers\uliahci.sys 2011/08/04 17:05:54.0530 4712 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys 2011/08/04 17:05:54.0557 4712 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys 2011/08/04 17:05:54.0614 4712 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys 2011/08/04 17:05:54.0674 4712 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys 2011/08/04 17:05:54.0704 4712 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/08/04 17:05:54.0734 4712 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys 2011/08/04 17:05:54.0780 4712 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys 2011/08/04 17:05:54.0818 4712 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys 2011/08/04 17:05:54.0843 4712 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys 2011/08/04 17:05:54.0860 4712 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys 2011/08/04 17:05:54.0885 4712 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/08/04 17:05:54.0907 4712 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/08/04 17:05:54.0948 4712 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/08/04 17:05:54.0993 4712 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys 2011/08/04 17:05:55.0028 4712 viaide (9978da36ff889a28b590e74bf11b4764) C:\Windows\system32\drivers\viaide.sys 2011/08/04 17:05:55.0065 4712 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys 2011/08/04 17:05:55.0093 4712 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys 2011/08/04 17:05:55.0136 4712 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys 2011/08/04 17:05:55.0171 4712 vsmraid (410ae2c141142c58bc617fc2c677f8b0) C:\Windows\system32\drivers\vsmraid.sys 2011/08/04 17:05:55.0209 4712 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys 2011/08/04 17:05:55.0246 4712 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys 2011/08/04 17:05:55.0267 4712 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys 2011/08/04 17:05:55.0302 4712 Wd (59b501b0a04c9672142b7ffa2bdbf663) C:\Windows\system32\drivers\wd.sys 2011/08/04 17:05:55.0351 4712 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 2011/08/04 17:05:55.0453 4712 WmiAcpi (ae34218455d5dc12d1e45de85f160346) C:\Windows\system32\drivers\wmiacpi.sys 2011/08/04 17:05:55.0557 4712 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/08/04 17:05:55.0607 4712 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys 2011/08/04 17:05:55.0658 4712 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/08/04 17:05:55.0720 4712 zebrbus (9284028ce534910467b83a5ed80b9a32) C:\Windows\system32\DRIVERS\zebrbus.sys 2011/08/04 17:05:55.0774 4712 zebrceb (0ce6a2593fcd0d5ba4241706a03e5a2c) C:\Windows\system32\DRIVERS\zebrceb.sys 2011/08/04 17:05:55.0822 4712 zebrmdfl (d5bdf3689b845629fe1df8b19411c365) C:\Windows\system32\DRIVERS\zebrmdfl.sys 2011/08/04 17:05:55.0846 4712 zebrmdm (5edfd1c634e9371f2f5e4fdfd438ebf1) C:\Windows\system32\DRIVERS\zebrmdm.sys 2011/08/04 17:05:55.0884 4712 zebrmdmc (f0834018f32833c32a201b8a234784ed) C:\Windows\system32\DRIVERS\zebrmdmc.sys 2011/08/04 17:05:55.0920 4712 zebrsce (86a1da0d04dc177c0d2b3b81777b8bee) C:\Windows\system32\DRIVERS\zebrsce.sys 2011/08/04 17:05:55.0975 4712 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1 2011/08/04 17:05:55.0987 4712 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 2011/08/04 17:05:55.0997 4712 Boot (0x1200) (05c3bdc35d9b43c6b23d6c9cade0aece) \Device\Harddisk1\DR1\Partition0 2011/08/04 17:05:56.0024 4712 Boot (0x1200) (6bdbfe36e8ef8af3534a56d9ae61ea53) \Device\Harddisk1\DR1\Partition1 2011/08/04 17:05:56.0051 4712 Boot (0x1200) (222eb45b100c28966791751273a9d13c) \Device\Harddisk1\DR1\Partition2 2011/08/04 17:05:56.0058 4712 Boot (0x1200) (e3f5717997beb0e2ebf8cd63394a5c12) \Device\Harddisk0\DR0\Partition0 2011/08/04 17:05:56.0068 4712 Boot (0x1200) (63625431204565aabbaf30581b739c7e) \Device\Harddisk0\DR0\Partition1 2011/08/04 17:05:56.0074 4712 ================================================================================ 2011/08/04 17:05:56.0074 4712 Scan finished 2011/08/04 17:05:56.0074 4712 ================================================================================ 2011/08/04 17:05:56.0082 5092 Detected object count: 1 2011/08/04 17:05:56.0082 5092 Actual detected object count: 1 2011/08/04 17:06:11.0101 5092 LockedFile.Multi.Generic(sptd) - User select action: Skip |
04.08.2011, 16:09 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
04.08.2011, 16:49 | #13 |
| BKA Trojaner Combofix ist durch, gab etliche Male die Fehlermeldung "The procedure * could not be located in the DLL VERSION.dll", am Ende gabs noch einen Fehlercode (konnte ich so schnell nicht notieren) und der Rechner ist neu gestartet. Jetzt gehen meine Browser allesamt nicht mehr (abgesehen vom Internet Explorer) (Fehlermeldung: Konnte nicht gestartet werden weil VERSION.dll nicht gefunden wurde) Log ging auch nicht auf und unter C:\ liegt er auch nicht. edit: Auch etliche andere Programme öffnen nicht mehr Geändert von PamBam (04.08.2011 um 17:01 Uhr) |
04.08.2011, 19:42 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner Starte Windows neu - die Programme sollten danach eigentlich alle wieder funktionieren.
__________________ Logfiles bitte immer in CODE-Tags posten |
04.08.2011, 21:31 | #15 |
| BKA Trojaner Leider nicht, selbe Fehlermeldung |
Themen zu BKA Trojaner |
beseitigt, bitdefender, bka trojaner, defender, ebenfalls, gemeldet, gestern, hintergrund, kaspersky, kaspersky rescue, log, poste, rescue, rescue cd, schließe, schonmal, sichers, sicherstellen, troja, trojane, trojaner, Überreste, zugriff, zusammenhang |