Virus gefuden, wie löschen?

v1xt3 · 23.09.2011, 15:30

Ich korrigiere: Malwarebytes hat denselben Prozess wieder blockiert:

Code:

ATTFilter

01:47:17	Nico	DETECTION	C:\USERS\NICO\APPDATA\LOCAL\TEMP\RUNDLL32 .EXE	Trojan.Agent	DENY
06:37:29	Nico	IP-BLOCK	222.189.238.86 (Type: incoming, Port: 8)
06:37:37	Nico	IP-BLOCK	222.189.238.86 (Type: incoming, Port: 8)
13:52:18	Nico	MESSAGE	IP Protection stopped
13:52:57	Medion	MESSAGE	IP Protection started successfully
14:02:35	Nico	DETECTION	C:\USERS\NICO\APPDATA\LOCAL\TEMP\RUNDLL32 .EXE	Trojan.Agent	ALLOW
14:02:35	Nico	DETECTION	C:\USERS\NICO\APPDATA\LOCAL\TEMP\RUNDLL32 .EXE	Trojan.Agent	ALLOW
16:00:54	Medion	MESSAGE	Protection started successfully
16:00:59	Medion	MESSAGE	IP Protection started successfully
16:21:36	Medion	MESSAGE	Protection started successfully
16:21:40	Medion	MESSAGE	IP Protection started successfully
16:27:05	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	QUARANTINE
16:27:08	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
16:27:08	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
16:27:08	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
16:27:51	Nico	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	QUARANTINE

cosinus · 23.09.2011, 17:58

Mach noch einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":FIles" muss mitkopiert werden!!!)

Code:

ATTFilter

:Files
C:\USERS\NICO\APPDATA\LOCAL\TEMP\RUNDLL32 .EXE
C:\Windows\Temp\svhost.exe
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

v1xt3 · 23.09.2011, 21:50

Habe den Fix durchgefÃ¼hrt, kann allerdings weil ich unterwegs bin nur kurz vom Handy bescheid geben.
Er sagt "moved successfully" ABER sobald ich mich mit meinem Account einlogge tritt dasselbe wieder auf!
Ich konnte als ich in den Temp ordner gegangen bin das Verhalten beobachten: Es werden kurzzeitig rundll32 .exe, eine 2.3 Mb groÃŸe rundll32 .txt, eine VBScript (o. ae.) datei, zwei javascript dateien und noch 2-3 die ich nicht rechtzeitig erkennen konnte. nach einigen sekunden verschwinden all diese dateien und der prozess laeuft!
AuÃŸerdem kann ich den prozess nicht mehr killen und es laeuft ca. 30 mal mbamgui.exe im task manager.
habe nochmals einen quickscan durchgefuehrt und Malwarebytes hat prompt auÃŸer den beiden genannten Dateien verseuchte Registryeintraege gefunden.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32
HKEY_CURRENT_USER\SOFTWARE\Invictus
hat angeblich alles geloescht.
Logs sobald ich zurueck bin (Sonntag abend)
Irgendwas was ich waehrenddessen tun kann?

cosinus · 24.09.2011, 10:52

Ja, mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.

Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.

v1xt3 · 25.09.2011, 19:04

Hier schonmal die Logs:

Malwarebytes Protection Log:

Code:

ATTFilter

01:47:17	Nico	DETECTION	C:\USERS\NICO\APPDATA\LOCAL\TEMP\RUNDLL32 .EXE	Trojan.Agent	DENY
06:37:29	Nico	IP-BLOCK	222.189.238.86 (Type: incoming, Port: 8)
06:37:37	Nico	IP-BLOCK	222.189.238.86 (Type: incoming, Port: 8)
13:52:18	Nico	MESSAGE	IP Protection stopped
13:52:57	Medion	MESSAGE	IP Protection started successfully
14:02:35	Nico	DETECTION	C:\USERS\NICO\APPDATA\LOCAL\TEMP\RUNDLL32 .EXE	Trojan.Agent	ALLOW
14:02:35	Nico	DETECTION	C:\USERS\NICO\APPDATA\LOCAL\TEMP\RUNDLL32 .EXE	Trojan.Agent	ALLOW
16:00:54	Medion	MESSAGE	Protection started successfully
16:00:59	Medion	MESSAGE	IP Protection started successfully
16:21:36	Medion	MESSAGE	Protection started successfully
16:21:40	Medion	MESSAGE	IP Protection started successfully
16:27:05	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	QUARANTINE
16:27:08	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
16:27:08	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
16:27:08	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
16:27:51	Nico	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	QUARANTINE
21:08:09	Medion	MESSAGE	Protection started successfully
21:08:14	Medion	MESSAGE	IP Protection started successfully
21:09:01	Medion	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	ALLOW
21:09:03	Medion	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:09:03	Medion	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:09:03	Medion	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:09:03	Medion	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:09:23	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:24	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:24	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:24	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:24	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:24	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:24	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:24	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:24	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:24	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:24	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:24	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:24	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:24	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:25	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:25	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:25	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:25	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:25	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:25	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:25	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:26	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:26	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:26	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:26	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:26	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:26	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:26	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:26	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:26	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:26	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:26	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:26	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:26	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:27	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:27	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:27	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:27	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:27	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:27	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:28	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:28	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:28	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:28	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:28	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:28	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:28	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:28	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:28	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:28	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:28	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:29	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:29	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:29	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:29	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:29	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:29	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:29	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:29	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:29	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:29	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:29	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:30	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:30	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:30	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:30	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:30	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:30	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:30	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:30	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:30	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:30	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:30	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:31	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:31	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:31	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:31	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:31	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:31	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:31	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:31	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:31	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:31	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:32	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:32	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:32	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:32	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:32	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:32	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:32	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:32	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:32	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:32	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:32	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:33	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:33	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:33	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:33	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:33	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:33	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:33	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:33	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:33	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:33	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:33	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:34	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:34	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:34	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:34	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:34	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:34	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:34	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:34	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:34	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:34	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:34	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:35	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:35	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:35	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:35	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:35	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:35	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:35	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:35	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:35	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:35	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:36	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:36	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:36	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:36	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:36	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:36	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:36	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:36	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:36	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:36	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:37	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:37	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:37	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:37	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:37	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:37	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:37	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:37	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:37	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:38	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:38	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:38	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:38	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:38	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:38	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:38	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:38	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:38	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:38	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:39	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:39	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:39	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:39	(null)	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	DENY
21:09:55	Nico	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	ALLOW
21:09:55	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:09:55	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:09:55	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:09:55	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:09:56	Nico	MESSAGE	IP Protection stopped
21:10:15	Nico	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	ALLOW
21:10:16	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:10:16	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:10:16	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:10:16	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:10:36	Nico	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	ALLOW
21:10:37	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:10:37	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:10:37	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:10:37	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:10:58	Nico	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	ALLOW
21:10:58	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:10:58	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:10:58	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:10:58	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:11:18	Nico	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	ALLOW
21:11:19	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:11:19	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:11:19	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:11:19	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:11:39	Nico	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	ALLOW
21:11:39	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:11:39	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:11:40	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:11:40	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:12:00	Nico	DETECTION	C:\Users\Nico\AppData\Local\Temp\rundll32 .exe	Trojan.Agent	ALLOW
21:12:00	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:12:00	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:12:00	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:12:00	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	ALLOW
21:19:00	Medion	MESSAGE	Protection started successfully
21:19:10	Medion	MESSAGE	IP Protection started successfully
22:32:32	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	QUARANTINE
22:32:32	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:32:32	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:32:32	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:32:53	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:32:53	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:32:53	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:32:53	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:33:16	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:33:16	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:33:16	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:33:16	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:33:36	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:33:36	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:33:36	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:33:36	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:33:57	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:33:57	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:33:57	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:33:57	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:34:18	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:34:18	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:34:18	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:34:18	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:34:39	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:34:39	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:34:39	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:34:39	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:35:00	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:35:00	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:35:00	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:35:00	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:35:21	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:35:21	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:35:21	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:35:21	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:35:42	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:35:42	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:35:42	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:35:42	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:36:03	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:36:03	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:36:03	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:36:03	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:36:24	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:36:24	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:36:24	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:36:24	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:36:44	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:36:44	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:36:44	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:36:44	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:37:05	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:37:05	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:37:05	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:37:05	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:37:26	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:37:26	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:37:26	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:37:26	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:37:47	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:37:47	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:37:47	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:37:47	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:38:08	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:38:08	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:38:08	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:38:08	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:38:28	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:38:28	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:38:28	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:38:28	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:38:49	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:38:49	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:38:49	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:38:49	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:39:10	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:39:10	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:39:10	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:39:10	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:39:31	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:39:31	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:39:31	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:39:31	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:39:51	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:39:51	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:39:51	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:39:51	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:40:12	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:40:12	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:40:12	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:40:12	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:40:33	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:40:33	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:40:33	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:40:33	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:40:54	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:40:54	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:40:54	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:40:54	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:41:15	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:41:15	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:41:15	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:41:15	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:41:35	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:41:35	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:41:35	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:41:35	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:41:56	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:41:56	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:41:56	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:41:56	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:42:17	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:42:17	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:42:17	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:42:17	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:42:38	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:42:38	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:42:38	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:42:38	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:42:59	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:42:59	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:42:59	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:42:59	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:43:20	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:43:20	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:43:20	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:43:20	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:43:41	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:43:41	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:43:41	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:43:41	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:44:01	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:44:01	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:44:02	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:44:02	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:44:23	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:44:23	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:44:23	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:44:23	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:44:44	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:44:44	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:44:44	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:44:44	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:45:04	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:45:04	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:45:04	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:45:04	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:45:25	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:45:25	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:45:25	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:45:25	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:45:46	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:45:46	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:45:46	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:45:46	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:46:07	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:46:07	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:46:07	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:46:07	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:46:28	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:46:28	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:46:28	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:46:28	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:46:48	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:46:48	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:46:48	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:46:48	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:47:09	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:47:09	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:47:09	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:47:09	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:47:30	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:47:30	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:47:30	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:47:30	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:47:51	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:47:51	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:47:51	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:47:51	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:48:12	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:48:12	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:48:12	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:48:12	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:48:32	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:48:32	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:48:32	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:48:32	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:48:53	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:48:53	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:48:53	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:48:53	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:49:14	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:49:14	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:49:14	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:49:14	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:49:35	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:49:35	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:49:35	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:49:35	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:49:56	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:49:56	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:49:56	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:49:56	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:50:16	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:50:16	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:50:16	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:50:16	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:50:37	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:50:37	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:50:37	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:50:37	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:50:52	Nico	DETECTION	C:\WINDOWS\TEMP\SVHOST.EXE	Heuristics.Reserved.Word.Exploit	DENY
22:51:01	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:51:01	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:51:01	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY
22:51:01	Nico	DETECTION	C:\Windows\Temp\svhost.exe	Heuristics.Reserved.Word.Exploit	DENY

OTL Log

Code:

ATTFilter

All processes killed
========== FILES ==========
C:\USERS\NICO\APPDATA\LOCAL\TEMP\rundll32 .exe moved successfully.
C:\Windows\Temp\svhost.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Medion
->Temp folder emptied: 166129 bytes
->Temporary Internet Files folder emptied: 434145 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Nico
->Temp folder emptied: 197292 bytes
->Temporary Internet Files folder emptied: 434145 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.29.1 log created on 09232011_211210

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\JETC9C3.tmp not found!

Registry entries deleted on Reboot...

Malwarebytes Quickscan Log

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7775

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

23.09.2011 22:40:54
mbam-log-2011-09-23 (22-40-54).txt

Scan type: Quick scan
Objects scanned: 153312
Time elapsed: 3 minute(s), 24 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
c:\Users\Nico\AppData\Local\Temp\rundll32 .exe (Trojan.Agent) -> 2000 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32 (Trojan.Agent) -> Value: rundll32 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Temp\svhost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
c:\Users\Nico\AppData\Local\Temp\rundll32 .exe (Trojan.Agent) -> Quarantined and deleted successfully.

ich brenn jetzt die OTLPE CD und reich dann die logs auch hinterher

v1xt3 · 25.09.2011, 19:47

hier der otl-log:

Code:

ATTFilter

OTL logfile created on: 9/25/2011 9:28:21 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 394.35 Gb Total Space | 10.66 Gb Free Space | 2.70% Space Free | Partition Type: NTFS
Drive D: | 71.39 Gb Total Space | 58.31 Gb Free Space | 81.68% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/08/31 11:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/21 11:34:13 | 003,246,040 | ---- | M] (Acronis) [Disabled] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011/01/07 14:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/12/15 12:59:28 | 000,031,744 | ---- | M] () [On_Demand] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/12/06 01:55:30 | 000,805,032 | ---- | M] (Acronis) [Disabled] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/03/30 06:34:36 | 000,241,664 | ---- | M] () [Auto] -- C:\Program Files\T-Mobile Internet Manager 03\AssistantServices.exe -- (UI Assistant Service)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/02 07:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007/10/03 10:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/09/11 10:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2007/08/16 05:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Disabled] -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2007/04/19 07:11:06 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto] -- C:\Program Files\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2006/12/14 11:00:00 | 000,544,768 | ---- | M] (Magix AG) [Disabled] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006/10/05 07:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/11/17 10:18:52 | 001,527,900 | ---- | M] (MAGIX®) [Disabled] -- C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001/11/12 08:31:48 | 000,020,480 | ---- | M] (X10) [Auto] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (uxddrv)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - File not found [Kernel | System] --  -- (HWiNFO32)
DRV - File not found [Kernel | On_Demand] --  -- (ALSysIO)
DRV - [2011/09/09 13:44:06 | 000,816,760 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110909.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/08/31 11:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/22 18:17:32 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110922.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011/08/04 05:15:31 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110922.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/04 05:15:31 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110922.017\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/31 15:41:20 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/30 15:43:11 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/08 11:17:22 | 000,091,216 | ---- | M] (High Criteria inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TotRec8.sys -- (TotRec8)
DRV - [2011/06/10 11:17:10 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/05/11 14:38:10 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/21 11:34:15 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2011/04/21 11:34:08 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV - [2011/04/21 11:34:05 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 20:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\NIS\1206000.01D\symefa.sys -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\NIS\1206000.01D\symds.sys -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2011/01/24 16:53:55 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2011/01/07 23:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/12/15 12:59:28 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/06/23 03:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/08/04 08:15:36 | 000,033,736 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ymidusbw.sys -- (YMIDUSBW) Yamaha USB-MIDI Driver (WDM)
DRV - [2009/02/05 12:39:08 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2009/02/05 12:39:00 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2009/02/05 12:38:24 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2009/01/12 04:12:56 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/01/04 12:29:50 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/01/04 12:29:50 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/12/11 17:11:04 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2008/12/11 17:11:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2008/10/29 11:35:32 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2007/08/28 10:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/08/22 14:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/07/31 06:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007/07/27 06:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10)
DRV - [2007/07/27 04:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10)
DRV - [2006/11/30 10:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006/11/28 10:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/17 05:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2003/04/28 06:27:06 | 000,009,867 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Medion_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Nico_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\Nico_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
IE - HKU\Nico_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Nico_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/08/24 06:53:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_1_3 [2011/09/23 15:14:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile Internet Manager 03\addon [2011/02/08 18:35:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/21 11:18:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/23 10:29:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/18 18:21:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011/08/22 21:37:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/19 17:02:06 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/01/25 07:18:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/05/06 10:06:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/08/12 02:13:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/13 23:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/12 00:19:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/08/12 00:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/08/12 00:19:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/08/12 00:19:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/08/12 00:19:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/08/12 00:19:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011/09/23 15:12:17 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\Medion_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [CtrlVol]  File not found
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2uvc]  File not found
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Nico_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Nico_ON_C..\Run: [BullGuard]  File not found
O4 - HKU\Nico_ON_C..\Run: [swg]  File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.130 192.168.1.10
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/09/23 10:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/09/23 10:27:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/09/23 10:27:16 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Malwarebytes
[2011/09/23 10:05:34 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Medion\Desktop\OTL.exe
[2011/09/23 09:59:02 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\Last.fm
[2011/09/23 07:59:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/23 06:37:19 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Nico\Desktop\OTL.exe
[2011/09/22 19:45:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/22 16:30:03 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Malwarebytes
[2011/09/22 16:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/22 16:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/22 16:29:22 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/09/22 16:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/19 17:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011/09/19 17:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2011/09/19 17:15:37 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\FileZilla
[2011/09/19 12:02:28 | 000,000,000 | ---D | C] -- C:\Presets
[2011/09/09 07:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2011/09/09 05:28:03 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2011/09/09 05:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2011/09/09 05:28:02 | 000,000,000 | ---D | C] -- C:\Program Files\OpenVPN
[2011/09/09 05:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudNet VPN
[2011/09/09 05:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\StudNetVPN
[2011/09/04 13:26:25 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Voxengo
[2011/09/03 14:42:32 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Local\Mumble
[2011/09/02 20:24:50 | 000,000,000 | ---D | C] -- C:\Users\Nico\Desktop\moment zeugs
[2010/11/03 06:33:35 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Medion\AppData\Roaming\MinecraftSP.exe
[2008/02/26 00:02:49 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008/02/26 00:02:49 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2007/08/13 11:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Nico\AppData\Local\CDRip.dll
[2007/01/18 15:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Nico\AppData\Local\No23 Recorder.exe
[2006/12/11 13:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Nico\AppData\Local\basscd.dll
[2006/12/11 13:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Nico\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011/09/25 14:02:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/25 14:00:00 | 000,000,398 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{25CA6DC1-5E6A-46B1-AD9E-5E9475A14DD7}.job
[2011/09/25 13:51:18 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/25 13:51:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/23 15:22:01 | 000,699,828 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/09/23 15:22:01 | 000,655,950 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/23 15:22:01 | 000,157,120 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/09/23 15:22:01 | 000,128,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/23 15:14:07 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/23 15:13:03 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/09/23 15:12:17 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/09/23 10:29:15 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/09/23 10:29:14 | 000,001,804 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011/09/23 06:32:02 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Nico\Desktop\OTL.exe
[2011/09/23 06:32:02 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Medion\Desktop\OTL.exe
[2011/09/22 18:13:35 | 000,509,429 | ---- | M] () -- C:\Users\Nico\Desktop\***.mp3
[2011/09/22 16:29:28 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/22 16:29:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/22 12:00:21 | 002,346,544 | ---- | M] () -- C:\{5D14BB32-4E55-4DD5-A0B8-3ADD8AE89518}
[2011/09/22 11:47:49 | 002,346,544 | ---- | M] () -- C:\{BD7FBB4B-7CC9-4FF1-A21C-52496DE0381E}
[2011/09/22 08:56:57 | 002,346,544 | ---- | M] () -- C:\{B65097C1-A62D-42BA-B792-66E77B70A3E1}
[2011/09/22 05:10:54 | 002,346,544 | ---- | M] () -- C:\{E8AE16E7-F81E-4F17-83D8-BC124BAF1CD1}
[2011/09/21 19:02:08 | 000,232,047 | ---- | M] () -- C:\Users\Nico\Desktop\***.mp3
[2011/09/21 18:58:24 | 001,188,129 | ---- | M] () -- C:\Users\Nico\Desktop\***.mp3
[2011/09/21 18:25:37 | 002,346,544 | ---- | M] () -- C:\{8DD6C5FD-D7C2-4B17-ADE4-081DD5AB5044}
[2011/09/21 04:59:55 | 002,346,544 | ---- | M] () -- C:\{47112D9B-323B-433E-BA72-E6F2A0C022C0}
[2011/09/20 21:00:19 | 002,346,544 | ---- | M] () -- C:\{10DC8378-D7AE-41A6-8DD4-A0CD69B8B4CA}
[2011/09/20 20:42:19 | 002,346,544 | ---- | M] () -- C:\{BB98470C-2366-4D8B-8042-9C4C4DE0FFCF}
[2011/09/20 10:08:58 | 002,346,544 | ---- | M] () -- C:\{86C8013B-4CA8-4C10-9456-BDE3EE40485F}
[2011/09/20 05:59:10 | 002,346,544 | ---- | M] () -- C:\{44FDFD56-860F-4649-8EE3-DCAE823538FD}
[2011/09/19 21:00:54 | 002,346,544 | ---- | M] () -- C:\{176CE8A8-E2DE-4C5D-94FC-1A2CE21334C1}
[2011/09/19 17:17:40 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2011/09/19 17:17:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011/09/19 12:25:10 | 002,346,544 | ---- | M] () -- C:\{B0B584F9-0D5F-464B-BE4B-CF667ADEE603}
[2011/09/19 09:29:52 | 002,346,544 | ---- | M] () -- C:\{49300480-47BE-41C6-88B4-740AB4D64AB8}
[2011/09/19 05:10:32 | 002,346,544 | ---- | M] () -- C:\{B22610C3-B986-4A8F-830C-F987341EC9AA}
[2011/09/18 14:58:08 | 001,189,135 | ---- | M] () -- C:\Users\Nico\Desktop\previewnstuff.mp3
[2011/09/18 14:47:39 | 002,346,544 | ---- | M] () -- C:\{FE4816F8-4689-4A0A-886F-4C1B6958F5E9}
[2011/09/18 09:37:42 | 002,346,544 | ---- | M] () -- C:\{D5DA34A5-E181-4687-A010-AD1AC82DEF5B}
[2011/09/17 17:54:52 | 002,346,544 | ---- | M] () -- C:\{9F19F850-7F7A-4D6D-9B91-75422EBA02F5}
[2011/09/16 21:00:27 | 002,346,544 | ---- | M] () -- C:\{3D5744BB-B49F-4ACA-B210-900EE840622B}
[2011/09/16 10:17:12 | 002,346,544 | ---- | M] () -- C:\{881F07F3-9DAE-4BCD-9E3D-83DEE0817C8F}
[2011/09/15 20:29:06 | 000,054,784 | ---- | M] () -- C:\Users\Nico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/15 14:21:45 | 002,346,544 | ---- | M] () -- C:\{B7FAA56B-AF53-48B2-AAA5-DA481A139B6E}
[2011/09/14 20:03:39 | 462,240,570 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/14 14:23:39 | 000,453,033 | ---- | M] () -- C:\Users\Nico\Desktop\more kick.mp3
[2011/09/13 17:22:22 | 003,470,670 | ---- | M] () -- C:\Users\Nico\Desktop\***.mp3
[2011/09/12 17:50:05 | 001,206,898 | ---- | M] () -- C:\Users\Nico\Desktop\***.mp3
[2011/09/11 14:42:24 | 000,874,077 | ---- | M] () -- C:\Users\Nico\Desktop\Chords.mp3
[2011/09/10 17:52:50 | 000,000,680 | ---- | M] () -- C:\Users\Nico\AppData\Local\d3d9caps.dat
[2011/09/09 07:27:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2011/09/09 05:28:52 | 000,000,922 | ---- | M] () -- C:\Users\Nico\Desktop\OpenVPN GUI.lnk
[2011/09/09 05:28:52 | 000,000,922 | ---- | M] () -- C:\Users\Medion\Desktop\OpenVPN GUI.lnk
[2011/09/09 05:28:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2011/09/09 05:21:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudNet VPN
[2011/09/06 19:10:41 | 000,000,137 | ---- | M] () -- C:\Users\Nico\AppData\default.pls
[2011/09/01 10:13:02 | 002,339,328 | ---- | M] () -- C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32 .exe
[2011/08/31 11:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/30 14:26:46 | 000,001,088 | ---- | M] () -- C:\Users\Nico\Desktop\Elektro.fxp
[2011/08/28 17:56:25 | 000,353,256 | ---- | M] () -- C:\Users\Nico\Desktop\No23_Record_28.08.2011_23.54.46_.mp3
 
========== Files Created - No Company Name ==========
 
[2011/09/23 10:29:15 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/09/23 10:29:14 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011/09/22 18:13:29 | 000,509,429 | ---- | C] () -- C:\Users\Nico\Desktop\***.mp3
[2011/09/22 16:29:27 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/22 12:00:21 | 002,346,544 | ---- | C] () -- C:\{5D14BB32-4E55-4DD5-A0B8-3ADD8AE89518}
[2011/09/22 11:47:49 | 002,346,544 | ---- | C] () -- C:\{BD7FBB4B-7CC9-4FF1-A21C-52496DE0381E}
[2011/09/22 08:56:57 | 002,346,544 | ---- | C] () -- C:\{B65097C1-A62D-42BA-B792-66E77B70A3E1}
[2011/09/22 05:10:53 | 002,346,544 | ---- | C] () -- C:\{E8AE16E7-F81E-4F17-83D8-BC124BAF1CD1}
[2011/09/21 19:02:04 | 000,232,047 | ---- | C] () -- C:\Users\Nico\Desktop\***.mp3
[2011/09/21 18:58:11 | 001,188,129 | ---- | C] () -- C:\Users\Nico\Desktop\***.mp3
[2011/09/21 18:25:37 | 002,346,544 | ---- | C] () -- C:\{8DD6C5FD-D7C2-4B17-ADE4-081DD5AB5044}
[2011/09/21 04:59:53 | 002,346,544 | ---- | C] () -- C:\{47112D9B-323B-433E-BA72-E6F2A0C022C0}
[2011/09/20 21:00:18 | 002,346,544 | ---- | C] () -- C:\{10DC8378-D7AE-41A6-8DD4-A0CD69B8B4CA}
[2011/09/20 20:42:19 | 002,346,544 | ---- | C] () -- C:\{BB98470C-2366-4D8B-8042-9C4C4DE0FFCF}
[2011/09/20 10:08:57 | 002,346,544 | ---- | C] () -- C:\{86C8013B-4CA8-4C10-9456-BDE3EE40485F}
[2011/09/20 05:59:08 | 002,346,544 | ---- | C] () -- C:\{44FDFD56-860F-4649-8EE3-DCAE823538FD}
[2011/09/19 21:00:54 | 002,346,544 | ---- | C] () -- C:\{176CE8A8-E2DE-4C5D-94FC-1A2CE21334C1}
[2011/09/19 17:14:40 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2011/09/19 12:25:10 | 002,346,544 | ---- | C] () -- C:\{B0B584F9-0D5F-464B-BE4B-CF667ADEE603}
[2011/09/19 09:29:52 | 002,346,544 | ---- | C] () -- C:\{49300480-47BE-41C6-88B4-740AB4D64AB8}
[2011/09/19 05:10:32 | 002,346,544 | ---- | C] () -- C:\{B22610C3-B986-4A8F-830C-F987341EC9AA}
[2011/09/18 14:57:57 | 001,189,135 | ---- | C] () -- C:\Users\Nico\Desktop\previewnstuff.mp3
[2011/09/18 14:47:39 | 002,346,544 | ---- | C] () -- C:\{FE4816F8-4689-4A0A-886F-4C1B6958F5E9}
[2011/09/18 09:37:41 | 002,346,544 | ---- | C] () -- C:\{D5DA34A5-E181-4687-A010-AD1AC82DEF5B}
[2011/09/17 17:54:52 | 002,346,544 | ---- | C] () -- C:\{9F19F850-7F7A-4D6D-9B91-75422EBA02F5}
[2011/09/16 21:00:27 | 002,346,544 | ---- | C] () -- C:\{3D5744BB-B49F-4ACA-B210-900EE840622B}
[2011/09/16 10:17:12 | 002,346,544 | ---- | C] () -- C:\{881F07F3-9DAE-4BCD-9E3D-83DEE0817C8F}
[2011/09/15 14:21:45 | 002,346,544 | ---- | C] () -- C:\{B7FAA56B-AF53-48B2-AAA5-DA481A139B6E}
[2011/09/14 14:23:14 | 000,453,033 | ---- | C] () -- C:\Users\Nico\Desktop\more kick.mp3
[2011/09/13 17:21:41 | 003,470,670 | ---- | C] () -- C:\Users\Nico\Desktop\***.mp3
[2011/09/12 17:49:53 | 001,206,898 | ---- | C] () -- C:\Users\Nico\Desktop\***.mp3
[2011/09/11 14:37:28 | 000,874,077 | ---- | C] () -- C:\Users\Nico\Desktop\Chords.mp3
[2011/09/10 17:52:45 | 002,339,328 | ---- | C] () -- C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32 .exe
[2011/09/09 05:28:52 | 000,000,922 | ---- | C] () -- C:\Users\Nico\Desktop\OpenVPN GUI.lnk
[2011/09/09 05:28:52 | 000,000,922 | ---- | C] () -- C:\Users\Medion\Desktop\OpenVPN GUI.lnk
[2011/09/07 18:15:49 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/30 14:26:45 | 000,001,088 | ---- | C] () -- C:\Users\Nico\Desktop\Elektro.fxp
[2011/08/28 17:56:21 | 000,353,256 | ---- | C] () -- C:\Users\Nico\Desktop\No23_Record_28.08.2011_23.54.46_.mp3
[2011/06/29 13:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2011/06/29 13:26:18 | 000,000,175 | ---- | C] () -- C:\Windows\System32\AddPort.ini
[2011/06/29 13:21:56 | 000,000,763 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2011/05/14 12:59:50 | 000,000,076 | RHS- | C] () -- C:\Windows\ICMET20.BIN
[2011/04/21 10:21:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/04/21 10:21:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/04/21 10:19:54 | 000,000,680 | ---- | C] () -- C:\Users\Medion\AppData\Local\d3d9caps.dat
[2011/04/10 15:07:24 | 000,001,428 | ---- | C] () -- C:\Users\Nico\AppData\Local\RecConfig.xml
[2011/03/21 19:25:58 | 000,093,673 | ---- | C] () -- C:\Users\Medion\AppData\Roaming\Uninstal.exe
[2011/03/14 14:22:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/26 02:18:09 | 000,000,680 | ---- | C] () -- C:\Users\Nico\AppData\Local\d3d9caps.dat
[2011/02/22 18:28:31 | 000,000,000 | ---- | C] () -- C:\Users\Nico\AppData\Roaming\Default.PLS
[2011/02/12 14:42:35 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/02/04 22:55:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/01/25 09:47:36 | 000,027,744 | ---- | C] () -- C:\Users\Nico\AppData\Roaming\nvModes.001
[2011/01/25 09:47:07 | 000,027,744 | ---- | C] () -- C:\Users\Nico\AppData\Roaming\nvModes.dat
[2011/01/24 09:03:48 | 000,002,240 | ---- | C] () -- C:\Windows\LENDIG.sys
[2011/01/24 07:01:21 | 000,054,784 | ---- | C] () -- C:\Users\Nico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/21 11:51:46 | 000,000,137 | ---- | C] () -- C:\Users\Nico\AppData\default.pls
[2011/01/21 11:26:07 | 000,000,092 | ---- | C] () -- C:\Users\Nico\AppData\Local\fusioncache.dat
[2011/01/13 06:59:32 | 000,027,934 | ---- | C] () -- C:\Users\Medion\AppData\Roaming\nvModes.001
[2011/01/13 06:58:15 | 000,027,934 | ---- | C] () -- C:\Users\Medion\AppData\Roaming\nvModes.dat
[2011/01/13 06:03:45 | 000,000,094 | ---- | C] () -- C:\Users\Medion\AppData\Local\fusioncache.dat
[2010/06/18 07:40:28 | 000,180,224 | ---- | C] () -- C:\Windows\System32\hpputoar.dll
[2010/03/01 09:11:42 | 001,743,872 | ---- | C] () -- C:\Windows\System32\libsndfile-1.dll
[2009/12/03 03:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/02/29 03:56:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008/02/29 03:56:57 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008/02/29 01:19:08 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2008/02/29 01:19:07 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2008/02/26 01:59:51 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2008/02/26 00:21:05 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/02/26 00:07:07 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2008/02/26 00:03:25 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2008/02/26 00:02:49 | 001,749,760 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008/02/26 00:02:49 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008/02/26 00:02:49 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008/02/26 00:02:49 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/02/08 10:34:02 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2008/02/08 10:33:25 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/02/07 04:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll
[2008/01/21 03:15:58 | 000,699,828 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 03:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 03:15:58 | 000,157,120 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 03:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007/12/04 08:55:36 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/08/13 11:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Nico\AppData\Local\lame_enc.dll
[2007/01/25 20:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
[2007/01/25 20:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,406,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,655,950 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,128,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/25 19:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Nico\AppData\Local\vorbisenc.dll
[2006/10/25 19:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Nico\AppData\Local\vorbisfile.dll
[2006/10/25 19:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Nico\AppData\Local\vorbis.dll
[2006/10/25 19:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Nico\AppData\Local\ogg.dll
[2005/08/23 16:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Nico\AppData\Local\no23xwrapper.dll
[2001/11/14 07:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/07/06 22:00:00 | 000,003,399 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini
[1997/06/14 07:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2011/03/21 19:29:42 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\.minecraft
[2011/04/21 11:22:49 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Acronis
[2011/02/21 14:05:01 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\avidemux
[2011/06/10 11:41:53 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\DAEMON Tools Lite
[2011/08/01 19:30:32 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\DVDVideoSoft
[2011/01/23 19:14:55 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/04/21 11:34:15 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\E4EED61A-4645-4A4C-A3C5-CAA32DE052ED
[2011/04/21 10:47:12 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\FMZilla
[2011/05/14 13:02:51 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\MAGIX
[2011/01/23 18:47:39 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Opera
[2011/02/08 18:35:52 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Program Files
[2011/04/22 21:32:01 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Sincell
[2011/08/12 15:05:08 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Tific
[2011/07/19 20:23:34 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\.minecraft
[2011/02/26 10:10:49 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\AnvSoft
[2011/02/26 10:26:14 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\avidemux
[2011/07/31 14:57:37 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Blue Cat Audio
[2011/01/21 11:26:25 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\BullGuard
[2011/09/15 02:05:16 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Dropbox
[2011/08/01 19:30:50 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\DVDVideoSoft
[2011/09/19 19:19:05 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\FileZilla
[2011/05/06 11:17:54 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\FireShot
[2011/04/11 13:45:04 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\FMZilla
[2011/05/27 20:12:45 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\GameRanger
[2011/09/22 19:20:52 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\gtk-2.0
[2011/06/10 09:32:29 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\HOFA
[2011/05/14 13:50:07 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\MAGIX
[2011/05/08 15:59:12 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Minemapper
[2011/09/11 17:28:01 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Mumble
[2011/01/25 07:26:47 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\OpenOffice.org
[2011/01/23 14:16:20 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Opera
[2011/02/08 18:42:21 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Program Files
[2011/03/04 12:59:39 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Thunderbird
[2011/08/22 20:22:58 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\TotalRecorder
[2011/09/04 13:26:25 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Voxengo
[2011/03/13 10:02:58 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Yellow Tools
[2011/01/24 16:54:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Acronis
[2011/01/13 05:59:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2008/02/26 01:59:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl Data Service GmbH
[2011/04/27 12:33:21 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2011/08/22 20:16:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Caphyon
[2011/06/10 11:16:24 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/01/13 05:59:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/01/13 05:59:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/02/26 02:03:58 | 000,000,000 | ---D | M] -- C:\ProgramData\fun communications
[2008/02/26 02:17:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Gnab
[2011/06/10 09:32:29 | 000,000,000 | ---D | M] -- C:\ProgramData\HOFA
[2011/04/17 11:08:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Last.fm
[2011/05/14 13:08:14 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2011/06/03 13:07:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Native Instruments
[2011/02/21 15:30:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Pinnacle
[2011/02/21 16:18:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Pinnacle VideoSpin
[2011/04/22 21:29:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Sincell
[2008/02/26 02:04:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Sonavis
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/01/13 05:59:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/01/26 09:43:33 | 000,000,000 | ---D | M] -- C:\ProgramData\TrackMania
[2008/02/26 01:15:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2011/01/13 05:59:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/02/17 13:33:57 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2008/02/26 00:04:52 | 000,000,000 | ---D | M] -- C:\ProgramData\X10 Settings
[2011/03/13 10:03:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Yellow Tools
[2011/02/27 14:23:59 | 000,000,000 | -H-D | M] -- C:\ProgramData\{261FD3E7-AC6C-4785-8405-DCF2100A3A46}
[2011/06/03 13:11:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\{5E4CAE11-3142-4132-BACC-8515F1910998}
[2008/02/26 01:35:58 | 000,000,000 | ---D | M] -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2011/06/03 13:07:53 | 000,000,000 | -H-D | M] -- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
[2011/09/23 15:13:03 | 000,032,526 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/09/25 14:00:00 | 000,000,398 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{25CA6DC1-5E6A-46B1-AD9E-5E9475A14DD7}.job
 
========== Purity Check ==========
 
 
< End of report >

Kann ich eigentlich über die CD auch meine Daten sichern, das wichtigste ist zwar gesichert, aber es gibt noch ein paar Sachen die ich gerne sichern möchte.

cosinus · 26.09.2011, 11:27

Ja pber ein Live-System ist das Sichern der Daten immer eine gute Wahl.
Willst du dann weitermach oder formatieren und neu installieren?

v1xt3 · 26.09.2011, 11:56

Wenn es sich noch lohnt weiterzumachen würde ich das schon machen, weil neu installieren für mich sehr aufwändig wäre mit zig Programmen, Plugins und Treibern die ich neu installieren müsste und ich da etwas Zeitprobleme kriege. Aber unmöglich ist es natürlich nicht.
Also kommt drauf an was jetzt die beste Lösung ist.

cosinus · 26.09.2011, 13:00

Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
DRV - File not found [Kernel | On_Demand] --  -- (uxddrv)
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com/
IE - HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Medion_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Nico_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKU\Nico_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com/
IE - HKU\Nico_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Nico_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\Medion_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4 - HKU\Nico_ON_C..\Run: [BullGuard]  File not found
O4 - HKU\Nico_ON_C..\Run: [swg]  File not found
:Files
C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe
:Commands
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

v1xt3 · 27.09.2011, 01:38

Hier schonmal das Log

Code:

ATTFilter

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uxddrv deleted successfully.
HKLM\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\Medion_ON_C\Software\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKU\Medion_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Nico_ON_C\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\Nico_ON_C\Software\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\Nico_ON_C\Software\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKU\Nico_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ deleted successfully.
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll moved successfully.
Registry value HKEY_USERS\Medion_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
File C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll not found.
Registry value HKEY_USERS\Nico_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\BullGuard deleted successfully.
Registry value HKEY_USERS\Nico_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
========== FILES ==========
C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32 .exe moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 09272011_043513

edit: MovedFiles hochgeladen

Malwarebytes hat übrigens kurz nach dem Hochfahren wieder Alarm geschlagen, wieder rundll32 .exe in \Appdata\Local\Temp. Es läuft aber kein Prozess im Taskmanager

edit2: Sollte ich eigtl. mich mal bei Symantec melden, immerhin hat Norton bis heute nicht auf den Virus angeschlagen.

edit3: Und noch was, hast du eine Ahnung um was für einen Virus es sich hier handelt? D.h. sollte ich online Passwörter ändern u.ä. (banking passwort habe ich sofort geändert auf nem sauberen rechner). Möchte keine bösen Überraschungen erleben.

cosinus · 27.09.2011, 11:13

Zitat:

Malwarebytes hat übrigens kurz nach dem Hochfahren wieder Alarm geschlagen, wieder rundll32 .exe in \Appdata\Local\Temp. Es läuft aber kein Prozess im Taskmanager

Immer das Log dazu posten!

Mach auch bitte ein neues CustomLog

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

v1xt3 · 27.09.2011, 12:20

Erstmal das Log von Malwarebyts:

Code:

ATTFilter

04:45:53	Nico	MESSAGE	Protection started successfully
04:45:57	Nico	MESSAGE	IP Protection started successfully
04:46:46	Nico	DETECTION	C:\USERS\NICO\APPDATA\LOCAL\TEMP\RUNDLL32 .EXE	Trojan.Agent	QUARANTINE
04:46:51	Nico	ERROR	Scheduled update failed:  No address found failed with error code 11004
15:34:55	Nico	MESSAGE	Protection started successfully
15:34:59	Nico	MESSAGE	IP Protection started successfully

OTL-Log

Code:

ATTFilter

OTL logfile created on: 27.09.2011 15:40:55 - Run 2
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\Nico\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,45% Memory free
6,19 Gb Paging File | 5,05 Gb Available in Paging File | 81,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 394,35 Gb Total Space | 57,70 Gb Free Space | 14,63% Space Free | Partition Type: NTFS
Drive D: | 71,39 Gb Total Space | 58,31 Gb Free Space | 81,68% Space Free | Partition Type: FAT32
 
Computer Name: MEDION-PC | User Name: Medion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.23 12:32:02 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Nico\Desktop\OTL.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011.01.07 22:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.06.29 15:15:18 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2009.04.10 23:28:16 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.10 23:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.30 12:34:36 | 000,241,664 | ---- | M] () -- C:\Programme\T-Mobile Internet Manager 03\AssistantServices.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.12.17 12:02:28 | 004,718,592 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.12.04 15:13:34 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007.12.04 15:13:34 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.11.02 13:35:42 | 002,564,096 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe
PRC - [2007.11.02 13:31:24 | 000,069,632 | ---- | M] () -- C:\Programme\Softex\OmniPass\opvapp.exe
PRC - [2007.11.02 13:31:08 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Programme\Softex\OmniPass\OmniServ.exe
PRC - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 16:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.09.11 16:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe
PRC - [2007.09.07 10:26:54 | 000,086,016 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\WButton.exe
PRC - [2007.09.06 12:23:36 | 000,188,416 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2007.09.01 15:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
PRC - [2007.08.31 12:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2007.04.19 13:11:08 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Programme\Medion\MEDIONbox\Program\GCS.exe
PRC - [2007.04.19 13:11:06 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe
PRC - [2006.12.26 12:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe
PRC - [2006.10.05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.28 23:19:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2007.12.04 15:07:28 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.12.04 14:55:36 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2007.11.02 13:36:16 | 000,048,208 | ---- | M] () -- C:\Programme\Softex\OmniPass\hdddrv.dll
MOD - [2007.11.02 13:35:42 | 002,564,096 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe
MOD - [2007.11.02 13:28:16 | 000,434,176 | ---- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll
MOD - [2007.11.02 13:28:04 | 001,077,248 | ---- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll
MOD - [2007.11.02 13:27:48 | 000,532,480 | ---- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll
MOD - [2007.11.02 13:27:40 | 000,061,440 | ---- | M] () -- C:\Programme\Softex\OmniPass\scuredll.dll
MOD - [2007.11.02 13:27:38 | 000,065,536 | ---- | M] () -- C:\Programme\Softex\OmniPass\opfsdll.dll
MOD - [2007.11.02 13:27:28 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll
MOD - [2007.11.02 13:27:26 | 000,013,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll
MOD - [2007.09.01 15:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.04.21 17:34:13 | 003,246,040 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.12.15 18:59:28 | 000,031,744 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010.12.06 07:55:30 | 000,805,032 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.03.30 12:34:36 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Programme\T-Mobile Internet Manager 03\AssistantServices.exe -- (UI Assistant Service)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.02 13:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.09.11 16:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2007.08.16 11:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Disabled | Stopped] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2007.04.19 13:11:06 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [Disabled | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006.10.05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Running] --  -- (ALSysIO)
DRV - [2011.09.09 19:44:06 | 000,816,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110909.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.08.23 00:17:32 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110922.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011.08.04 11:15:31 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110922.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2011.08.04 11:15:31 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110922.017\NAVENG.SYS -- (NAVENG)
DRV - [2011.07.31 21:41:20 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011.07.31 21:41:20 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.07.08 17:17:22 | 000,091,216 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TotRec8.sys -- (TotRec8)
DRV - [2011.06.10 17:17:10 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.05.11 20:38:10 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.04.21 17:34:15 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2011.04.21 17:34:08 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV - [2011.04.21 17:34:05 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2011.03.31 05:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011.03.31 05:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011.03.22 02:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011.03.15 04:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011.01.27 08:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011.01.27 07:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2011.01.24 22:53:55 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2011.01.08 05:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.12.15 18:59:28 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.08.04 14:15:36 | 000,033,736 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ymidusbw.sys -- (YMIDUSBW) Yamaha USB-MIDI Driver (WDM)
DRV - [2009.02.05 18:39:08 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2009.02.05 18:39:00 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2009.02.05 18:38:24 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3531.sys -- (Si3531)
DRV - [2009.01.12 10:12:56 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.01.04 18:29:50 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.01.04 18:29:50 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008.12.11 23:11:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2008.10.29 17:35:32 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2007.08.28 16:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007.08.22 20:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007.07.31 12:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007.07.27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10)
DRV - [2007.07.27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10)
DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.28 16:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.17 11:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2003.04.28 12:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.0.8
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011.08.24 12:53:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_1_3 [2011.09.27 15:31:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile Internet Manager 03\addon [2011.02.09 00:35:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.21 17:18:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.23 16:29:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.03.19 00:21:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.04.09 21:57:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Medion\AppData\Roaming\mozilla\Extensions
[2011.08.02 01:30:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\c2m6u1c9.default\extensions
[2011.04.21 16:49:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\c2m6u1c9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.02 01:30:16 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\c2m6u1c9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.07.13 03:23:04 | 000,002,443 | ---- | M] () -- C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\c2m6u1c9.default\searchplugins\safesearch.xml
[2011.08.23 03:37:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.09.19 23:02:06 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.01.25 13:18:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.05.06 16:06:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2011.01.25 13:18:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.05.06 16:06:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN_2011_7_0_8
[2011.08.24 12:53:41 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN
[2011.08.12 08:13:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.08.12 06:19:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.12 06:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.08.12 06:19:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.12 06:19:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.12 06:19:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.12 06:19:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.09.27 10:35:16 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll File not found
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.130 192.168.1.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F118D1DF-4D6E-4617-AE45-683E52CBFD45}: DhcpNameServer = 192.168.1.130 192.168.1.10
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Medion^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Free Music Zilla.lnk - C:\Programme\Free Music Zilla\FMZilla.exe - ()
MsConfig - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: SAOB Monitor - hkey= - key= - C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: TrayServer - hkey= - key= - C:\Programme\MAGIX\Video_deluxe_2008_PLUS\Trayserver.exe (MAGIX AG)
MsConfig - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
MsConfig - StartUpReg: TVBroadcast - hkey= - key= - C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UIExec - hkey= - key= - C:\Program Files\T-Mobile Internet Manager 03\UIExec.exe ()
MsConfig - StartUpReg: Voobly - hkey= - key= - C:\Program Files\Voobly\voobly.exe (Voobly)
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.mjpg - C:\Windows\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.26 21:28:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.09.23 16:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011.09.23 16:27:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.09.23 16:05:34 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Medion\Desktop\OTL.exe
[2011.09.23 15:59:02 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\Last.fm
[2011.09.23 13:59:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.09.23 01:45:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.09.22 22:30:03 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Malwarebytes
[2011.09.22 22:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.22 22:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.22 22:29:22 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.09.22 22:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.09.22 18:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acoustica
[2011.09.19 23:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011.09.19 23:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2011.09.19 18:02:28 | 000,000,000 | ---D | C] -- C:\Presets
[2011.09.09 13:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2011.09.09 11:28:03 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2011.09.09 11:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2011.09.09 11:28:02 | 000,000,000 | ---D | C] -- C:\Program Files\OpenVPN
[2011.09.09 11:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudNet VPN
[2011.09.09 11:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\StudNetVPN
[2010.11.03 12:33:35 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Medion\AppData\Roaming\MinecraftSP.exe
[2008.02.26 06:02:49 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008.02.26 06:02:49 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.27 15:45:00 | 000,000,398 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{25CA6DC1-5E6A-46B1-AD9E-5E9475A14DD7}.job
[2011.09.27 15:42:06 | 000,699,828 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.27 15:42:06 | 000,655,950 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.27 15:42:06 | 000,157,120 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.27 15:42:06 | 000,128,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.27 15:31:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.27 15:31:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.27 15:31:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.27 15:30:23 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.27 10:35:16 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.09.27 04:56:47 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.09.27 04:51:20 | 000,002,920 | ---- | M] () -- C:\{18CC6016-540A-4F10-8F1F-45C91498F832}
[2011.09.27 04:51:20 | 000,002,560 | ---- | M] () -- C:\{987D9EEF-443E-4A10-8478-97161E7EC3B9}
[2011.09.23 12:32:02 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Medion\Desktop\OTL.exe
[2011.09.22 18:00:21 | 002,346,544 | ---- | M] () -- C:\{5D14BB32-4E55-4DD5-A0B8-3ADD8AE89518}
[2011.09.22 17:47:49 | 002,346,544 | ---- | M] () -- C:\{BD7FBB4B-7CC9-4FF1-A21C-52496DE0381E}
[2011.09.22 14:56:57 | 002,346,544 | ---- | M] () -- C:\{B65097C1-A62D-42BA-B792-66E77B70A3E1}
[2011.09.22 11:10:54 | 002,346,544 | ---- | M] () -- C:\{E8AE16E7-F81E-4F17-83D8-BC124BAF1CD1}
[2011.09.22 00:25:37 | 002,346,544 | ---- | M] () -- C:\{8DD6C5FD-D7C2-4B17-ADE4-081DD5AB5044}
[2011.09.21 10:59:55 | 002,346,544 | ---- | M] () -- C:\{47112D9B-323B-433E-BA72-E6F2A0C022C0}
[2011.09.21 03:00:19 | 002,346,544 | ---- | M] () -- C:\{10DC8378-D7AE-41A6-8DD4-A0CD69B8B4CA}
[2011.09.21 02:42:19 | 002,346,544 | ---- | M] () -- C:\{BB98470C-2366-4D8B-8042-9C4C4DE0FFCF}
[2011.09.20 16:08:58 | 002,346,544 | ---- | M] () -- C:\{86C8013B-4CA8-4C10-9456-BDE3EE40485F}
[2011.09.20 11:59:10 | 002,346,544 | ---- | M] () -- C:\{44FDFD56-860F-4649-8EE3-DCAE823538FD}
[2011.09.20 03:00:54 | 002,346,544 | ---- | M] () -- C:\{176CE8A8-E2DE-4C5D-94FC-1A2CE21334C1}
[2011.09.19 18:25:10 | 002,346,544 | ---- | M] () -- C:\{B0B584F9-0D5F-464B-BE4B-CF667ADEE603}
[2011.09.19 15:29:52 | 002,346,544 | ---- | M] () -- C:\{49300480-47BE-41C6-88B4-740AB4D64AB8}
[2011.09.19 11:10:32 | 002,346,544 | ---- | M] () -- C:\{B22610C3-B986-4A8F-830C-F987341EC9AA}
[2011.09.18 20:47:39 | 002,346,544 | ---- | M] () -- C:\{FE4816F8-4689-4A0A-886F-4C1B6958F5E9}
[2011.09.18 15:37:42 | 002,346,544 | ---- | M] () -- C:\{D5DA34A5-E181-4687-A010-AD1AC82DEF5B}
[2011.09.17 23:54:52 | 002,346,544 | ---- | M] () -- C:\{9F19F850-7F7A-4D6D-9B91-75422EBA02F5}
[2011.09.17 03:00:27 | 002,346,544 | ---- | M] () -- C:\{3D5744BB-B49F-4ACA-B210-900EE840622B}
[2011.09.16 16:17:12 | 002,346,544 | ---- | M] () -- C:\{881F07F3-9DAE-4BCD-9E3D-83DEE0817C8F}
[2011.09.15 20:21:45 | 002,346,544 | ---- | M] () -- C:\{B7FAA56B-AF53-48B2-AAA5-DA481A139B6E}
[2011.09.15 02:03:39 | 462,240,570 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.09.09 11:28:52 | 000,000,922 | ---- | M] () -- C:\Users\Medion\Desktop\OpenVPN GUI.lnk
[2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2011.09.27 04:51:20 | 000,002,920 | ---- | C] () -- C:\{18CC6016-540A-4F10-8F1F-45C91498F832}
[2011.09.27 04:51:20 | 000,002,560 | ---- | C] () -- C:\{987D9EEF-443E-4A10-8478-97161E7EC3B9}
[2011.09.23 16:29:14 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011.09.22 18:00:21 | 002,346,544 | ---- | C] () -- C:\{5D14BB32-4E55-4DD5-A0B8-3ADD8AE89518}
[2011.09.22 17:47:49 | 002,346,544 | ---- | C] () -- C:\{BD7FBB4B-7CC9-4FF1-A21C-52496DE0381E}
[2011.09.22 14:56:57 | 002,346,544 | ---- | C] () -- C:\{B65097C1-A62D-42BA-B792-66E77B70A3E1}
[2011.09.22 11:10:53 | 002,346,544 | ---- | C] () -- C:\{E8AE16E7-F81E-4F17-83D8-BC124BAF1CD1}
[2011.09.22 00:25:37 | 002,346,544 | ---- | C] () -- C:\{8DD6C5FD-D7C2-4B17-ADE4-081DD5AB5044}
[2011.09.21 10:59:53 | 002,346,544 | ---- | C] () -- C:\{47112D9B-323B-433E-BA72-E6F2A0C022C0}
[2011.09.21 03:00:18 | 002,346,544 | ---- | C] () -- C:\{10DC8378-D7AE-41A6-8DD4-A0CD69B8B4CA}
[2011.09.21 02:42:19 | 002,346,544 | ---- | C] () -- C:\{BB98470C-2366-4D8B-8042-9C4C4DE0FFCF}
[2011.09.20 16:08:57 | 002,346,544 | ---- | C] () -- C:\{86C8013B-4CA8-4C10-9456-BDE3EE40485F}
[2011.09.20 11:59:08 | 002,346,544 | ---- | C] () -- C:\{44FDFD56-860F-4649-8EE3-DCAE823538FD}
[2011.09.20 03:00:54 | 002,346,544 | ---- | C] () -- C:\{176CE8A8-E2DE-4C5D-94FC-1A2CE21334C1}
[2011.09.19 18:25:10 | 002,346,544 | ---- | C] () -- C:\{B0B584F9-0D5F-464B-BE4B-CF667ADEE603}
[2011.09.19 15:29:52 | 002,346,544 | ---- | C] () -- C:\{49300480-47BE-41C6-88B4-740AB4D64AB8}
[2011.09.19 11:10:32 | 002,346,544 | ---- | C] () -- C:\{B22610C3-B986-4A8F-830C-F987341EC9AA}
[2011.09.18 20:47:39 | 002,346,544 | ---- | C] () -- C:\{FE4816F8-4689-4A0A-886F-4C1B6958F5E9}
[2011.09.18 15:37:41 | 002,346,544 | ---- | C] () -- C:\{D5DA34A5-E181-4687-A010-AD1AC82DEF5B}
[2011.09.17 23:54:52 | 002,346,544 | ---- | C] () -- C:\{9F19F850-7F7A-4D6D-9B91-75422EBA02F5}
[2011.09.17 03:00:27 | 002,346,544 | ---- | C] () -- C:\{3D5744BB-B49F-4ACA-B210-900EE840622B}
[2011.09.16 16:17:12 | 002,346,544 | ---- | C] () -- C:\{881F07F3-9DAE-4BCD-9E3D-83DEE0817C8F}
[2011.09.15 20:21:45 | 002,346,544 | ---- | C] () -- C:\{B7FAA56B-AF53-48B2-AAA5-DA481A139B6E}
[2011.09.09 11:28:52 | 000,000,922 | ---- | C] () -- C:\Users\Medion\Desktop\OpenVPN GUI.lnk
[2011.09.08 00:15:49 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2011.06.29 19:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2011.06.29 19:26:18 | 000,000,175 | ---- | C] () -- C:\Windows\System32\AddPort.ini
[2011.06.29 19:21:56 | 000,000,763 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2011.05.14 18:59:50 | 000,000,076 | RHS- | C] () -- C:\Windows\ICMET20.BIN
[2011.04.21 16:21:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.04.21 16:21:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.04.21 16:19:54 | 000,000,680 | ---- | C] () -- C:\Users\Medion\AppData\Local\d3d9caps.dat
[2011.03.22 01:25:58 | 000,093,673 | ---- | C] () -- C:\Users\Medion\AppData\Roaming\Uninstal.exe
[2011.03.14 20:22:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.12 20:42:35 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.02.05 04:55:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.01.24 15:03:48 | 000,002,240 | ---- | C] () -- C:\Windows\LENDIG.sys
[2011.01.13 12:59:32 | 000,027,934 | ---- | C] () -- C:\Users\Medion\AppData\Roaming\nvModes.001
[2011.01.13 12:58:15 | 000,027,934 | ---- | C] () -- C:\Users\Medion\AppData\Roaming\nvModes.dat
[2011.01.13 12:03:45 | 000,000,094 | ---- | C] () -- C:\Users\Medion\AppData\Local\fusioncache.dat
[2010.06.18 13:40:28 | 000,180,224 | ---- | C] () -- C:\Windows\System32\hpputoar.dll
[2010.03.01 15:11:42 | 001,743,872 | ---- | C] () -- C:\Windows\System32\libsndfile-1.dll
[2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008.02.29 09:56:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.02.29 09:56:57 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.02.29 07:19:08 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2008.02.29 07:19:07 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2008.02.26 07:59:51 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2008.02.26 06:21:05 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.02.26 06:07:07 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2008.02.26 06:03:25 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2008.02.26 06:02:49 | 001,749,760 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.02.26 06:02:49 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008.02.26 06:02:49 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008.02.26 06:02:49 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008.02.08 16:34:02 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2008.02.08 16:33:25 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.02.07 10:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll
[2008.01.21 09:15:58 | 000,699,828 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,157,120 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.12.04 14:55:36 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007.01.26 02:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
[2007.01.26 02:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,406,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,655,950 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,128,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.07.07 04:00:00 | 000,003,399 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini
[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2011.03.22 01:29:42 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\.minecraft
[2011.04.21 17:22:49 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Acronis
[2011.02.21 20:05:01 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\avidemux
[2011.06.10 17:41:53 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\DAEMON Tools Lite
[2011.08.02 01:30:32 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\DVDVideoSoft
[2011.01.24 01:14:55 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.21 17:34:15 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\E4EED61A-4645-4A4C-A3C5-CAA32DE052ED
[2011.04.21 16:47:12 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\FMZilla
[2011.05.14 19:02:51 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\MAGIX
[2011.01.24 00:47:39 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Opera
[2011.02.09 00:35:52 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Program Files
[2011.04.23 03:32:01 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Sincell
[2011.08.12 21:05:08 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Tific
[2011.09.27 04:56:49 | 000,032,526 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.09.27 15:45:00 | 000,000,398 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{25CA6DC1-5E6A-46B1-AD9E-5E9475A14DD7}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.03.22 01:29:42 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\.minecraft
[2011.04.21 17:22:49 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Acronis
[2011.02.20 03:13:25 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Adobe
[2011.02.21 20:05:01 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\avidemux
[2011.06.10 17:41:53 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\DAEMON Tools Lite
[2011.08.02 01:30:32 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\DVDVideoSoft
[2011.01.24 01:14:55 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.21 17:34:15 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\E4EED61A-4645-4A4C-A3C5-CAA32DE052ED
[2011.04.21 16:47:12 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\FMZilla
[2011.01.13 12:03:23 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Identities
[2011.05.14 18:55:53 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\InstallShield
[2011.01.24 00:47:44 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Macromedia
[2011.05.14 19:02:51 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\MAGIX
[2011.09.22 22:30:03 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Media Center Programs
[2011.09.23 01:42:00 | 000,000,000 | --SD | M] -- C:\Users\Medion\AppData\Roaming\Microsoft
[2011.04.09 21:57:06 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Mozilla
[2011.01.21 17:17:41 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Nero
[2011.01.24 00:47:39 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Opera
[2011.02.09 00:35:52 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Program Files
[2011.04.23 03:32:01 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Sincell
[2011.09.19 23:01:43 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Skype
[2011.08.12 21:05:08 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Tific
[2011.04.21 16:54:16 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2010.10.20 16:00:02 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Medion\AppData\Roaming\MinecraftSP.exe
[2011.03.22 01:26:01 | 000,093,673 | ---- | M] () -- C:\Users\Medion\AppData\Roaming\Uninstal.exe
[2011.01.28 17:46:10 | 000,004,286 | R--- | M] () -- C:\Users\Medion\AppData\Roaming\Microsoft\Installer\{271A659B-A7D3-405E-AE31-3086133BE0B7}\ARPPRODUCTICON.exe
[2010.04.09 08:47:44 | 023,614,976 | ---- | M] (Yellow Tools) -- C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\yellow tools Independence Free 2.5\Independence Free.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 23:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2007.09.30 00:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007.09.30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007.09.30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2008.01.21 04:24:11 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvbvm60.dll

< End of report >

v1xt3 · 27.09.2011, 12:30

Erstmal das Log von Malwarebyts:

Code:

ATTFilter

04:45:53	Nico	MESSAGE	Protection started successfully
04:45:57	Nico	MESSAGE	IP Protection started successfully
04:46:46	Nico	DETECTION	C:\USERS\NICO\APPDATA\LOCAL\TEMP\RUNDLL32 .EXE	Trojan.Agent	QUARANTINE
04:46:51	Nico	ERROR	Scheduled update failed:  No address found failed with error code 11004
15:34:55	Nico	MESSAGE	Protection started successfully
15:34:59	Nico	MESSAGE	IP Protection started successfully

OTL-Log

Code:

ATTFilter

OTL logfile created on: 27.09.2011 15:40:55 - Run 2
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\Nico\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,45% Memory free
6,19 Gb Paging File | 5,05 Gb Available in Paging File | 81,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 394,35 Gb Total Space | 57,70 Gb Free Space | 14,63% Space Free | Partition Type: NTFS
Drive D: | 71,39 Gb Total Space | 58,31 Gb Free Space | 81,68% Space Free | Partition Type: FAT32
 
Computer Name: MEDION-PC | User Name: Medion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.23 12:32:02 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Nico\Desktop\OTL.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011.01.07 22:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.06.29 15:15:18 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2009.04.10 23:28:16 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.10 23:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.30 12:34:36 | 000,241,664 | ---- | M] () -- C:\Programme\T-Mobile Internet Manager 03\AssistantServices.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.12.17 12:02:28 | 004,718,592 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.12.04 15:13:34 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007.12.04 15:13:34 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.11.02 13:35:42 | 002,564,096 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe
PRC - [2007.11.02 13:31:24 | 000,069,632 | ---- | M] () -- C:\Programme\Softex\OmniPass\opvapp.exe
PRC - [2007.11.02 13:31:08 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Programme\Softex\OmniPass\OmniServ.exe
PRC - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 16:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.09.11 16:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe
PRC - [2007.09.07 10:26:54 | 000,086,016 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\WButton.exe
PRC - [2007.09.06 12:23:36 | 000,188,416 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2007.09.01 15:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
PRC - [2007.08.31 12:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2007.04.19 13:11:08 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Programme\Medion\MEDIONbox\Program\GCS.exe
PRC - [2007.04.19 13:11:06 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe
PRC - [2006.12.26 12:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe
PRC - [2006.10.05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.28 23:19:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2007.12.04 15:07:28 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.12.04 14:55:36 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2007.11.02 13:36:16 | 000,048,208 | ---- | M] () -- C:\Programme\Softex\OmniPass\hdddrv.dll
MOD - [2007.11.02 13:35:42 | 002,564,096 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe
MOD - [2007.11.02 13:28:16 | 000,434,176 | ---- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll
MOD - [2007.11.02 13:28:04 | 001,077,248 | ---- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll
MOD - [2007.11.02 13:27:48 | 000,532,480 | ---- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll
MOD - [2007.11.02 13:27:40 | 000,061,440 | ---- | M] () -- C:\Programme\Softex\OmniPass\scuredll.dll
MOD - [2007.11.02 13:27:38 | 000,065,536 | ---- | M] () -- C:\Programme\Softex\OmniPass\opfsdll.dll
MOD - [2007.11.02 13:27:28 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll
MOD - [2007.11.02 13:27:26 | 000,013,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll
MOD - [2007.09.01 15:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.04.21 17:34:13 | 003,246,040 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.12.15 18:59:28 | 000,031,744 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010.12.06 07:55:30 | 000,805,032 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.03.30 12:34:36 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Programme\T-Mobile Internet Manager 03\AssistantServices.exe -- (UI Assistant Service)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.02 13:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.09.11 16:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2007.08.16 11:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Disabled | Stopped] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2007.04.19 13:11:06 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [Disabled | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006.10.05 13:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Running] --  -- (ALSysIO)
DRV - [2011.09.09 19:44:06 | 000,816,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110909.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.08.23 00:17:32 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110922.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011.08.04 11:15:31 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110922.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2011.08.04 11:15:31 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110922.017\NAVENG.SYS -- (NAVENG)
DRV - [2011.07.31 21:41:20 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011.07.31 21:41:20 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.07.08 17:17:22 | 000,091,216 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TotRec8.sys -- (TotRec8)
DRV - [2011.06.10 17:17:10 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.05.11 20:38:10 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.04.21 17:34:15 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2011.04.21 17:34:08 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV - [2011.04.21 17:34:05 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2011.03.31 05:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011.03.31 05:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011.03.22 02:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011.03.15 04:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011.01.27 08:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011.01.27 07:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2011.01.24 22:53:55 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2011.01.08 05:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.12.15 18:59:28 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.08.04 14:15:36 | 000,033,736 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ymidusbw.sys -- (YMIDUSBW) Yamaha USB-MIDI Driver (WDM)
DRV - [2009.02.05 18:39:08 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2009.02.05 18:39:00 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2009.02.05 18:38:24 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3531.sys -- (Si3531)
DRV - [2009.01.12 10:12:56 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.01.04 18:29:50 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.01.04 18:29:50 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008.12.11 23:11:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2008.10.29 17:35:32 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2007.08.28 16:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007.08.22 20:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007.07.31 12:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007.07.27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10)
DRV - [2007.07.27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10)
DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.28 16:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.17 11:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2003.04.28 12:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.0.8
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011.08.24 12:53:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_1_3 [2011.09.27 15:31:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile Internet Manager 03\addon [2011.02.09 00:35:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.21 17:18:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.23 16:29:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.03.19 00:21:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.04.09 21:57:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Medion\AppData\Roaming\mozilla\Extensions
[2011.08.02 01:30:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\c2m6u1c9.default\extensions
[2011.04.21 16:49:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\c2m6u1c9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.02 01:30:16 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\c2m6u1c9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.07.13 03:23:04 | 000,002,443 | ---- | M] () -- C:\Users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\c2m6u1c9.default\searchplugins\safesearch.xml
[2011.08.23 03:37:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.09.19 23:02:06 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.01.25 13:18:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.05.06 16:06:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2011.01.25 13:18:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.05.06 16:06:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN_2011_7_0_8
[2011.08.24 12:53:41 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN
[2011.08.12 08:13:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.08.12 06:19:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.12 06:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.08.12 06:19:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.12 06:19:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.12 06:19:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.12 06:19:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.09.27 10:35:16 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll File not found
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.130 192.168.1.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F118D1DF-4D6E-4617-AE45-683E52CBFD45}: DhcpNameServer = 192.168.1.130 192.168.1.10
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Medion^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Free Music Zilla.lnk - C:\Programme\Free Music Zilla\FMZilla.exe - ()
MsConfig - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: SAOB Monitor - hkey= - key= - C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: TrayServer - hkey= - key= - C:\Programme\MAGIX\Video_deluxe_2008_PLUS\Trayserver.exe (MAGIX AG)
MsConfig - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
MsConfig - StartUpReg: TVBroadcast - hkey= - key= - C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UIExec - hkey= - key= - C:\Program Files\T-Mobile Internet Manager 03\UIExec.exe ()
MsConfig - StartUpReg: Voobly - hkey= - key= - C:\Program Files\Voobly\voobly.exe (Voobly)
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.mjpg - C:\Windows\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.26 21:28:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.09.23 16:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011.09.23 16:27:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.09.23 16:05:34 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Medion\Desktop\OTL.exe
[2011.09.23 15:59:02 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\Last.fm
[2011.09.23 13:59:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.09.23 01:45:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.09.22 22:30:03 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Malwarebytes
[2011.09.22 22:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.22 22:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.22 22:29:22 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.09.22 22:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.09.22 18:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acoustica
[2011.09.19 23:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011.09.19 23:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2011.09.19 18:02:28 | 000,000,000 | ---D | C] -- C:\Presets
[2011.09.09 13:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2011.09.09 11:28:03 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2011.09.09 11:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2011.09.09 11:28:02 | 000,000,000 | ---D | C] -- C:\Program Files\OpenVPN
[2011.09.09 11:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudNet VPN
[2011.09.09 11:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\StudNetVPN
[2010.11.03 12:33:35 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Medion\AppData\Roaming\MinecraftSP.exe
[2008.02.26 06:02:49 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008.02.26 06:02:49 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.27 15:45:00 | 000,000,398 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{25CA6DC1-5E6A-46B1-AD9E-5E9475A14DD7}.job
[2011.09.27 15:42:06 | 000,699,828 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.27 15:42:06 | 000,655,950 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.27 15:42:06 | 000,157,120 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.27 15:42:06 | 000,128,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.27 15:31:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.27 15:31:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.27 15:31:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.27 15:30:23 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.27 10:35:16 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.09.27 04:56:47 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.09.27 04:51:20 | 000,002,920 | ---- | M] () -- C:\{18CC6016-540A-4F10-8F1F-45C91498F832}
[2011.09.27 04:51:20 | 000,002,560 | ---- | M] () -- C:\{987D9EEF-443E-4A10-8478-97161E7EC3B9}
[2011.09.23 12:32:02 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Medion\Desktop\OTL.exe
[2011.09.22 18:00:21 | 002,346,544 | ---- | M] () -- C:\{5D14BB32-4E55-4DD5-A0B8-3ADD8AE89518}
[2011.09.22 17:47:49 | 002,346,544 | ---- | M] () -- C:\{BD7FBB4B-7CC9-4FF1-A21C-52496DE0381E}
[2011.09.22 14:56:57 | 002,346,544 | ---- | M] () -- C:\{B65097C1-A62D-42BA-B792-66E77B70A3E1}
[2011.09.22 11:10:54 | 002,346,544 | ---- | M] () -- C:\{E8AE16E7-F81E-4F17-83D8-BC124BAF1CD1}
[2011.09.22 00:25:37 | 002,346,544 | ---- | M] () -- C:\{8DD6C5FD-D7C2-4B17-ADE4-081DD5AB5044}
[2011.09.21 10:59:55 | 002,346,544 | ---- | M] () -- C:\{47112D9B-323B-433E-BA72-E6F2A0C022C0}
[2011.09.21 03:00:19 | 002,346,544 | ---- | M] () -- C:\{10DC8378-D7AE-41A6-8DD4-A0CD69B8B4CA}
[2011.09.21 02:42:19 | 002,346,544 | ---- | M] () -- C:\{BB98470C-2366-4D8B-8042-9C4C4DE0FFCF}
[2011.09.20 16:08:58 | 002,346,544 | ---- | M] () -- C:\{86C8013B-4CA8-4C10-9456-BDE3EE40485F}
[2011.09.20 11:59:10 | 002,346,544 | ---- | M] () -- C:\{44FDFD56-860F-4649-8EE3-DCAE823538FD}
[2011.09.20 03:00:54 | 002,346,544 | ---- | M] () -- C:\{176CE8A8-E2DE-4C5D-94FC-1A2CE21334C1}
[2011.09.19 18:25:10 | 002,346,544 | ---- | M] () -- C:\{B0B584F9-0D5F-464B-BE4B-CF667ADEE603}
[2011.09.19 15:29:52 | 002,346,544 | ---- | M] () -- C:\{49300480-47BE-41C6-88B4-740AB4D64AB8}
[2011.09.19 11:10:32 | 002,346,544 | ---- | M] () -- C:\{B22610C3-B986-4A8F-830C-F987341EC9AA}
[2011.09.18 20:47:39 | 002,346,544 | ---- | M] () -- C:\{FE4816F8-4689-4A0A-886F-4C1B6958F5E9}
[2011.09.18 15:37:42 | 002,346,544 | ---- | M] () -- C:\{D5DA34A5-E181-4687-A010-AD1AC82DEF5B}
[2011.09.17 23:54:52 | 002,346,544 | ---- | M] () -- C:\{9F19F850-7F7A-4D6D-9B91-75422EBA02F5}
[2011.09.17 03:00:27 | 002,346,544 | ---- | M] () -- C:\{3D5744BB-B49F-4ACA-B210-900EE840622B}
[2011.09.16 16:17:12 | 002,346,544 | ---- | M] () -- C:\{881F07F3-9DAE-4BCD-9E3D-83DEE0817C8F}
[2011.09.15 20:21:45 | 002,346,544 | ---- | M] () -- C:\{B7FAA56B-AF53-48B2-AAA5-DA481A139B6E}
[2011.09.15 02:03:39 | 462,240,570 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.09.09 11:28:52 | 000,000,922 | ---- | M] () -- C:\Users\Medion\Desktop\OpenVPN GUI.lnk
[2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2011.09.27 04:51:20 | 000,002,920 | ---- | C] () -- C:\{18CC6016-540A-4F10-8F1F-45C91498F832}
[2011.09.27 04:51:20 | 000,002,560 | ---- | C] () -- C:\{987D9EEF-443E-4A10-8478-97161E7EC3B9}
[2011.09.23 16:29:14 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011.09.22 18:00:21 | 002,346,544 | ---- | C] () -- C:\{5D14BB32-4E55-4DD5-A0B8-3ADD8AE89518}
[2011.09.22 17:47:49 | 002,346,544 | ---- | C] () -- C:\{BD7FBB4B-7CC9-4FF1-A21C-52496DE0381E}
[2011.09.22 14:56:57 | 002,346,544 | ---- | C] () -- C:\{B65097C1-A62D-42BA-B792-66E77B70A3E1}
[2011.09.22 11:10:53 | 002,346,544 | ---- | C] () -- C:\{E8AE16E7-F81E-4F17-83D8-BC124BAF1CD1}
[2011.09.22 00:25:37 | 002,346,544 | ---- | C] () -- C:\{8DD6C5FD-D7C2-4B17-ADE4-081DD5AB5044}
[2011.09.21 10:59:53 | 002,346,544 | ---- | C] () -- C:\{47112D9B-323B-433E-BA72-E6F2A0C022C0}
[2011.09.21 03:00:18 | 002,346,544 | ---- | C] () -- C:\{10DC8378-D7AE-41A6-8DD4-A0CD69B8B4CA}
[2011.09.21 02:42:19 | 002,346,544 | ---- | C] () -- C:\{BB98470C-2366-4D8B-8042-9C4C4DE0FFCF}
[2011.09.20 16:08:57 | 002,346,544 | ---- | C] () -- C:\{86C8013B-4CA8-4C10-9456-BDE3EE40485F}
[2011.09.20 11:59:08 | 002,346,544 | ---- | C] () -- C:\{44FDFD56-860F-4649-8EE3-DCAE823538FD}
[2011.09.20 03:00:54 | 002,346,544 | ---- | C] () -- C:\{176CE8A8-E2DE-4C5D-94FC-1A2CE21334C1}
[2011.09.19 18:25:10 | 002,346,544 | ---- | C] () -- C:\{B0B584F9-0D5F-464B-BE4B-CF667ADEE603}
[2011.09.19 15:29:52 | 002,346,544 | ---- | C] () -- C:\{49300480-47BE-41C6-88B4-740AB4D64AB8}
[2011.09.19 11:10:32 | 002,346,544 | ---- | C] () -- C:\{B22610C3-B986-4A8F-830C-F987341EC9AA}
[2011.09.18 20:47:39 | 002,346,544 | ---- | C] () -- C:\{FE4816F8-4689-4A0A-886F-4C1B6958F5E9}
[2011.09.18 15:37:41 | 002,346,544 | ---- | C] () -- C:\{D5DA34A5-E181-4687-A010-AD1AC82DEF5B}
[2011.09.17 23:54:52 | 002,346,544 | ---- | C] () -- C:\{9F19F850-7F7A-4D6D-9B91-75422EBA02F5}
[2011.09.17 03:00:27 | 002,346,544 | ---- | C] () -- C:\{3D5744BB-B49F-4ACA-B210-900EE840622B}
[2011.09.16 16:17:12 | 002,346,544 | ---- | C] () -- C:\{881F07F3-9DAE-4BCD-9E3D-83DEE0817C8F}
[2011.09.15 20:21:45 | 002,346,544 | ---- | C] () -- C:\{B7FAA56B-AF53-48B2-AAA5-DA481A139B6E}
[2011.09.09 11:28:52 | 000,000,922 | ---- | C] () -- C:\Users\Medion\Desktop\OpenVPN GUI.lnk
[2011.09.08 00:15:49 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2011.06.29 19:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2011.06.29 19:26:18 | 000,000,175 | ---- | C] () -- C:\Windows\System32\AddPort.ini
[2011.06.29 19:21:56 | 000,000,763 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2011.05.14 18:59:50 | 000,000,076 | RHS- | C] () -- C:\Windows\ICMET20.BIN
[2011.04.21 16:21:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.04.21 16:21:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.04.21 16:19:54 | 000,000,680 | ---- | C] () -- C:\Users\Medion\AppData\Local\d3d9caps.dat
[2011.03.22 01:25:58 | 000,093,673 | ---- | C] () -- C:\Users\Medion\AppData\Roaming\Uninstal.exe
[2011.03.14 20:22:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.12 20:42:35 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.02.05 04:55:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.01.24 15:03:48 | 000,002,240 | ---- | C] () -- C:\Windows\LENDIG.sys
[2011.01.13 12:59:32 | 000,027,934 | ---- | C] () -- C:\Users\Medion\AppData\Roaming\nvModes.001
[2011.01.13 12:58:15 | 000,027,934 | ---- | C] () -- C:\Users\Medion\AppData\Roaming\nvModes.dat
[2011.01.13 12:03:45 | 000,000,094 | ---- | C] () -- C:\Users\Medion\AppData\Local\fusioncache.dat
[2010.06.18 13:40:28 | 000,180,224 | ---- | C] () -- C:\Windows\System32\hpputoar.dll
[2010.03.01 15:11:42 | 001,743,872 | ---- | C] () -- C:\Windows\System32\libsndfile-1.dll
[2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008.02.29 09:56:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.02.29 09:56:57 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.02.29 07:19:08 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2008.02.29 07:19:07 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2008.02.26 07:59:51 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2008.02.26 06:21:05 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.02.26 06:07:07 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2008.02.26 06:03:25 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2008.02.26 06:02:49 | 001,749,760 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.02.26 06:02:49 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008.02.26 06:02:49 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008.02.26 06:02:49 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008.02.08 16:34:02 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2008.02.08 16:33:25 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.02.07 10:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll
[2008.01.21 09:15:58 | 000,699,828 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,157,120 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.12.04 14:55:36 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007.01.26 02:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
[2007.01.26 02:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,406,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,655,950 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,128,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.07.07 04:00:00 | 000,003,399 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini
[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2011.03.22 01:29:42 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\.minecraft
[2011.04.21 17:22:49 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Acronis
[2011.02.21 20:05:01 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\avidemux
[2011.06.10 17:41:53 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\DAEMON Tools Lite
[2011.08.02 01:30:32 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\DVDVideoSoft
[2011.01.24 01:14:55 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.21 17:34:15 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\E4EED61A-4645-4A4C-A3C5-CAA32DE052ED
[2011.04.21 16:47:12 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\FMZilla
[2011.05.14 19:02:51 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\MAGIX
[2011.01.24 00:47:39 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Opera
[2011.02.09 00:35:52 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Program Files
[2011.04.23 03:32:01 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Sincell
[2011.08.12 21:05:08 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Tific
[2011.09.27 04:56:49 | 000,032,526 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.09.27 15:45:00 | 000,000,398 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{25CA6DC1-5E6A-46B1-AD9E-5E9475A14DD7}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.03.22 01:29:42 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\.minecraft
[2011.04.21 17:22:49 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Acronis
[2011.02.20 03:13:25 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Adobe
[2011.02.21 20:05:01 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\avidemux
[2011.06.10 17:41:53 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\DAEMON Tools Lite
[2011.08.02 01:30:32 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\DVDVideoSoft
[2011.01.24 01:14:55 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.21 17:34:15 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\E4EED61A-4645-4A4C-A3C5-CAA32DE052ED
[2011.04.21 16:47:12 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\FMZilla
[2011.01.13 12:03:23 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Identities
[2011.05.14 18:55:53 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\InstallShield
[2011.01.24 00:47:44 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Macromedia
[2011.05.14 19:02:51 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\MAGIX
[2011.09.22 22:30:03 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Media Center Programs
[2011.09.23 01:42:00 | 000,000,000 | --SD | M] -- C:\Users\Medion\AppData\Roaming\Microsoft
[2011.04.09 21:57:06 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Mozilla
[2011.01.21 17:17:41 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Nero
[2011.01.24 00:47:39 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Opera
[2011.02.09 00:35:52 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Program Files
[2011.04.23 03:32:01 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Sincell
[2011.09.19 23:01:43 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Skype
[2011.08.12 21:05:08 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Tific
[2011.04.21 16:54:16 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2010.10.20 16:00:02 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Medion\AppData\Roaming\MinecraftSP.exe
[2011.03.22 01:26:01 | 000,093,673 | ---- | M] () -- C:\Users\Medion\AppData\Roaming\Uninstal.exe
[2011.01.28 17:46:10 | 000,004,286 | R--- | M] () -- C:\Users\Medion\AppData\Roaming\Microsoft\Installer\{271A659B-A7D3-405E-AE31-3086133BE0B7}\ARPPRODUCTICON.exe
[2010.04.09 08:47:44 | 023,614,976 | ---- | M] (Yellow Tools) -- C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\yellow tools Independence Free 2.5\Independence Free.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 23:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2007.09.30 00:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007.09.30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007.09.30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2008.01.21 04:24:11 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvbvm60.dll

< End of report >

cosinus · 27.09.2011, 13:37

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

v1xt3 · 27.09.2011, 13:47

Code:

ATTFilter

17:44:55.0391 5476	============================================================
17:44:55.0391 5476	Scan started
17:44:55.0391 5476	Mode: Manual; 
17:44:55.0391 5476	============================================================
17:44:55.0687 5476	acedrv10        (553ba53445795cbc0d4f9fa37eb855a6) C:\Windows\system32\drivers\acedrv10.sys
17:44:55.0703 5476	acedrv10 - ok
17:44:55.0718 5476	acehlp10        (8ce00b6a46962a1808b19cd1dae5170c) C:\Windows\system32\drivers\acehlp10.sys
17:44:55.0718 5476	acehlp10 - ok
17:44:55.0812 5476	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:44:55.0812 5476	ACPI - ok
17:44:55.0859 5476	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
17:44:55.0859 5476	adp94xx - ok
17:44:55.0874 5476	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
17:44:55.0874 5476	adpahci - ok
17:44:55.0890 5476	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
17:44:55.0890 5476	adpu160m - ok
17:44:55.0905 5476	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
17:44:55.0905 5476	adpu320 - ok
17:44:55.0968 5476	afcdp           (53696ad8ffc5fac51949a525ff65a689) C:\Windows\system32\DRIVERS\afcdp.sys
17:44:55.0968 5476	afcdp - ok
17:44:56.0030 5476	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:44:56.0030 5476	AFD - ok
17:44:56.0108 5476	AgereSoftModem  (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
17:44:56.0108 5476	AgereSoftModem - ok
17:44:56.0202 5476	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
17:44:56.0202 5476	agp440 - ok
17:44:56.0233 5476	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:44:56.0233 5476	aic78xx - ok
17:44:56.0249 5476	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
17:44:56.0249 5476	aliide - ok
17:44:56.0342 5476	ALSysIO - ok
17:44:56.0451 5476	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
17:44:56.0451 5476	amdagp - ok
17:44:56.0498 5476	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
17:44:56.0498 5476	amdide - ok
17:44:56.0514 5476	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
17:44:56.0529 5476	AmdK7 - ok
17:44:56.0545 5476	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
17:44:56.0545 5476	AmdK8 - ok
17:44:56.0576 5476	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
17:44:56.0576 5476	arc - ok
17:44:56.0670 5476	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
17:44:56.0670 5476	arcsas - ok
17:44:57.0013 5476	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:44:57.0013 5476	AsyncMac - ok
17:44:57.0107 5476	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:44:57.0107 5476	atapi - ok
17:44:57.0138 5476	ATSWPDRV        (69e65a2ce11619f0c868967ca9540b80) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
17:44:57.0138 5476	ATSWPDRV - ok
17:44:57.0185 5476	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:44:57.0185 5476	Beep - ok
17:44:57.0294 5476	BHDrvx86        (09b8897ac84c49beabea75cf9fe1ab45) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110909.001\BHDrvx86.sys
17:44:57.0309 5476	BHDrvx86 - ok
17:44:57.0356 5476	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
17:44:57.0356 5476	blbdrive - ok
17:44:57.0403 5476	BMLoad          (d002033c1a37f6af51b5f0ba6d0211bc) C:\Windows\system32\drivers\BMLoad.sys
17:44:57.0403 5476	BMLoad - ok
17:44:57.0450 5476	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:44:57.0450 5476	bowser - ok
17:44:57.0465 5476	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:44:57.0465 5476	BrFiltLo - ok
17:44:57.0481 5476	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:44:57.0481 5476	BrFiltUp - ok
17:44:57.0528 5476	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:44:57.0528 5476	Brserid - ok
17:44:57.0543 5476	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:44:57.0543 5476	BrSerWdm - ok
17:44:57.0559 5476	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:44:57.0559 5476	BrUsbMdm - ok
17:44:57.0559 5476	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:44:57.0559 5476	BrUsbSer - ok
17:44:57.0606 5476	BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
17:44:57.0606 5476	BthEnum - ok
17:44:57.0621 5476	BTHMODEM        (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
17:44:57.0621 5476	BTHMODEM - ok
17:44:57.0668 5476	BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
17:44:57.0668 5476	BthPan - ok
17:44:57.0777 5476	BTHPORT         (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
17:44:57.0777 5476	BTHPORT - ok
17:44:57.0840 5476	BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
17:44:57.0840 5476	BTHUSB - ok
17:44:57.0871 5476	btwaudio        (99aeea7cefdfc6e4151a8f620d682088) C:\Windows\system32\drivers\btwaudio.sys
17:44:57.0871 5476	btwaudio - ok
17:44:57.0887 5476	btwavdt         (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
17:44:57.0902 5476	btwavdt - ok
17:44:57.0902 5476	btwrchid        (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
17:44:57.0918 5476	btwrchid - ok
17:44:57.0949 5476	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:44:57.0949 5476	cdfs - ok
17:44:57.0980 5476	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:44:57.0980 5476	cdrom - ok
17:44:58.0027 5476	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
17:44:58.0027 5476	circlass - ok
17:44:58.0058 5476	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:44:58.0058 5476	CLFS - ok
17:44:58.0105 5476	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
17:44:58.0105 5476	CmBatt - ok
17:44:58.0105 5476	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
17:44:58.0105 5476	cmdide - ok
17:44:58.0121 5476	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
17:44:58.0121 5476	Compbatt - ok
17:44:58.0152 5476	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
17:44:58.0152 5476	crcdisk - ok
17:44:58.0167 5476	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
17:44:58.0167 5476	Crusoe - ok
17:44:58.0261 5476	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:44:58.0261 5476	DfsC - ok
17:44:58.0339 5476	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:44:58.0339 5476	disk - ok
17:44:58.0401 5476	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:44:58.0401 5476	drmkaud - ok
17:44:58.0433 5476	dtsoftbus01     (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:44:58.0433 5476	dtsoftbus01 - ok
17:44:58.0495 5476	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:44:58.0495 5476	DXGKrnl - ok
17:44:58.0526 5476	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:44:58.0526 5476	E1G60 - ok
17:44:58.0557 5476	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:44:58.0573 5476	Ecache - ok
17:44:58.0651 5476	eeCtrl          (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:44:58.0651 5476	eeCtrl - ok
17:44:58.0729 5476	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
17:44:58.0729 5476	elxstor - ok
17:44:58.0776 5476	EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:44:58.0776 5476	EraserUtilRebootDrv - ok
17:44:58.0791 5476	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
17:44:58.0791 5476	ErrDev - ok
17:44:58.0854 5476	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:44:58.0854 5476	exfat - ok
17:44:58.0901 5476	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:44:58.0901 5476	fastfat - ok
17:44:58.0947 5476	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
17:44:58.0947 5476	fdc - ok
17:44:58.0979 5476	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:44:58.0979 5476	FileInfo - ok
17:44:58.0994 5476	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:44:58.0994 5476	Filetrace - ok
17:44:59.0025 5476	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:44:59.0025 5476	flpydisk - ok
17:44:59.0088 5476	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:44:59.0088 5476	FltMgr - ok
17:44:59.0119 5476	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:44:59.0119 5476	Fs_Rec - ok
17:44:59.0150 5476	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
17:44:59.0150 5476	gagp30kx - ok
17:44:59.0228 5476	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:44:59.0228 5476	HdAudAddService - ok
17:44:59.0322 5476	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:44:59.0322 5476	HDAudBus - ok
17:44:59.0369 5476	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:44:59.0369 5476	HidBth - ok
17:44:59.0384 5476	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:44:59.0384 5476	HidIr - ok
17:44:59.0447 5476	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:44:59.0447 5476	HidUsb - ok
17:44:59.0478 5476	Hotkey          (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys
17:44:59.0478 5476	Hotkey - ok
17:44:59.0493 5476	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
17:44:59.0493 5476	HpCISSs - ok
17:44:59.0540 5476	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:44:59.0540 5476	HTTP - ok
17:44:59.0540 5476	HWiNFO32 - ok
17:44:59.0556 5476	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
17:44:59.0556 5476	i2omp - ok
17:44:59.0571 5476	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:44:59.0571 5476	i8042prt - ok
17:44:59.0649 5476	iaStor          (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
17:44:59.0649 5476	iaStor - ok
17:44:59.0681 5476	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
17:44:59.0681 5476	iaStorV - ok
17:44:59.0759 5476	IDSVix86        (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110922.030\IDSvix86.sys
17:44:59.0759 5476	IDSVix86 - ok
17:44:59.0774 5476	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:44:59.0774 5476	iirsp - ok
17:44:59.0852 5476	IntcAzAudAddService (a82c70cbaec7b10e4c9c1341d729640f) C:\Windows\system32\drivers\RTKVHDA.sys
17:44:59.0868 5476	IntcAzAudAddService - ok
17:44:59.0930 5476	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
17:44:59.0930 5476	intelide - ok
17:44:59.0946 5476	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:44:59.0946 5476	intelppm - ok
17:44:59.0961 5476	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:44:59.0961 5476	IpFilterDriver - ok
17:44:59.0977 5476	IpInIp - ok
17:45:00.0024 5476	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
17:45:00.0024 5476	IPMIDRV - ok
17:45:00.0039 5476	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:45:00.0039 5476	IPNAT - ok
17:45:00.0055 5476	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:45:00.0055 5476	IRENUM - ok
17:45:00.0071 5476	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
17:45:00.0071 5476	isapnp - ok
17:45:00.0133 5476	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:45:00.0133 5476	iScsiPrt - ok
17:45:00.0149 5476	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:45:00.0149 5476	iteatapi - ok
17:45:00.0180 5476	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:45:00.0180 5476	iteraid - ok
17:45:00.0211 5476	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:45:00.0211 5476	kbdclass - ok
17:45:00.0227 5476	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
17:45:00.0227 5476	kbdhid - ok
17:45:00.0258 5476	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
17:45:00.0258 5476	KSecDD - ok
17:45:00.0351 5476	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:45:00.0351 5476	lltdio - ok
17:45:00.0414 5476	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
17:45:00.0414 5476	LSI_FC - ok
17:45:00.0429 5476	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
17:45:00.0429 5476	LSI_SAS - ok
17:45:00.0445 5476	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
17:45:00.0445 5476	LSI_SCSI - ok
17:45:00.0461 5476	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:45:00.0461 5476	luafv - ok
17:45:00.0507 5476	massfilter      (f0435fe3c1ec2659d2bbf073ca0752ee) C:\Windows\system32\drivers\massfilter.sys
17:45:00.0507 5476	massfilter - ok
17:45:00.0523 5476	MBAMProtector   (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
17:45:00.0523 5476	MBAMProtector - ok
17:45:00.0601 5476	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
17:45:00.0601 5476	megasas - ok
17:45:00.0632 5476	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
17:45:00.0632 5476	MegaSR - ok
17:45:00.0663 5476	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:45:00.0663 5476	Modem - ok
17:45:00.0679 5476	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:45:00.0679 5476	monitor - ok
17:45:00.0710 5476	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:45:00.0710 5476	mouclass - ok
17:45:00.0726 5476	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:45:00.0726 5476	mouhid - ok
17:45:00.0757 5476	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:45:00.0757 5476	MountMgr - ok
17:45:00.0773 5476	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
17:45:00.0773 5476	mpio - ok
17:45:00.0819 5476	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:45:00.0819 5476	mpsdrv - ok
17:45:00.0851 5476	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:45:00.0851 5476	Mraid35x - ok
17:45:00.0866 5476	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:45:00.0866 5476	MRxDAV - ok
17:45:00.0929 5476	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:45:00.0929 5476	mrxsmb - ok
17:45:00.0975 5476	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:45:00.0975 5476	mrxsmb10 - ok
17:45:00.0991 5476	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:45:00.0991 5476	mrxsmb20 - ok
17:45:01.0069 5476	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
17:45:01.0069 5476	msahci - ok
17:45:01.0069 5476	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
17:45:01.0085 5476	msdsm - ok
17:45:01.0116 5476	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:45:01.0116 5476	Msfs - ok
17:45:01.0131 5476	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:45:01.0131 5476	msisadrv - ok
17:45:01.0147 5476	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:45:01.0147 5476	MSKSSRV - ok
17:45:01.0194 5476	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:45:01.0194 5476	MSPCLOCK - ok
17:45:01.0209 5476	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:45:01.0209 5476	MSPQM - ok
17:45:01.0272 5476	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:45:01.0287 5476	MsRPC - ok
17:45:01.0319 5476	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:45:01.0319 5476	mssmbios - ok
17:45:01.0334 5476	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:45:01.0334 5476	MSTEE - ok
17:45:01.0381 5476	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:45:01.0381 5476	Mup - ok
17:45:01.0412 5476	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:45:01.0412 5476	NativeWifiP - ok
17:45:01.0475 5476	NAVENG          (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110922.017\NAVENG.SYS
17:45:01.0490 5476	NAVENG - ok
17:45:01.0599 5476	NAVEX15         (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110922.017\NAVEX15.SYS
17:45:01.0599 5476	NAVEX15 - ok
17:45:01.0677 5476	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:45:01.0677 5476	NDIS - ok
17:45:01.0709 5476	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:45:01.0724 5476	NdisTapi - ok
17:45:01.0787 5476	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:45:01.0787 5476	Ndisuio - ok
17:45:01.0833 5476	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:45:01.0833 5476	NdisWan - ok
17:45:01.0849 5476	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:45:01.0849 5476	NDProxy - ok
17:45:01.0896 5476	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:45:01.0896 5476	NetBIOS - ok
17:45:01.0958 5476	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:45:01.0974 5476	netbt - ok
17:45:02.0021 5476	netr28          (b05ffe38336193a9b988b00b230c5b80) C:\Windows\system32\DRIVERS\netr28.sys
17:45:02.0036 5476	netr28 - ok
17:45:02.0052 5476	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:45:02.0052 5476	nfrd960 - ok
17:45:02.0099 5476	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:45:02.0099 5476	Npfs - ok
17:45:02.0114 5476	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:45:02.0114 5476	nsiproxy - ok
17:45:02.0223 5476	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:45:02.0223 5476	Ntfs - ok
17:45:02.0239 5476	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:45:02.0255 5476	ntrigdigi - ok
17:45:02.0270 5476	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:45:02.0270 5476	Null - ok
17:45:02.0551 5476	nvlddmkm        (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:45:02.0629 5476	nvlddmkm - ok
17:45:02.0723 5476	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
17:45:02.0723 5476	nvraid - ok
17:45:02.0769 5476	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
17:45:02.0769 5476	nvstor - ok
17:45:02.0785 5476	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
17:45:02.0801 5476	nv_agp - ok
17:45:02.0879 5476	NwlnkFlt - ok
17:45:02.0894 5476	NwlnkFwd - ok
17:45:02.0925 5476	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
17:45:02.0925 5476	ohci1394 - ok
17:45:03.0003 5476	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:45:03.0003 5476	Parport - ok
17:45:03.0050 5476	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
17:45:03.0050 5476	partmgr - ok
17:45:03.0081 5476	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:45:03.0081 5476	Parvdm - ok
17:45:03.0128 5476	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:45:03.0128 5476	pci - ok
17:45:03.0159 5476	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
17:45:03.0159 5476	pciide - ok
17:45:03.0206 5476	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:45:03.0206 5476	pcmcia - ok
17:45:03.0269 5476	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:45:03.0284 5476	PEAUTH - ok
17:45:03.0456 5476	PhilCap         (f433b5aa6dbac3c8626eefaf134e4763) C:\Windows\system32\DRIVERS\PhilCap.sys
17:45:03.0456 5476	PhilCap - ok
17:45:03.0581 5476	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:45:03.0581 5476	PptpMiniport - ok
17:45:03.0612 5476	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
17:45:03.0612 5476	Processor - ok
17:45:03.0705 5476	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:45:03.0705 5476	PSched - ok
17:45:03.0799 5476	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
17:45:03.0815 5476	ql2300 - ok
17:45:03.0846 5476	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:45:03.0846 5476	ql40xx - ok
17:45:03.0924 5476	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:45:03.0924 5476	QWAVEdrv - ok
17:45:03.0955 5476	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:45:03.0955 5476	RasAcd - ok
17:45:04.0033 5476	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:45:04.0033 5476	Rasl2tp - ok
17:45:04.0095 5476	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:45:04.0111 5476	RasPppoe - ok
17:45:04.0127 5476	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:45:04.0127 5476	RasSstp - ok
17:45:04.0189 5476	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:45:04.0189 5476	rdbss - ok
17:45:04.0220 5476	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:45:04.0220 5476	RDPCDD - ok
17:45:04.0298 5476	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
17:45:04.0298 5476	rdpdr - ok
17:45:04.0361 5476	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:45:04.0361 5476	RDPENCDD - ok
17:45:04.0673 5476	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
17:45:04.0673 5476	RDPWD - ok
17:45:04.0766 5476	RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
17:45:04.0766 5476	RFCOMM - ok
17:45:04.0860 5476	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:45:04.0860 5476	rspndr - ok
17:45:04.0907 5476	RTL8169         (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
17:45:04.0907 5476	RTL8169 - ok
17:45:04.0969 5476	RTSTOR          (0d1c1b0de2819fe1ea25098183130b64) C:\Windows\system32\drivers\RTSTOR.SYS
17:45:04.0969 5476	RTSTOR - ok
17:45:05.0000 5476	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:45:05.0000 5476	sbp2port - ok
17:45:05.0063 5476	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:45:05.0063 5476	secdrv - ok
17:45:05.0078 5476	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:45:05.0078 5476	Serenum - ok
17:45:05.0094 5476	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:45:05.0094 5476	Serial - ok
17:45:05.0172 5476	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:45:05.0172 5476	sermouse - ok
17:45:05.0219 5476	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
17:45:05.0219 5476	sffdisk - ok
17:45:05.0234 5476	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
17:45:05.0250 5476	sffp_mmc - ok
17:45:05.0312 5476	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
17:45:05.0312 5476	sffp_sd - ok
17:45:05.0359 5476	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:45:05.0359 5476	sfloppy - ok
17:45:05.0484 5476	Si3531          (93beacc3815a4653a655c8bd7622ff63) C:\Windows\system32\DRIVERS\Si3531.sys
17:45:05.0484 5476	Si3531 - ok
17:45:05.0515 5476	SiFilter        (165448bc832d424b97270c8d1276e24a) C:\Windows\system32\DRIVERS\SiWinAcc.sys
17:45:05.0515 5476	SiFilter - ok
17:45:05.0577 5476	SiRemFil        (9be8ea3a8c7e6d47e710f6fa14b7442b) C:\Windows\system32\DRIVERS\SiRemFil.sys
17:45:05.0577 5476	SiRemFil - ok
17:45:05.0593 5476	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
17:45:05.0593 5476	sisagp - ok
17:45:05.0624 5476	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
17:45:05.0640 5476	SiSRaid2 - ok
17:45:05.0671 5476	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
17:45:05.0671 5476	SiSRaid4 - ok
17:45:05.0733 5476	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:45:05.0733 5476	Smb - ok
17:45:05.0843 5476	snapman         (eb49860e776ce860dc3cfb9edb1ba517) C:\Windows\system32\DRIVERS\snapman.sys
17:45:05.0843 5476	snapman - ok
17:45:05.0983 5476	SNP2UVC         (279c771ed7d5d6132d7fe08efc781fa4) C:\Windows\system32\DRIVERS\snp2uvc.sys
17:45:05.0999 5476	SNP2UVC - ok
17:45:06.0092 5476	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:45:06.0092 5476	spldr - ok
17:45:06.0217 5476	SRTSP           (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS
17:45:06.0233 5476	SRTSP - ok
17:45:06.0295 5476	SRTSPX          (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS
17:45:06.0295 5476	SRTSPX - ok
17:45:06.0326 5476	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:45:06.0342 5476	srv - ok
17:45:06.0435 5476	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:45:06.0435 5476	srv2 - ok
17:45:06.0529 5476	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:45:06.0529 5476	srvnet - ok
17:45:06.0623 5476	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:45:06.0623 5476	swenum - ok
17:45:06.0654 5476	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:45:06.0654 5476	Symc8xx - ok
17:45:06.0763 5476	SymDS           (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS
17:45:06.0763 5476	SymDS - ok
17:45:06.0810 5476	SymEFA          (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS
17:45:06.0825 5476	SymEFA - ok
17:45:06.0903 5476	SymEvent        (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
17:45:06.0903 5476	SymEvent - ok
17:45:06.0950 5476	SymIRON         (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS
17:45:06.0966 5476	SymIRON - ok
17:45:07.0059 5476	SYMTDIv         (5136f99a60ddbdeb1f6fd1eefc44407f) C:\Windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS
17:45:07.0075 5476	SYMTDIv - ok
17:45:07.0122 5476	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:45:07.0122 5476	Sym_hi - ok
17:45:07.0137 5476	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:45:07.0137 5476	Sym_u3 - ok
17:45:07.0184 5476	SynTP           (4c6de67ebb6c487f7690a373fcfde279) C:\Windows\system32\DRIVERS\SynTP.sys
17:45:07.0184 5476	SynTP - ok
17:45:07.0247 5476	tap0901         (5c7c939bbd03784fe58c80578d065cc9) C:\Windows\system32\DRIVERS\tap0901.sys
17:45:07.0247 5476	tap0901 - ok
17:45:07.0371 5476	Tcpip           (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
17:45:07.0371 5476	Tcpip - ok
17:45:07.0527 5476	Tcpip6          (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
17:45:07.0543 5476	Tcpip6 - ok
17:45:07.0574 5476	tcpipBM         (dcfeb82ca988598ceb8f83148616038e) C:\Windows\system32\drivers\tcpipBM.sys
17:45:07.0574 5476	tcpipBM - ok
17:45:07.0637 5476	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
17:45:07.0637 5476	tcpipreg - ok
17:45:07.0683 5476	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:45:07.0683 5476	TDPIPE - ok
17:45:07.0793 5476	tdrpman273      (431801fcc97034e04a6eff81136578d7) C:\Windows\system32\DRIVERS\tdrpm273.sys
17:45:07.0808 5476	tdrpman273 - ok
17:45:07.0871 5476	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:45:07.0871 5476	TDTCP - ok
17:45:07.0964 5476	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:45:07.0964 5476	tdx - ok
17:45:08.0011 5476	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:45:08.0011 5476	TermDD - ok
17:45:08.0120 5476	timounter       (a34d7024bb7140ec785c86bc065d4f60) C:\Windows\system32\DRIVERS\timntr.sys
17:45:08.0120 5476	timounter - ok
17:45:08.0198 5476	TotRec8         (f01029223ee59238ff193f66437d20d2) C:\Windows\system32\drivers\TotRec8.sys
17:45:08.0198 5476	TotRec8 - ok
17:45:08.0307 5476	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:45:08.0307 5476	tssecsrv - ok
17:45:08.0354 5476	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:45:08.0354 5476	tunmp - ok
17:45:08.0385 5476	tunnel          (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
17:45:08.0385 5476	tunnel - ok
17:45:08.0448 5476	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
17:45:08.0463 5476	uagp35 - ok
17:45:08.0510 5476	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:45:08.0526 5476	udfs - ok
17:45:08.0573 5476	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
17:45:08.0573 5476	uliagpkx - ok
17:45:08.0651 5476	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
17:45:08.0651 5476	uliahci - ok
17:45:08.0697 5476	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:45:08.0697 5476	UlSata - ok
17:45:08.0744 5476	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:45:08.0744 5476	ulsata2 - ok
17:45:08.0822 5476	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:45:08.0838 5476	umbus - ok
17:45:08.0900 5476	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:45:08.0900 5476	usbccgp - ok
17:45:08.0916 5476	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:45:08.0916 5476	usbcir - ok
17:45:08.0963 5476	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:45:08.0963 5476	usbehci - ok
17:45:09.0041 5476	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:45:09.0056 5476	usbhub - ok
17:45:09.0072 5476	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
17:45:09.0072 5476	usbohci - ok
17:45:09.0134 5476	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:45:09.0134 5476	usbprint - ok
17:45:09.0165 5476	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:45:09.0165 5476	USBSTOR - ok
17:45:09.0197 5476	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:45:09.0197 5476	usbuhci - ok
17:45:09.0228 5476	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
17:45:09.0228 5476	usbvideo - ok
17:45:09.0290 5476	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
17:45:09.0290 5476	vga - ok
17:45:09.0337 5476	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:45:09.0337 5476	VgaSave - ok
17:45:09.0384 5476	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
17:45:09.0384 5476	viaagp - ok
17:45:09.0446 5476	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
17:45:09.0446 5476	ViaC7 - ok
17:45:09.0462 5476	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
17:45:09.0462 5476	viaide - ok
17:45:09.0493 5476	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:45:09.0493 5476	volmgr - ok
17:45:09.0587 5476	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:45:09.0587 5476	volmgrx - ok
17:45:09.0680 5476	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:45:09.0680 5476	volsnap - ok
17:45:09.0711 5476	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
17:45:09.0711 5476	vsmraid - ok
17:45:09.0743 5476	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:45:09.0743 5476	WacomPen - ok
17:45:09.0774 5476	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:45:09.0774 5476	Wanarp - ok
17:45:09.0789 5476	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:45:09.0789 5476	Wanarpv6 - ok
17:45:09.0805 5476	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
17:45:09.0805 5476	Wd - ok
17:45:09.0914 5476	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:45:09.0914 5476	Wdf01000 - ok
17:45:10.0086 5476	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:45:10.0086 5476	WmiAcpi - ok
17:45:10.0164 5476	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:45:10.0164 5476	ws2ifsl - ok
17:45:10.0211 5476	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:45:10.0211 5476	WUDFRd - ok
17:45:10.0273 5476	X10Hid          (ab2d77bf7222b007717abb61b15f9ae2) C:\Windows\system32\Drivers\x10hid.sys
17:45:10.0273 5476	X10Hid - ok
17:45:10.0320 5476	XUIF            (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys
17:45:10.0320 5476	XUIF - ok
17:45:10.0367 5476	YMIDUSBW        (7302d07c824fa6865c648b1c9864e290) C:\Windows\system32\drivers\ymidusbw.sys
17:45:10.0367 5476	YMIDUSBW - ok
17:45:10.0460 5476	ZTEusbmdm6k     (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
17:45:10.0460 5476	ZTEusbmdm6k - ok
17:45:10.0491 5476	ZTEusbnmea      (f16ce3c7690ab7426dc96520d54a737e) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
17:45:10.0491 5476	ZTEusbnmea - ok
17:45:10.0569 5476	ZTEusbser6k     (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
17:45:10.0569 5476	ZTEusbser6k - ok
17:45:10.0601 5476	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:45:10.0601 5476	\Device\Harddisk0\DR0 - ok
17:45:10.0694 5476	Boot (0x1200)   (9b23e265281d453a000c5e021bd51e4a) \Device\Harddisk0\DR0\Partition0
17:45:10.0694 5476	\Device\Harddisk0\DR0\Partition0 - ok
17:45:10.0694 5476	Boot (0x1200)   (5c879512a4187b13c56340f1c0293e15) \Device\Harddisk0\DR0\Partition1
17:45:10.0694 5476	\Device\Harddisk0\DR0\Partition1 - ok
17:45:10.0694 5476	============================================================
17:45:10.0694 5476	Scan finished
17:45:10.0694 5476	============================================================
17:45:10.0710 5116	Detected object count: 0
17:45:10.0710 5116	Actual detected object count: 0

26.09.2011, 11:27	#22
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virus gefuden, wie löschen? Ja pber ein Live-System ist das Sichern der Daten immer eine gute Wahl. Willst du dann weitermach oder formatieren und neu installieren? __________________ Logfiles bitte immer in CODE-Tags posten

Virus gefuden, wie löschen?

Plagegeister aller Art und deren Bekämpfung: Virus gefuden, wie löschen?