alles began mit Win 7 security 2012

Martin_Oskar · 02.01.2012, 17:17

Hallo liebe Forengemeinde,

alles fing zu Weihnachten mit "Win 7 Security 2012" Befall an. Konnte mir mit dem Opera Browser Hilfe holen und unseren PC wieder zum Laufen bringen. Seit her bin ich skeptisch was die Sauberkeit des Systems anbelangt und habe daher heute von Avira auf Avast gewechselt. Das Scanergebnis ist im Anhang zu sehen.
Danach hab ich dann noch mit E-Scan einen Check gemacht. Auch poitiv angeschlagen.

Naja, und jetzt steh ich ehrlich gesagt an und möchte um eure Hilfe bitten.
Hab mit Defogger gestartet und dann OTL. Die Scan - Ergebnisse sind angehängt.

Gmer darf ich ja nicht einsetzen, da ein 64 Bitsystem bei mir läuft. (Win 7)

Ich bedanke mich schon vorab für eure Hilfe.

Viele Grüße,
Martin.

cosinus · 03.01.2012, 21:26

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Martin_Oskar · 03.01.2012, 23:00

Guten Abend Cosinus,

okay mach ich, sobald ich Zeit hab.
Zum Scan mit Malwarebytes: im abgesicherten Modus oder Win normal gestartet?
Und dann für den ESET die gleiche Frage?

Viele Grüße,
Martin.

cosinus · 04.01.2012, 17:52

Nach Möglichkeit immer den normalen Modus verwenden

Martin_Oskar · 04.01.2012, 22:49

Guten Abend Cosinus,

hat ein wenig gedauert, tagsüber waren wir nicht da.

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122204

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

22.12.2011 21:13:49
mbam-log-2011-12-22 (21-13-49).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 177138
Laufzeit: 3 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Visicom Media (Adware.KeenValue) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.04.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Cassiopeia :: CASSIOPEIA-PC [Administrator]

04.01.2012 17:27:11
mbam-log-2012-01-04 (18-14-41).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 349769
Laufzeit: 47 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\Visicom Media (Adware.KeenValue) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=fd2a7e85adbef649961d6465ee96c84a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-04 08:12:24
# local_time=2012-01-04 09:12:24 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=2049 16777214 0 5 978483 978483 0 0
# compatibility_mode=5893 16776574 100 94 1038798 77327414 0 0
# compatibility_mode=8192 67108863 100 0 1038977 1038977 0 0
# scanned=181644
# found=3
# cleaned=0
# scan_time=10380
F:\CASSIOPEIA-PC\Backup Set 2011-04-03 170207\Backup Files 2011-04-03 170207\Backup files 11.zip	a variant of Win32/SlowPCfighter application (unable to clean)	00000000000000000000000000000000	I
F:\CASSIOPEIA-PC\Backup Set 2011-04-03 170207\Backup Files 2011-04-03 170207\Backup files 9.zip	multiple threats (unable to clean)	00000000000000000000000000000000	I
F:\CASSIOPEIA-PC\Backup Set 2011-04-03 170207\Backup Files 2011-05-22 160000\Backup files 1.zip	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I

Viele Grüße,
Martin.

cosinus · 05.01.2012, 10:06

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Martin_Oskar · 05.01.2012, 10:38

Bitte sehr Cosinus,

das kam dabei raus.

Code:

ATTFilter

OTL logfile created on: 05.01.2012 10:25:32 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Cassiopeia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 69,03% Memory free
7,99 Gb Paging File | 6,64 Gb Available in Paging File | 83,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 344,99 Gb Free Space | 74,09% Space Free | Partition Type: NTFS
Drive F: | 457,95 Gb Total Space | 101,57 Gb Free Space | 22,18% Space Free | Partition Type: NTFS
 
Computer Name: CASSIOPEIA-PC | User Name: Cassiopeia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.24 14:29:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Cassiopeia\Desktop\OTL.exe
PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2010.05.20 22:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 22:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010.04.02 09:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.05.04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009.11.04 16:45:14 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.04.05 20:55:01 | 000,116,104 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009.07.20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.11.28 18:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011.11.28 18:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011.11.28 18:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011.11.28 18:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011.11.28 18:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011.11.28 18:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011.10.03 15:41:58 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 12:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.24 19:29:04 | 000,054,272 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stppp.sys -- (stppp)
DRV:64bit: - [2010.08.24 19:29:04 | 000,047,616 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\st330.sys -- (ST330)
DRV:64bit: - [2010.08.24 19:29:04 | 000,024,576 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stbus.sys -- (STBUS)
DRV:64bit: - [2010.08.16 15:31:18 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2010.08.16 15:31:16 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2010.08.11 17:37:38 | 000,150,120 | ---- | M] (VMLite, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMLiteUSB.sys -- (VMLiteUSB)
DRV:64bit: - [2009.12.02 08:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.11.04 17:17:30 | 006,088,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.08.20 17:05:06 | 000,239,616 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009.06.17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 17:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.11.11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008.11.11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2007.04.16 19:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..keyword.URL: "hxxp://www.searchqu.com/web?src=ffb&systemid=406&q="
FF - prefs.js..network.proxy.type: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.01.02 13:27:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.18 21:48:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.15 22:06:41 | 000,000,000 | ---D | M]
 
[2010.09.16 20:09:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cassiopeia\AppData\Roaming\mozilla\Extensions
[2010.08.25 19:50:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cassiopeia\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.22 21:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cassiopeia\AppData\Roaming\mozilla\Firefox\Profiles\z5rgx61s.default\extensions
[2011.11.02 12:48:28 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Cassiopeia\AppData\Roaming\mozilla\Firefox\Profiles\z5rgx61s.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.22 21:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.10.10 16:47:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.10 19:41:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.10 17:13:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.14 21:41:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.18 21:48:40 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.18 21:48:40 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.18 21:48:40 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.18 21:48:40 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.18 21:48:40 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.01.02 15:23:58 | 000,000,736 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-8287-79A187E26987} - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk = C:\Windows\Installer\{90120000-001A-0000-0000-0000000FF1CE}\outicon.exe ()
O4 - Startup: C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Cassiopeia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Cassiopeia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: blank ([]about in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB9E4593-4E2F-405E-8380-37F8AAFDCC2B}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\qttask.exe (Apple Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: hitmanpro35 - Reg Error: Value error.
SafeBootNet:64bit: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet:64bit: HitmanPro35Crusader - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: SMR250 - Service
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: HitmanPro35Crusader - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SMR250 - Service
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX:64bit: AutorunsDisabled - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: AutorunsDisabled - 
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.05 10:19:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Cassiopeia\Desktop\OTL.exe
[2012.01.04 23:11:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.01.02 15:23:30 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2012.01.02 15:23:30 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2012.01.02 15:23:30 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe
[2012.01.02 15:18:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld
[2012.01.02 10:38:50 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.01.02 10:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.01.02 10:38:49 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.01.02 10:38:43 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012.01.02 10:38:42 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.01.02 10:38:42 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.01.02 10:38:40 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.01.02 10:38:40 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.01.02 10:38:28 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.01.02 10:38:28 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.01.02 10:38:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.01.02 10:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.01.01 23:02:28 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\AppData\Roaming\Process Hacker 2
[2012.01.01 22:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
[2012.01.01 22:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2
[2011.12.31 16:19:19 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2011.12.31 16:19:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2011.12.29 20:11:49 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.12.29 20:03:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011.12.29 10:26:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011.12.28 19:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ftp-uploader
[2011.12.28 19:19:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\phase5
[2011.12.28 19:19:21 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phase 5 HTML-Editor
[2011.12.28 18:42:27 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\amaya
[2011.12.28 17:57:03 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\Documents\TagsRevisited
[2011.12.27 12:26:16 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\XMedia Recode
[2011.12.26 11:12:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.12.26 11:08:41 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011.12.26 11:02:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.12.26 11:02:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.12.26 11:02:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.12.26 11:02:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.12.26 11:02:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.12.26 10:36:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2011.12.26 10:36:09 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011.12.26 10:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.12.26 10:19:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.12.25 19:10:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Simple Adblock
[2011.12.24 19:02:41 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\AppData\Local\NPE
[2011.12.24 19:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011.12.24 15:02:11 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2011.12.24 12:57:15 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL
[2011.12.24 12:57:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe
[2011.12.24 12:57:15 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE
[2011.12.24 12:56:04 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2011.12.24 12:55:56 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2011.12.23 20:52:23 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\AppData\Roaming\BitDefender
[2011.12.23 20:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2011.12.23 20:52:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2011.12.23 20:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2011.12.23 20:51:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BitDefender
[2011.12.23 19:54:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking
[2011.12.23 18:43:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.12.22 22:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2011.12.22 22:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.12.22 22:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011.12.22 22:29:36 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011.12.22 22:24:43 | 000,230,952 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2011.12.22 22:24:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011.12.22 22:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.12.22 22:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011.12.22 22:23:42 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\AppData\Roaming\TestApp
[2011.12.22 22:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011.12.22 22:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011.12.22 21:08:10 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\AppData\Roaming\Malwarebytes
[2011.12.22 21:06:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.22 21:06:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.22 21:06:21 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.22 21:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.12.18 12:13:48 | 000,581,632 | ---- | C] (Joshua F. Madison) -- C:\Program Files (x86)\convert.exe
[2010.09.01 07:32:02 | 000,573,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesPhotoProcessor.exe
[2010.09.01 07:32:02 | 000,294,688 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesOutlookAddIn.dll
[2010.09.01 07:32:00 | 000,421,160 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
[2010.09.01 07:31:58 | 000,387,368 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesAdmin.dll
[2010.09.01 07:31:58 | 000,173,344 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.dll
[2010.09.01 07:31:54 | 009,777,448 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe
[2010.09.01 07:31:52 | 018,658,592 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.dll
[2010.09.01 07:31:50 | 000,726,304 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_sdkmanager.dll
[2010.09.01 07:31:50 | 000,259,360 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_submit.dll
[2010.09.01 07:31:50 | 000,197,920 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_musicid.dll
[2010.09.01 07:31:50 | 000,111,912 | ---- | C] (Apple Inc.) -- C:\Program Files\ITDetector.ocx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.05 10:02:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.05 09:53:16 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.05 09:53:16 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.05 09:50:26 | 001,621,084 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.05 09:50:26 | 000,700,130 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.05 09:50:26 | 000,654,842 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.05 09:50:26 | 000,148,926 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.05 09:50:26 | 000,121,714 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.05 09:45:57 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.05 09:45:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.05 09:45:38 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.04 23:23:45 | 001,597,362 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.04 20:55:31 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012.01.03 19:04:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.01.03 18:50:07 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.01.02 22:19:42 | 000,377,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.01.02 16:34:35 | 000,000,000 | ---- | M] () -- C:\Users\Cassiopeia\defogger_reenable
[2012.01.02 16:17:21 | 000,211,454 | ---- | M] () -- C:\Users\Cassiopeia\Documents\pinfect.zip
[2012.01.02 15:23:58 | 000,000,736 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.01.02 15:22:28 | 000,000,056 | ---- | M] () -- C:\Windows\Lic.xxx
[2011.12.30 10:35:04 | 000,001,470 | ---- | M] () -- C:\Users\Cassiopeia\gsview64.ini
[2011.12.29 22:31:42 | 000,439,132 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.15868362
[2011.12.29 20:11:49 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.12.29 17:13:52 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job
[2011.12.29 16:50:18 | 453,508,805 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.12.27 11:21:24 | 000,000,244 | ---- | M] () -- C:\Users\Cassiopeia\.swfinfo
[2011.12.26 11:06:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.old
[2011.12.24 15:02:11 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2011.12.24 14:29:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Cassiopeia\Desktop\OTL.exe
[2011.12.24 12:58:03 | 018,745,487 | ---- | M] () -- C:\Windows\REGBK00.ZIP
[2011.12.24 12:56:03 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2011.12.24 10:30:44 | 000,081,984 | ---- | M] () -- C:\Windows\SysNative\bdod.bin
[2011.12.24 10:30:18 | 000,000,363 | ---- | M] () -- C:\Windows\SysNative\BDUpdateV1.xml
[2011.12.24 09:46:59 | 000,000,850 | ---- | M] () -- C:\Windows\SysNative\ProductTweaks.xml
[2011.12.24 09:46:59 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml
[2011.12.22 22:29:36 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011.12.22 22:25:34 | 001,966,834 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011.12.22 22:20:39 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011.12.22 20:29:41 | 000,010,518 | -HS- | M] () -- C:\Users\Cassiopeia\AppData\Local\646hyr31lgmd1fce0lu2n3u153o0h283acbm30t411qh4
[2011.12.22 20:29:41 | 000,010,518 | -HS- | M] () -- C:\ProgramData\646hyr31lgmd1fce0lu2n3u153o0h283acbm30t411qh4
[2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.03 18:17:52 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.01.02 16:34:35 | 000,000,000 | ---- | C] () -- C:\Users\Cassiopeia\defogger_reenable
[2012.01.02 10:38:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011.12.29 16:50:18 | 453,508,805 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.12.27 11:21:24 | 000,000,244 | ---- | C] () -- C:\Users\Cassiopeia\.swfinfo
[2011.12.26 11:02:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.12.26 11:02:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.12.26 11:02:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.12.26 11:02:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.12.26 11:02:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.12.24 15:00:57 | 000,211,454 | ---- | C] () -- C:\Users\Cassiopeia\Documents\pinfect.zip
[2011.12.24 12:57:16 | 018,745,487 | ---- | C] () -- C:\Windows\REGBK00.ZIP
[2011.12.24 12:56:27 | 000,000,056 | ---- | C] () -- C:\Windows\Lic.xxx
[2011.12.24 10:29:42 | 000,000,363 | ---- | C] () -- C:\Windows\SysNative\BDUpdateV1.xml
[2011.12.24 09:59:36 | 000,081,984 | ---- | C] () -- C:\Windows\SysNative\bdod.bin
[2011.12.24 09:46:59 | 000,000,850 | ---- | C] () -- C:\Windows\SysNative\ProductTweaks.xml
[2011.12.24 09:46:59 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
[2011.12.22 22:24:47 | 001,966,834 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011.12.22 22:20:39 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011.12.22 20:14:12 | 000,010,518 | -HS- | C] () -- C:\Users\Cassiopeia\AppData\Local\646hyr31lgmd1fce0lu2n3u153o0h283acbm30t411qh4
[2011.12.22 20:14:12 | 000,010,518 | -HS- | C] () -- C:\ProgramData\646hyr31lgmd1fce0lu2n3u153o0h283acbm30t411qh4
[2011.10.29 09:13:55 | 000,000,000 | ---- | C] () -- C:\Users\Cassiopeia\AppData\Local\{17C31DA2-6021-4613-97E5-6A47257A8935}
[2011.05.21 19:12:27 | 000,000,549 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2011.01.24 20:12:14 | 000,000,042 | ---- | C] () -- C:\Windows\oodjobd.INI
[2011.01.15 13:47:55 | 000,000,107 | ---- | C] () -- C:\Windows\IfoEdit.INI
[2010.12.18 12:14:26 | 000,001,158 | ---- | C] () -- C:\Program Files (x86)\convert - Verknüpfung.lnk
[2010.10.04 19:54:49 | 000,000,038 | ---- | C] () -- C:\Windows\pbMv.INI
[2010.09.25 19:16:47 | 000,000,052 | ---- | C] () -- C:\Windows\Pex.INI
[2010.09.25 19:08:49 | 000,000,322 | ---- | C] () -- C:\Windows\Ulead32.ini
[2010.09.24 21:00:39 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.09.24 19:15:12 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.09.22 18:43:49 | 000,005,056 | ---- | C] () -- C:\ProgramData\drctchbl.xvi
[2010.09.22 18:43:49 | 000,004,110 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik
[2010.09.16 20:08:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.09.03 18:08:15 | 000,000,000 | ---- | C] () -- C:\Windows\acehtml6.ini
[2010.08.28 21:36:08 | 000,005,120 | ---- | C] () -- C:\Users\Cassiopeia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.26 19:05:56 | 001,597,362 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.08.25 23:42:34 | 000,000,760 | ---- | C] () -- C:\Users\Cassiopeia\AppData\Roaming\setup_ldm.iss
[2010.08.25 18:08:51 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.08.25 18:08:51 | 000,000,088 | RHS- | C] () -- C:\ProgramData\DDCF76E620.sys
[2010.08.25 17:34:32 | 000,014,848 | ---- | C] () -- C:\Users\Cassiopeia\AppData\Roaming\Settings.cfg
[2010.08.24 21:25:15 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.08.24 19:04:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.07.23 02:13:22 | 000,064,083 | ---- | C] () -- C:\Program Files\Acknowledgements.rtf
[2009.08.27 08:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2012.01.02 21:46:09 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Autodesk
[2011.12.23 20:52:23 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\BitDefender
[2011.01.15 13:08:19 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Broad Intelligence
[2010.09.24 19:15:20 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Canneverbe Limited
[2010.09.23 18:15:49 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\CocoonSoftware
[2011.11.12 20:08:16 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\dvdisaster
[2011.10.23 17:52:11 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\DVDVideoSoft
[2011.10.23 17:52:07 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.31 17:08:44 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Dynamic
[2011.11.12 21:08:40 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\EAC
[2010.08.25 17:34:31 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\EmailNotifier
[2011.01.18 20:06:44 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\flightgear.org
[2010.10.23 16:38:49 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\FreeFLVConverter
[2010.09.24 21:14:57 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\GlarySoft
[2011.05.03 18:10:26 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\gom
[2011.08.26 14:14:33 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Hex-Rays
[2010.09.26 14:48:27 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Hornil
[2011.11.02 12:48:29 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\IrfanView
[2011.08.21 17:52:19 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Jens Lorek
[2011.11.03 18:24:56 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Leadertech
[2011.03.24 20:57:26 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\MakeMusic
[2010.12.19 10:15:08 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\mirkes.de
[2010.08.24 21:21:35 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\mquadr.at
[2011.03.24 22:07:04 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\MusE
[2010.08.25 20:13:17 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\OpenOffice.org
[2010.09.16 19:32:35 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Opera
[2010.09.18 17:36:30 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\PhotoFiltre
[2011.12.31 19:42:27 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\PhotoLine
[2012.01.01 23:02:28 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Process Hacker 2
[2011.05.21 19:12:28 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\ScanSoft
[2010.08.31 17:09:22 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\SiteClasses
[2010.08.31 17:31:42 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Sites
[2010.08.27 12:10:33 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\SoftGrid Client
[2011.01.15 13:44:49 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\TeamViewer
[2011.12.22 22:23:42 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\TestApp
[2010.10.02 17:06:13 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\TubeBox
[2011.03.03 19:50:31 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\uk.co.planetside
[2010.08.31 20:11:15 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Visicom Media
[2011.10.23 17:48:07 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Xilisoft
[2011.01.15 13:34:16 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\XMedia Recode
[2011.11.30 17:14:28 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.12 21:08:41 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\AccurateRip
[2011.05.08 10:20:46 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Adobe
[2010.09.05 22:56:49 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Apple Computer
[2010.08.24 21:28:29 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\ATI
[2012.01.02 21:46:09 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Autodesk
[2011.05.09 21:04:48 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\AVS4YOU
[2011.12.23 20:52:23 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\BitDefender
[2011.01.15 13:08:19 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Broad Intelligence
[2010.09.24 19:15:20 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Canneverbe Limited
[2010.09.23 18:15:49 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\CocoonSoftware
[2010.08.25 18:09:13 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Corel
[2011.11.12 20:08:16 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\dvdisaster
[2011.10.23 17:52:11 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\DVDVideoSoft
[2011.10.23 17:52:07 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.31 17:08:44 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Dynamic
[2011.11.12 21:08:40 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\EAC
[2010.08.25 17:34:31 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\EmailNotifier
[2011.01.18 20:06:44 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\flightgear.org
[2010.10.23 16:38:49 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\FreeFLVConverter
[2010.09.24 21:14:57 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\GlarySoft
[2011.05.03 18:10:26 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\gom
[2010.12.15 19:39:29 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Google
[2011.08.26 14:14:33 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Hex-Rays
[2010.09.26 14:48:27 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Hornil
[2010.08.24 19:17:07 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Identities
[2010.08.25 23:38:20 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\InstallShield
[2011.11.02 12:48:29 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\IrfanView
[2011.08.21 17:52:19 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Jens Lorek
[2011.11.03 18:24:56 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Leadertech
[2010.08.25 23:42:05 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Logitech
[2010.08.24 20:30:59 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Macromedia
[2011.03.24 20:57:26 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\MakeMusic
[2011.12.22 21:08:10 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Media Center Programs
[2011.05.21 19:17:28 | 000,000,000 | --SD | M] -- C:\Users\Cassiopeia\AppData\Roaming\Microsoft
[2010.12.19 10:15:08 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\mirkes.de
[2010.09.16 20:08:56 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Mozilla
[2010.08.24 21:21:35 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\mquadr.at
[2011.03.24 22:07:04 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\MusE
[2010.08.25 20:13:17 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\OpenOffice.org
[2010.09.16 19:32:35 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Opera
[2010.09.18 17:36:30 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\PhotoFiltre
[2011.12.31 19:42:27 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\PhotoLine
[2012.01.01 23:02:28 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Process Hacker 2
[2010.12.22 18:34:33 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\PSpad
[2010.08.25 18:06:49 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Real
[2011.05.21 19:12:28 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\ScanSoft
[2010.08.31 17:09:22 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\SiteClasses
[2010.08.31 17:31:42 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Sites
[2010.08.27 12:10:33 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\SoftGrid Client
[2011.01.15 13:44:49 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\TeamViewer
[2011.12.22 22:23:42 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\TestApp
[2010.10.02 17:06:13 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\TubeBox
[2011.03.03 19:50:31 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\uk.co.planetside
[2010.08.31 20:11:15 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Visicom Media
[2011.12.01 09:45:06 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\vlc
[2011.10.23 17:48:07 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Xilisoft
[2011.01.15 13:34:16 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\XMedia Recode
 
< %APPDATA%\*.exe /s >
[2009.11.06 06:04:40 | 010,377,728 | ---- | M] () -- C:\Users\Cassiopeia\AppData\Roaming\CocoonSoftware\QMC\ffmpeg.exe
[2008.04.02 11:35:18 | 007,945,216 | ---- | M] () -- C:\Users\Cassiopeia\AppData\Roaming\CocoonSoftware\QMC\ffmpegHD.exe
[2011.12.28 19:19:23 | 000,010,134 | R--- | M] () -- C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\Foren.exe
[2011.12.28 19:19:23 | 000,000,766 | R--- | M] () -- C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\htmledit.exe
[2011.01.31 18:12:23 | 000,034,494 | R--- | M] () -- C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Installer\{62733593-6322-4C89-8B50-F714305A4DC6}\_6FEFF9B68218417F98F549.exe
[2010.10.02 17:28:45 | 000,034,494 | R--- | M] () -- C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Installer\{75C14F0A-EAA4-43CD-AA81-32FDB1686329}\_6FEFF9B68218417F98F549.exe
[2010.11.21 15:59:31 | 000,034,494 | R--- | M] () -- C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Installer\{8DB77BE4-629D-458D-BD68-9F36667C2177}\_6FEFF9B68218417F98F549.exe
[2010.08.28 16:53:20 | 000,010,134 | R--- | M] () -- C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Installer\{93F22EEC-DAD6-1D0D-E208-03FDA1B58F01}\ARPPRODUCTICON.exe
[2011.11.03 18:21:55 | 000,010,134 | R--- | M] () -- C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Installer\{F3F18612-7B5D-4C05-86C9-AB50F6F71727}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\ERDNT\cache86\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\ERDNT\cache64\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 893 bytes -> C:\Users\Cassiopeia\Documents\51D10EAC-00000EE3.eml:OECustomProperty
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Viele Grüße,
Martin.

Martin_Oskar · 05.01.2012, 10:40

Sorry doppelt

Martin_Oskar · 05.01.2012, 11:01

Hallo Cosinus,

mir erscheint das hier dubios.

Code:

ATTFilter

[2011.12.26 11:02:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.12.26 11:02:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

cosinus · 05.01.2012, 11:23

Zitat:

C:\TDSSKiller_Quarantine
C:\Qoobox

Du führst den TDSS-Killer und Combofix auf eigene Faust (ohne Anweisung) vorher schon aus und verlierst kein Wort drüber? Warum machst du das?
Gerade TDSS-Killer und CF sind keine Spielzeuge!

Zitat:

mir erscheint das hier dubios.

Das kommt von Combofix. Siehe oben. Sowas startet man nicht mal eben einfach so!

Martin_Oskar · 05.01.2012, 14:54

Hallo Cosinus,

Zitat:

Zitat von cosinus

Du führst den TDSS-Killer und Combofix auf eigene Faust (ohne Anweisung) vorher schon aus und verlierst kein Wort drüber?

Nichts für ungut, aber in den Logfiles im Eröffnungspost wär bereits alles schon zu lesen gewesen.

Zitat:

Warum machst du das?

Weil ich ein verunreinigtes System hatte und das Datum belegt, dass das vor dem ersten Post stattgefunden hat.
Aber ich denke meinem System wäre mehr geholfen, wenn wir beide sachlich bleiben und die eventuell noch offenen Probleme bereinigen, meinst du nicht auch?

Viele Grüße,
Martin.

cosinus · 05.01.2012, 15:44

Zitat:

nichts für ungut, aber in den Logfiles im Eröffnungspost wär bereits alles schon zu lesen gewesen.

Nö, nichts zu sehen. Weder von CF noch vom TDSS.
Zeig mir die Textstelle wo du diese beiden Tools deutlich erwähnst.
Mich ärgert es leider immer wieder, dass hier trotz zahlreicher Hinweise CF ausgeführt wird. Dann wird es nicht oder nur am Rande erwähnt und der Helfer muss sich mühsam in kleinen Puzzleteilen alle Infos erfragen und dabei immer wieder die gleichen Hinweise posten obwohl hier alles schon steht.

Zitat:

Aber ich denke meinem System wäre mehr geholfen,

Allen wäre mehr geholfen, wenn man ALLE INFOS klar und deutlich mal ansagen würde und vorher auch alle Hinweise vernünftig liest!
Du hast ein Problem und willst das verständlicherweise auch gelöst haben, aber etwas weniger Egozentrik wäre besser. Damit hilfst du letzenendes nicht du dir, sondern auch uns Helfern und allen anderen die die Strang lesen und ähnliche Probleme haben!

Martin_Oskar · 05.01.2012, 15:55

Hallo Cosinus,

das ist auszugsweise der Inhalt vom OTL.zip aus dem Eröffnungspost.

Code:

ATTFilter

OTL logfile created on: 02.01.2012 16:41:06 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Cassiopeia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 59,06% Memory free
7,99 Gb Paging File | 6,36 Gb Available in Paging File | 79,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

................

C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.12.29 20:03:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011.12.29 10:26:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011.12.28 19:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ftp-uploader
[2011.12.28 19:19:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\phase5
[2011.12.28 19:19:21 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phase 5 HTML-Editor
[2011.12.28 19:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webocton - Scriptly
[2011.12.28 19:08:25 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\AppData\Roaming\Webocton - Scriptly
[2011.12.28 19:08:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webocton - Scriptly
[2011.12.28 18:42:27 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\amaya
[2011.12.28 17:57:03 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\Documents\TagsRevisited
[2011.12.27 12:26:16 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\XMedia Recode
[2011.12.26 11:12:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.12.26 11:08:41 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011.12.26 11:02:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.12.26 11:02:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.12.26 11:02:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.12.26 11:02:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.12.26 11:02:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.12.26 10:55:11 | 004,348,814 | R--- | C] (Swearware) -- C:\Users\Cassiopeia\Desktop\ComboFix.exe
[2011.12.26 10:36:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group


..........


========== Alternate Data Streams ==========
 
@Alternate Data Stream - 893 bytes -> C:\Users\Cassiopeia\Documents\51D10EAC-00000EE3.eml:OECustomProperty
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

cosinus · 05.01.2012, 16:04

Ach, da wär ich nicht drauf gekommen, dass die Infos im Log stehen

Was meinst du woher ich das wusste, dass du schon diese Tools ausgeführt hast. Selbst erwähnt hast du es ja nicht, aber klar und deutlich steht es im Log

Ne klar und deutlich erwähnen ist was anders, zudem ist im OTL-Log nur der Hinweis dass du diese Tools ausgeführt hast. Die Logs von diesen Tools hast du nicht gepostet

Martin_Oskar · 05.01.2012, 16:32

Okay Cosinus,

wir kennen uns halt nicht. Ich bin eher der Mensch, der weniger redet und die Fakten (Log files) auf den Tisch legt. Ihr habt genug zu tun.

Das sind die zwei aus Quoobox.

Code:

ATTFilter

 Update for Microsoft Office 2007 (KB2508958)
AceFTP 3 Pro
AceHTML Freeware
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.7 - Deutsch
AFPL Ghostscript 8.54
AFPL Ghostscript Fonts
Ahead NeroMediaPlayer
Akamai NetSession Interface
Akamai NetSession Interface Service
AMD DnD V1.0.19
aonFTP
aonUpdate
Apple Application Support
Apple Software Update
Autodesk Design Review 2012
Autodesk Design Review Browser Add-on v1.2 
Avira Free Antivirus
Canon Easy-PhotoPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon iP4800 series Benutzerregistrierung
Canon My Printer
Canon Solution Menu EX
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDBurnerXP
Controller
Corel WinDVD 9
CSS Tab Designer v2.0
erLT
ESET Online Scanner v3
Flugschule Bregenzerwald ParaTrainer 4.10
Free FLV Converter V 6.93.0
Free YouTube Download version 3.0.16.923
Google Earth
Google SketchUp 8
Google Update Helper
Highspeed-Internet-Installation
HydraVision
IDA Pro Free v5.0
IrfanView (remove only)
Juice
LG USB Modem driver
Logitech SetPoint
Mahjong Champ
MailStore Home 4.1.0.4598
Malwarebytes' Anti-Malware Version 1.51.2.1300
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access 2007
Microsoft Office Access MUI (German) 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (German) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MiniTool Partition Wizard Home Edition 5.2
mirkes.de Tiny Hexer
Mozilla Firefox (3.6.15)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MuseScore 1.0 MuseScore score typesetter
OmniPage SE
OpenOffice.org 3.2
Opera 11.11
pdfsam
PhotoLine 32, Version 12.51
PSPad editor
QuickTime
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Revo Uninstaller 1.93
RunAlyzer
Runtime 8.0 Libraries
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Simple Adblock
Spybot - Search & Destroy
Terragen
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Outlook 2007 Junk Email Filter (KB2596560)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.11
XMedia Recode 2.3.0.2

Code:

ATTFilter

2011-12-26 10:12:03 . 2011-12-26 10:12:03              542 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-AceFTP 3 Pro.reg.dat
2011-12-26 10:11:45 . 2011-12-26 10:11:45              171 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{A057A204-BACC-4D26-8287-79A187E26987}.reg.dat
2011-12-26 10:11:39 . 2011-12-26 10:11:39              466 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Notify-LBTWlgn.reg.dat
2011-12-26 10:05:20 . 2011-12-26 10:05:20            3,917 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-12-26 10:02:26 . 2011-12-26 10:02:26               51 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2011-12-26 09:39:44 . 2011-12-26 09:39:44          262,144 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\ntuser.dat.vir
2011-05-12 18:17:29 . 2011-03-23 12:24:21            5,529 ----a-w-  C:\Qoobox\Quarantine\C\Users\Cassiopeia\AppData\Roaming\Mozilla\Firefox\Profiles\z5rgx61s.default\searchplugins\SearchquWebSearch.xml.vir
2011-05-12 18:17:29 . 2011-03-23 12:24:21            5,529 ----a-w-  C:\Qoobox\Quarantine\C\Program Files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml.vir
2010-08-31 19:11:06 . 2010-12-06 18:17:26          737,280 ----a-w-  C:\Qoobox\Quarantine\C\Windows\iun6002.exe.vir
2010-08-31 15:39:04 . 2010-07-07 05:55:10              545 ----a-w-  C:\Qoobox\Quarantine\C\Windows\pkzip.pif.vir
2010-08-31 15:39:04 . 2010-07-07 05:55:10              545 ----a-w-  C:\Qoobox\Quarantine\C\Windows\pkunzip.pif.vir

Es gäb auch noch einen SnapShot, was immer das auch ist. Möchtest du das auch sehen?

TDSS-Killer

Code:

ATTFilter

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic

Code:

ATTFilter

[InfectedObject]
Type: Service
Name: StarOpen
Type: File system driver (0x2)
Start: Demand (0x3)

Code:

ATTFilter

[InfectedFile]
Type: Raw image
Src: C:\Windows\system32\drivers\StarOpen.sys
md5: e57b778208c783d8debab320c16a1b82

Viele Grüße,
Martin.

04.01.2012, 17:52	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	alles began mit Win 7 security 2012 Nach Möglichkeit immer den normalen Modus verwenden __________________ Logfiles bitte immer in CODE-Tags posten

alles began mit Win 7 security 2012

Plagegeister aller Art und deren Bekämpfung: alles began mit Win 7 security 2012