Antivir schlägt an - HTML/Infected.WebPage.Gen2

T0bbes · 04.01.2012, 23:23

Hallo,

nachdem ich mir heute im Internet ein paar Seiten angeschaut habe, meldete sich Antivir, dass ein "Virus/Malware" Namens "HTML/Infected.WebPage.Gen2" gefunden wurde. Leider kann ich die betroffene Datei nciht löschen bzw behandeln. Jedes mal, wenn ich dies versuche bekomme ich einen weitere Fundgemeldet...

Defogger habe ich durchlaufen lassen. OTL ebenfalls.
Anbei die beiden Logfiles von OTL. Ich wusste nun nicht, ob Ihr die Minimale oder Standard Ausgabe haben wollt. Hier die Minimale-Ausgabe. Im Anhang findet Ihr beide Extra.txt Dateien.

OTL logfile created on: 04.01.2012 22:59:24 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,91 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 57,24% Memory free
7,83 Gb Paging File | 6,06 Gb Available in Paging File | 77,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,35 Gb Total Space | 98,98 Gb Free Space | 50,67% Space Free | Partition Type: NTFS
Drive D: | 245,41 Gb Total Space | 243,55 Gb Free Space | 99,25% Space Free | Partition Type: NTFS

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: D:\Programme\components [2011.11.09 19:49:31 | 000,000,000 | ---D | M]

[2011.11.09 19:49:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.11.26 11:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\744umwrd.default\extensions
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\744UMWRD.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\744UMWRD.DEFAULT\EXTENSIONS\RAINBOW@COLORS.ORG.XPI

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - D:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - D:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DDC1E5D-1942-4EE2-8FD9-A7001AEDC43C}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{af9a7ac0-0bd2-11e1-9530-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{af9a7ac0-0bd2-11e1-9530-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.01.04 22:34:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.01.03 23:46:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6259F1CE-8B9D-4FB8-B28C-7C45A5A0DAB2}
[2012.01.03 23:46:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{84366776-CB72-404F-BA36-12F5EBB00BC3}
[2011.12.29 13:11:32 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Stefan-Haus
[2011.12.29 12:22:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2011.12.29 12:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2011.12.29 12:18:01 | 000,230,864 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2011.12.29 12:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2011.12.29 01:50:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.12.29 00:23:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{0B045DA6-21E2-493B-B484-9314945F14F0}
[2011.12.29 00:23:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E0D8C140-31DE-462B-A905-EBB7E47E6BB4}
[2011.12.24 15:08:02 | 000,000,000 | ---D | C] -- D:\Eigene Dokumente\Meine empfangenen Dateien
[2011.12.24 15:05:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{481C9EFD-1AA3-47D4-AB49-4F6C622E59E2}
[2011.12.24 15:04:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{1E544813-5BFE-4228-877A-2C82E94CBC9F}
[2011.12.21 21:36:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.12.21 21:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
[2011.12.21 20:58:59 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2011.12.21 01:18:28 | 000,179,712 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrfxDA5b.dll
[2011.12.21 01:18:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2011.12.21 01:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2011.12.21 01:07:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics
[2011.12.21 00:33:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2011.12.21 00:33:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\SoftGrid Client
[2011.12.21 00:32:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011.12.21 00:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011.12.21 00:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2011.12.21 00:32:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TP
[2011.12.20 18:52:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{AF4092B4-F6E1-49C0-9B9B-3999EAA093D8}
[2011.12.20 18:52:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{13A5C79A-4E89-469A-8311-BC77FC5F316D}
[2011.12.19 01:17:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4F965899-3BCC-4491-8443-BE785A228C9A}
[2011.12.19 01:16:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{EA39DBEC-7AAD-4A62-B8DF-FBAB028FA748}
[2011.12.17 20:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2011.12.17 20:22:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2011.12.17 19:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2011.12.17 19:27:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2011.12.17 18:14:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2011.12.17 18:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011.12.17 16:49:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Facebook
[2011.12.15 08:18:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{31166476-68BE-4BFC-A44F-6D12036EE24D}
[2011.12.15 08:18:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{733B75D1-E2A2-4E2C-ADC8-FFDA57927CA6}
[2011.12.14 20:52:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{105D7331-0546-4B58-8A25-67259E1F68DA}
[2011.12.14 20:52:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{52C2A01D-3DE4-4F91-BB86-4BE1777BF47B}
[2011.12.14 20:07:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{535EE5E5-FAD4-424A-99B3-23BCE6ACE51E}
[2011.12.14 20:07:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{EAB87C72-FED8-405B-887B-AF0050E99167}
[2011.12.12 23:59:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bonita Open Solution
[2011.12.12 23:58:01 | 000,000,000 | ---D | C] -- C:\BOS-5.6
[2011.12.11 23:56:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Unity
[2011.12.10 20:20:09 | 000,035,648 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2011.12.10 20:20:09 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2011.12.10 20:19:16 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2011.12.10 20:19:15 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2011.12.10 20:19:14 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011.12.10 20:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2011.12.10 20:19:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011.12.10 20:18:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2011.12.10 20:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011.12.10 20:17:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011.12.09 17:53:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{592ED191-0BA5-4ACB-B2D4-4982AE1B3C30}
[2011.12.09 17:53:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{684AD8D1-FCFE-4950-9647-87C66BA1BB10}
[2011.12.08 18:20:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Command and Conquer 4
[2011.12.08 18:20:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Electronic_Arts_Inc
[2011.12.08 17:59:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Neuer Ordner
[2011.12.08 13:02:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B9FE3966-3E8E-4DCA-A731-7DF2DCA87678}

========== Files - Modified Within 30 Days ==========

[2012.01.04 22:47:05 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.04 22:47:05 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.04 22:39:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.04 22:38:53 | 3152,130,048 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.04 22:38:14 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.01.04 22:34:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.01.04 22:33:22 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.01.02 19:03:12 | 000,097,686 | ---- | M] () -- C:\Users\***\Desktop\Lamborghini_Aventador_LP700_4.jpg
[2012.01.02 18:52:52 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011.12.29 12:28:18 | 1073,741,824 | ---- | M] () -- D:\Eigene Dokumente\tc.tc
[2011.12.29 12:18:04 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2011.12.29 12:18:01 | 000,230,864 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2011.12.28 00:04:27 | 008,658,632 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.28 00:04:27 | 000,706,286 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2011.12.28 00:04:27 | 000,705,310 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2011.12.28 00:04:27 | 000,703,048 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2011.12.28 00:04:27 | 000,700,964 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2011.12.28 00:04:27 | 000,691,198 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2011.12.28 00:04:27 | 000,687,814 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2011.12.28 00:04:27 | 000,666,022 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.28 00:04:27 | 000,627,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.28 00:04:27 | 000,563,626 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2011.12.28 00:04:27 | 000,446,342 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat
[2011.12.28 00:04:27 | 000,397,176 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2011.12.28 00:04:27 | 000,365,378 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2011.12.28 00:04:27 | 000,141,000 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2011.12.28 00:04:27 | 000,137,690 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2011.12.28 00:04:27 | 000,136,878 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2011.12.28 00:04:27 | 000,136,454 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2011.12.28 00:04:27 | 000,134,078 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2011.12.28 00:04:27 | 000,133,944 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.28 00:04:27 | 000,131,082 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2011.12.28 00:04:27 | 000,110,326 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2011.12.28 00:04:27 | 000,110,326 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.28 00:04:27 | 000,093,374 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2011.12.28 00:04:27 | 000,082,922 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat
[2011.12.28 00:04:27 | 000,073,032 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2011.12.27 22:22:45 | 000,002,072 | ---- | M] () -- C:\Users\***\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2011.12.27 22:22:45 | 000,002,001 | ---- | M] () -- C:\Users\***\Desktop\Avira DE-Cleaner.lnk
[2011.12.21 21:36:31 | 008,766,422 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.21 01:23:54 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bridf07a.dat
[2011.12.18 15:35:53 | 000,001,476 | ---- | M] () -- C:\Users\***\Desktop\Wow - Verknüpfung.lnk
[2011.12.17 19:29:29 | 000,001,338 | ---- | M] () -- C:\Users\***\Desktop\World of Warcraft-Installationsprogramm.lnk
[2011.12.17 16:57:31 | 000,002,180 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011.12.17 13:58:17 | 000,275,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.12 23:59:18 | 000,000,529 | ---- | M] () -- C:\Users\***\Desktop\BOS-5.6.lnk
[2011.12.10 20:36:00 | 000,001,381 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2011.12.08 17:56:44 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2011.12.08 17:56:22 | 000,035,648 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2011.12.08 17:56:22 | 000,028,992 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2011.12.08 17:56:22 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2011.12.08 17:56:22 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011.12.08 13:01:32 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

========== Files Created - No Company Name ==========

[2012.01.04 22:38:14 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.01.04 22:33:21 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.01.02 19:03:06 | 000,097,686 | ---- | C] () -- C:\Users\***\Desktop\Lamborghini_Aventador_LP700_4.jpg
[2011.12.29 12:27:57 | 1073,741,824 | ---- | C] () -- D:\Eigene Dokumente\tc.tc
[2011.12.29 12:18:04 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2011.12.27 22:22:45 | 000,002,072 | ---- | C] () -- C:\Users\***\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2011.12.27 22:22:45 | 000,002,001 | ---- | C] () -- C:\Users\***\Desktop\Avira DE-Cleaner.lnk
[2011.12.21 01:18:42 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\bridf07a.dat
[2011.12.21 00:32:58 | 008,766,422 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.18 15:35:53 | 000,001,476 | ---- | C] () -- C:\Users\***\Desktop\Wow - Verknüpfung.lnk
[2011.12.17 19:29:29 | 000,001,338 | ---- | C] () -- C:\Users\***\Desktop\World of Warcraft-Installationsprogramm.lnk
[2011.12.12 23:59:18 | 000,000,529 | ---- | C] () -- C:\Users\***\Desktop\BOS-5.6.lnk
[2011.12.10 20:19:12 | 000,002,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2011.11.10 21:13:53 | 000,007,607 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.11.10 03:09:35 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011.11.10 03:09:31 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2011.11.10 03:09:31 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2011.11.10 03:01:40 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.05.31 04:24:17 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.05.31 04:23:33 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.05.31 04:23:31 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.05.31 04:23:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.04.13 03:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009.07.29 06:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.02.26 07:50:32 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config

========== LOP Check ==========

[2011.12.10 19:52:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2011.11.09 19:40:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASUS WebStorage
[2011.12.08 18:20:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command and Conquer 4
[2011.11.10 20:37:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.01.04 19:40:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.11.19 11:44:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\iWin
[2011.11.09 20:33:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda
[2011.11.15 23:53:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011.11.12 19:17:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nuance
[2011.12.21 01:25:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2011.12.21 00:33:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2011.12.29 12:26:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2011.12.10 20:19:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011.11.10 23:24:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zeon
[2009.07.14 06:08:49 | 000,027,132 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2011.11.09 19:35:10 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.11.22 23:46:25 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT
[2011.04.13 03:49:40 | 000,000,000 | ---D | M] -- C:\AsusVibeData
[2009.07.29 07:03:34 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.12.13 00:01:12 | 000,000,000 | ---D | M] -- C:\BOS-5.6
[2011.12.21 23:38:07 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2011.11.10 20:30:40 | 000,000,000 | ---D | M] -- C:\DAEMON Tools Lite
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.11.13 23:48:04 | 000,000,000 | ---D | M] -- C:\Eigene Dokumente
[2011.11.10 03:10:54 | 000,000,000 | ---D | M] -- C:\eSupport
[2011.11.10 03:02:52 | 000,000,000 | ---D | M] -- C:\Intel
[2011.11.10 03:06:00 | 000,000,000 | ---D | M] -- C:\NvidiaLogs
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.29 12:17:06 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.12.21 01:18:23 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.12.21 20:58:59 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.11.09 19:32:45 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.01.04 22:46:39 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.11.09 19:34:11 | 000,000,000 | R--D | M] -- C:\Users
[2011.11.10 03:48:33 | 000,000,000 | ---D | M] -- C:\WIMAPPLY
[2011.12.21 01:24:28 | 000,000,000 | ---D | M] -- C:\Windows
[2011.11.26 12:37:36 | 000,000,000 | ---D | M] -- C:\xampp

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >

< MD5 for: AFD.SYS >
[2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2010.11.20 10:23:36 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.20 14:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WININIT.EXE >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 14:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:52DBE86F
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:81F83028

< End of report >

Hoffe Ihr könnt mir helfen...
Danke

cosinus · 05.01.2012, 12:21

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.

T0bbes · 07.01.2012, 14:39

Hallo und Sorry für die späte Antwort.
Hier der Bericht vom Fund:

Code:

ATTFilter


Avira Free Antivirus
Erstellungsdatum der Reportdatei: Mittwoch, 4. Januar 2012  00:26

Es wird nach 3000859 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 x64
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : ***

Versionsinformationen:
BUILD.DAT      : 12.0.0.872     41826 Bytes  15.12.2011 16:24:00
AVSCAN.EXE     : 12.1.0.18     490448 Bytes  19.10.2011 15:55:49
AVSCAN.DLL     : 12.1.0.17      65744 Bytes  19.10.2011 15:56:10
LUKE.DLL       : 12.1.0.17      68304 Bytes  19.10.2011 15:55:59
AVSCPLR.DLL    : 12.1.0.21      99536 Bytes  08.12.2011 12:01:32
AVREG.DLL      : 12.1.0.27     227536 Bytes  09.12.2011 16:46:59
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 19:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 10:07:39
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 18:14:10
VBASE003.VDF   : 7.11.19.171     2048 Bytes  20.12.2011 18:14:10
VBASE004.VDF   : 7.11.19.172     2048 Bytes  20.12.2011 18:14:10
VBASE005.VDF   : 7.11.19.173     2048 Bytes  20.12.2011 18:14:10
VBASE006.VDF   : 7.11.19.174     2048 Bytes  20.12.2011 18:14:10
VBASE007.VDF   : 7.11.19.175     2048 Bytes  20.12.2011 18:14:10
VBASE008.VDF   : 7.11.19.176     2048 Bytes  20.12.2011 18:14:10
VBASE009.VDF   : 7.11.19.177     2048 Bytes  20.12.2011 18:14:10
VBASE010.VDF   : 7.11.19.178     2048 Bytes  20.12.2011 18:14:10
VBASE011.VDF   : 7.11.19.179     2048 Bytes  20.12.2011 18:14:10
VBASE012.VDF   : 7.11.19.180     2048 Bytes  20.12.2011 18:14:10
VBASE013.VDF   : 7.11.19.217   182784 Bytes  22.12.2011 18:20:27
VBASE014.VDF   : 7.11.19.255   148480 Bytes  24.12.2011 00:38:48
VBASE015.VDF   : 7.11.20.29    164352 Bytes  27.12.2011 13:53:06
VBASE016.VDF   : 7.11.20.70    180224 Bytes  29.12.2011 20:18:37
VBASE017.VDF   : 7.11.20.71      2048 Bytes  29.12.2011 20:18:37
VBASE018.VDF   : 7.11.20.72      2048 Bytes  29.12.2011 20:18:37
VBASE019.VDF   : 7.11.20.73      2048 Bytes  29.12.2011 20:18:37
VBASE020.VDF   : 7.11.20.74      2048 Bytes  29.12.2011 20:18:37
VBASE021.VDF   : 7.11.20.75      2048 Bytes  29.12.2011 20:18:37
VBASE022.VDF   : 7.11.20.76      2048 Bytes  29.12.2011 20:18:38
VBASE023.VDF   : 7.11.20.77      2048 Bytes  29.12.2011 20:18:38
VBASE024.VDF   : 7.11.20.78      2048 Bytes  29.12.2011 20:18:38
VBASE025.VDF   : 7.11.20.79      2048 Bytes  29.12.2011 20:18:38
VBASE026.VDF   : 7.11.20.80      2048 Bytes  29.12.2011 20:18:38
VBASE027.VDF   : 7.11.20.81      2048 Bytes  29.12.2011 20:18:38
VBASE028.VDF   : 7.11.20.82      2048 Bytes  29.12.2011 20:18:38
VBASE029.VDF   : 7.11.20.83      2048 Bytes  29.12.2011 20:18:38
VBASE030.VDF   : 7.11.20.84      2048 Bytes  29.12.2011 20:18:38
VBASE031.VDF   : 7.11.20.97    132608 Bytes  30.12.2011 20:18:40
Engineversion  : 8.2.8.18  
AEVDF.DLL      : 8.1.2.2       106868 Bytes  09.11.2011 21:42:13
AESCRIPT.DLL   : 8.1.3.95      479612 Bytes  30.12.2011 20:19:04
AESCN.DLL      : 8.1.7.2       127349 Bytes  01.09.2011 22:46:02
AESBX.DLL      : 8.2.4.5       434549 Bytes  01.12.2011 16:40:06
AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 22:16:06
AEPACK.DLL     : 8.2.15.1      770423 Bytes  17.12.2011 12:59:29
AEOFFICE.DLL   : 8.1.2.25      201084 Bytes  30.12.2011 20:19:01
AEHEUR.DLL     : 8.1.3.14     4260216 Bytes  30.12.2011 20:19:00
AEHELP.DLL     : 8.1.18.0      254327 Bytes  09.11.2011 21:42:07
AEGEN.DLL      : 8.1.5.17      405877 Bytes  09.12.2011 16:46:54
AEEMU.DLL      : 8.1.3.0       393589 Bytes  01.09.2011 22:46:01
AECORE.DLL     : 8.1.24.3      201079 Bytes  30.12.2011 20:18:42
AEBB.DLL       : 8.1.1.0        53618 Bytes  01.09.2011 22:46:01
AVWINLL.DLL    : 12.1.0.17      27344 Bytes  19.10.2011 15:55:51
AVPREF.DLL     : 12.1.0.17      51920 Bytes  19.10.2011 15:55:48
AVREP.DLL      : 12.1.0.17     179408 Bytes  19.10.2011 15:55:49
AVARKT.DLL     : 12.1.0.19     208848 Bytes  08.12.2011 12:01:28
AVEVTLOG.DLL   : 12.1.0.17     169168 Bytes  19.10.2011 15:55:47
SQLITE3.DLL    : 3.7.0.0       398288 Bytes  19.10.2011 15:56:03
AVSMTP.DLL     : 12.1.0.17      62928 Bytes  19.10.2011 15:55:50
NETNT.DLL      : 12.1.0.17      17104 Bytes  19.10.2011 15:55:59
RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  19.10.2011 15:56:14
RCTEXT.DLL     : 12.1.0.16      98512 Bytes  19.10.2011 15:56:14

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4f037c52\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Mittwoch, 4. Januar 2012  00:26

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ICQ.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WDC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KBFiltr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wcourier.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControlUser.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DMedia.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsScrPro.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sensorsrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smartlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GFNEXSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASLDRSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\744umwrd.default\Cache\9\14\D000Ed01'
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\744umwrd.default\Cache\9\14\D000Ed01
  [FUND]      Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Infected.WebPage.Gen2
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4bae250b.qua' verschoben!


Ende des Suchlaufs: Mittwoch, 4. Januar 2012  00:26
Benötigte Zeit: 00:05 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
     30 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
     29 Dateien ohne Befall
      0 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise

Hier vom zweiten Fund:

Code:

ATTFilter


Avira Free Antivirus
Erstellungsdatum der Reportdatei: Mittwoch, 4. Januar 2012  21:33

Es wird nach 3000859 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 x64
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : ***

Versionsinformationen:
BUILD.DAT      : 12.0.0.872     41826 Bytes  15.12.2011 16:24:00
AVSCAN.EXE     : 12.1.0.18     490448 Bytes  19.10.2011 15:55:49
AVSCAN.DLL     : 12.1.0.17      65744 Bytes  19.10.2011 15:56:10
LUKE.DLL       : 12.1.0.17      68304 Bytes  19.10.2011 15:55:59
AVSCPLR.DLL    : 12.1.0.21      99536 Bytes  08.12.2011 12:01:32
AVREG.DLL      : 12.1.0.27     227536 Bytes  09.12.2011 16:46:59
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 19:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 10:07:39
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 18:14:10
VBASE003.VDF   : 7.11.19.171     2048 Bytes  20.12.2011 18:14:10
VBASE004.VDF   : 7.11.19.172     2048 Bytes  20.12.2011 18:14:10
VBASE005.VDF   : 7.11.19.173     2048 Bytes  20.12.2011 18:14:10
VBASE006.VDF   : 7.11.19.174     2048 Bytes  20.12.2011 18:14:10
VBASE007.VDF   : 7.11.19.175     2048 Bytes  20.12.2011 18:14:10
VBASE008.VDF   : 7.11.19.176     2048 Bytes  20.12.2011 18:14:10
VBASE009.VDF   : 7.11.19.177     2048 Bytes  20.12.2011 18:14:10
VBASE010.VDF   : 7.11.19.178     2048 Bytes  20.12.2011 18:14:10
VBASE011.VDF   : 7.11.19.179     2048 Bytes  20.12.2011 18:14:10
VBASE012.VDF   : 7.11.19.180     2048 Bytes  20.12.2011 18:14:10
VBASE013.VDF   : 7.11.19.217   182784 Bytes  22.12.2011 18:20:27
VBASE014.VDF   : 7.11.19.255   148480 Bytes  24.12.2011 00:38:48
VBASE015.VDF   : 7.11.20.29    164352 Bytes  27.12.2011 13:53:06
VBASE016.VDF   : 7.11.20.70    180224 Bytes  29.12.2011 20:18:37
VBASE017.VDF   : 7.11.20.71      2048 Bytes  29.12.2011 20:18:37
VBASE018.VDF   : 7.11.20.72      2048 Bytes  29.12.2011 20:18:37
VBASE019.VDF   : 7.11.20.73      2048 Bytes  29.12.2011 20:18:37
VBASE020.VDF   : 7.11.20.74      2048 Bytes  29.12.2011 20:18:37
VBASE021.VDF   : 7.11.20.75      2048 Bytes  29.12.2011 20:18:37
VBASE022.VDF   : 7.11.20.76      2048 Bytes  29.12.2011 20:18:38
VBASE023.VDF   : 7.11.20.77      2048 Bytes  29.12.2011 20:18:38
VBASE024.VDF   : 7.11.20.78      2048 Bytes  29.12.2011 20:18:38
VBASE025.VDF   : 7.11.20.79      2048 Bytes  29.12.2011 20:18:38
VBASE026.VDF   : 7.11.20.80      2048 Bytes  29.12.2011 20:18:38
VBASE027.VDF   : 7.11.20.81      2048 Bytes  29.12.2011 20:18:38
VBASE028.VDF   : 7.11.20.82      2048 Bytes  29.12.2011 20:18:38
VBASE029.VDF   : 7.11.20.83      2048 Bytes  29.12.2011 20:18:38
VBASE030.VDF   : 7.11.20.84      2048 Bytes  29.12.2011 20:18:38
VBASE031.VDF   : 7.11.20.97    132608 Bytes  30.12.2011 20:18:40
Engineversion  : 8.2.8.18  
AEVDF.DLL      : 8.1.2.2       106868 Bytes  09.11.2011 21:42:13
AESCRIPT.DLL   : 8.1.3.95      479612 Bytes  30.12.2011 20:19:04
AESCN.DLL      : 8.1.7.2       127349 Bytes  01.09.2011 22:46:02
AESBX.DLL      : 8.2.4.5       434549 Bytes  01.12.2011 16:40:06
AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 22:16:06
AEPACK.DLL     : 8.2.15.1      770423 Bytes  17.12.2011 12:59:29
AEOFFICE.DLL   : 8.1.2.25      201084 Bytes  30.12.2011 20:19:01
AEHEUR.DLL     : 8.1.3.14     4260216 Bytes  30.12.2011 20:19:00
AEHELP.DLL     : 8.1.18.0      254327 Bytes  09.11.2011 21:42:07
AEGEN.DLL      : 8.1.5.17      405877 Bytes  09.12.2011 16:46:54
AEEMU.DLL      : 8.1.3.0       393589 Bytes  01.09.2011 22:46:01
AECORE.DLL     : 8.1.24.3      201079 Bytes  30.12.2011 20:18:42
AEBB.DLL       : 8.1.1.0        53618 Bytes  01.09.2011 22:46:01
AVWINLL.DLL    : 12.1.0.17      27344 Bytes  19.10.2011 15:55:51
AVPREF.DLL     : 12.1.0.17      51920 Bytes  19.10.2011 15:55:48
AVREP.DLL      : 12.1.0.17     179408 Bytes  19.10.2011 15:55:49
AVARKT.DLL     : 12.1.0.19     208848 Bytes  08.12.2011 12:01:28
AVEVTLOG.DLL   : 12.1.0.17     169168 Bytes  19.10.2011 15:55:47
SQLITE3.DLL    : 3.7.0.0       398288 Bytes  19.10.2011 15:56:03
AVSMTP.DLL     : 12.1.0.17      62928 Bytes  19.10.2011 15:55:50
NETNT.DLL      : 12.1.0.17      17104 Bytes  19.10.2011 15:55:59
RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  19.10.2011 15:56:14
RCTEXT.DLL     : 12.1.0.16      98512 Bytes  19.10.2011 15:56:14

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4f0486e7\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Mittwoch, 4. Januar 2012  21:33

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WDC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KBFiltr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wcourier.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControlUser.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DMedia.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsScrPro.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sensorsrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GFNEXSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASLDRSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\744umwrd.default\Cache\9\14\D000Ed01'
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\744umwrd.default\Cache\9\14\D000Ed01
  [FUND]      Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Infected.WebPage.Gen2
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4be719e7.qua' verschoben!


Ende des Suchlaufs: Mittwoch, 4. Januar 2012  21:34
Benötigte Zeit: 00:06 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
     29 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
     28 Dateien ohne Befall
      0 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise

Ein danach durchgeführter vollständige Systemüberprüfung führte nun allerdings zu keinem Ereignis....
Gibt es dann nun noch etwas zu tun oder hat sich das erledigt, wenn Antivir keine weitere Meldung rausgibt?

Danke!

cosinus · 07.01.2012, 16:18

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

T0bbes · 08.01.2012, 16:08

Hallo,

hier die Logs von Malewarebytes

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.07.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: *** [Administrator]

Schutz: Aktiviert

07.01.2012 18:42:58
mbam-log-2012-01-07 (18-42-58).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 549585
Laufzeit: 1 Stunde(n), 44 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Und hier der Log vom Online Scan:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e69a979a5f074743a3798f9f75578964
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-07 09:25:20
# local_time=2012-01-07 10:25:20 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 5103909 5103909 0 0
# compatibility_mode=5893 16776573 100 94 12758 77596762 0 0
# compatibility_mode=8192 67108863 100 0 3740 3740 0 0
# scanned=308160
# found=0
# cleaned=0
# scan_time=4628
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e69a979a5f074743a3798f9f75578964
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-08 02:58:18
# local_time=2012-01-08 03:58:18 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 5164916 5164916 0 0
# compatibility_mode=5893 16776573 100 94 3631 77657769 0 0
# compatibility_mode=8192 67108863 100 0 64747 64747 0 0
# scanned=369874
# found=0
# cleaned=0
# scan_time=6799

cosinus · 08.01.2012, 20:57

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

T0bbes · 09.01.2012, 20:18

Hallo,

hier das Ergebnis

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 09.01.2012 19:53:06 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 59,70% Memory free
7,83 Gb Paging File | 6,05 Gb Available in Paging File | 77,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,35 Gb Total Space | 97,37 Gb Free Space | 49,84% Space Free | Partition Type: NTFS
Drive D: | 245,41 Gb Total Space | 243,55 Gb Free Space | 99,25% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: D:\Programme\components [2011.11.09 19:49:31 | 000,000,000 | ---D | M]
 
[2011.11.09 19:49:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.01.07 17:45:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\744umwrd.default\extensions
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\744UMWRD.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\744UMWRD.DEFAULT\EXTENSIONS\RAINBOW@COLORS.ORG.XPI
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - D:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - D:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DDC1E5D-1942-4EE2-8FD9-A7001AEDC43C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{af9a7ac0-0bd2-11e1-9530-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{af9a7ac0-0bd2-11e1-9530-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig:64bit - StartUpReg: ASUSWebStorage - hkey= - key= - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: Setwallpaper - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: UpdateLBPShortCut - hkey= - key= - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: UpdateP2GoShortCut - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {47B3BDBB-F2AE-4B55-95C8-921C25DB3B76} - .NET Framework
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9793EDE2-499E-4A14-8220-523691D8F91B} - .NET Framework
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FE600E50-2C69-46D5-ACAA-2B617006245C} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.07 21:06:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.01.07 18:39:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.01.07 18:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.07 18:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.07 18:39:51 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.01.07 18:39:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.01.07 17:58:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\timeline
[2012.01.04 22:34:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.01.03 23:46:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6259F1CE-8B9D-4FB8-B28C-7C45A5A0DAB2}
[2012.01.03 23:46:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{84366776-CB72-404F-BA36-12F5EBB00BC3}
[2011.12.29 13:11:32 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Stefan-Haus
[2011.12.29 12:22:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2011.12.29 12:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2011.12.29 12:18:01 | 000,230,864 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2011.12.29 12:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2011.12.29 01:50:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.12.29 00:23:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{0B045DA6-21E2-493B-B484-9314945F14F0}
[2011.12.29 00:23:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E0D8C140-31DE-462B-A905-EBB7E47E6BB4}
[2011.12.24 15:08:02 | 000,000,000 | ---D | C] -- D:\Eigene Dokumente\Meine empfangenen Dateien
[2011.12.24 15:05:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{481C9EFD-1AA3-47D4-AB49-4F6C622E59E2}
[2011.12.24 15:04:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{1E544813-5BFE-4228-877A-2C82E94CBC9F}
[2011.12.21 21:36:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.12.21 21:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
[2011.12.21 20:58:59 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2011.12.21 01:18:28 | 000,179,712 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrfxDA5b.dll
[2011.12.21 01:18:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2011.12.21 01:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2011.12.21 01:07:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics
[2011.12.21 00:33:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2011.12.21 00:33:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\SoftGrid Client
[2011.12.21 00:32:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011.12.21 00:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011.12.21 00:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2011.12.21 00:32:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TP
[2011.12.20 18:52:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{AF4092B4-F6E1-49C0-9B9B-3999EAA093D8}
[2011.12.20 18:52:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{13A5C79A-4E89-469A-8311-BC77FC5F316D}
[2011.12.19 01:17:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4F965899-3BCC-4491-8443-BE785A228C9A}
[2011.12.19 01:16:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{EA39DBEC-7AAD-4A62-B8DF-FBAB028FA748}
[2011.12.17 20:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2011.12.17 20:22:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2011.12.17 19:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2011.12.17 19:27:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2011.12.17 18:14:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2011.12.17 18:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011.12.17 16:49:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Facebook
[2011.12.15 08:18:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{31166476-68BE-4BFC-A44F-6D12036EE24D}
[2011.12.15 08:18:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{733B75D1-E2A2-4E2C-ADC8-FFDA57927CA6}
[2011.12.14 20:52:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{105D7331-0546-4B58-8A25-67259E1F68DA}
[2011.12.14 20:52:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{52C2A01D-3DE4-4F91-BB86-4BE1777BF47B}
[2011.12.14 20:07:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{535EE5E5-FAD4-424A-99B3-23BCE6ACE51E}
[2011.12.14 20:07:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{EAB87C72-FED8-405B-887B-AF0050E99167}
[2011.12.12 23:59:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bonita Open Solution
[2011.12.12 23:58:01 | 000,000,000 | ---D | C] -- C:\BOS-5.6
[2011.12.11 23:56:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Unity
[2011.12.10 20:20:09 | 000,035,648 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2011.12.10 20:20:09 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2011.12.10 20:19:16 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2011.12.10 20:19:15 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2011.12.10 20:19:14 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011.12.10 20:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2011.12.10 20:19:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011.12.10 20:18:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2011.12.10 20:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011.12.10 20:17:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.09 19:55:34 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.09 19:55:34 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.09 19:47:55 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012.01.09 19:47:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.09 19:47:25 | 3152,130,048 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.08 14:02:22 | 000,002,234 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012.01.08 14:02:14 | 000,001,393 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012.01.07 18:39:52 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.04 23:21:30 | 000,044,249 | ---- | M] () -- C:\Users\***\Desktop\OTL.zip
[2012.01.04 22:38:14 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.01.04 22:34:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.01.04 22:33:22 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.01.02 19:03:12 | 000,097,686 | ---- | M] () -- C:\Users\***\Desktop\Lamborghini_Aventador_LP700_4.jpg
[2011.12.29 12:28:18 | 1073,741,824 | ---- | M] () -- D:\Eigene Dokumente\tc.tc
[2011.12.29 12:18:04 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2011.12.29 12:18:01 | 000,230,864 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2011.12.28 00:04:27 | 008,658,632 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.28 00:04:27 | 000,706,286 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2011.12.28 00:04:27 | 000,705,310 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2011.12.28 00:04:27 | 000,703,048 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2011.12.28 00:04:27 | 000,700,964 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2011.12.28 00:04:27 | 000,691,198 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2011.12.28 00:04:27 | 000,687,814 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2011.12.28 00:04:27 | 000,666,022 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.28 00:04:27 | 000,627,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.28 00:04:27 | 000,563,626 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2011.12.28 00:04:27 | 000,446,342 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat
[2011.12.28 00:04:27 | 000,397,176 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2011.12.28 00:04:27 | 000,365,378 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2011.12.28 00:04:27 | 000,141,000 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2011.12.28 00:04:27 | 000,137,690 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2011.12.28 00:04:27 | 000,136,878 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2011.12.28 00:04:27 | 000,136,454 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2011.12.28 00:04:27 | 000,134,078 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2011.12.28 00:04:27 | 000,133,944 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.28 00:04:27 | 000,131,082 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2011.12.28 00:04:27 | 000,110,326 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2011.12.28 00:04:27 | 000,110,326 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.28 00:04:27 | 000,093,374 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2011.12.28 00:04:27 | 000,082,922 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat
[2011.12.28 00:04:27 | 000,073,032 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2011.12.27 22:22:45 | 000,002,072 | ---- | M] () -- C:\Users\***\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2011.12.27 22:22:45 | 000,002,001 | ---- | M] () -- C:\Users\***\Desktop\Avira DE-Cleaner.lnk
[2011.12.21 21:36:31 | 008,766,422 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.21 01:23:54 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bridf07a.dat
[2011.12.18 15:35:53 | 000,001,476 | ---- | M] () -- C:\Users\***\Desktop\Wow - Verknüpfung.lnk
[2011.12.17 19:29:29 | 000,001,338 | ---- | M] () -- C:\Users\***\Desktop\World of Warcraft-Installationsprogramm.lnk
[2011.12.17 13:58:17 | 000,275,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.12 23:59:18 | 000,000,529 | ---- | M] () -- C:\Users\***\Desktop\BOS-5.6.lnk
 
========== Files Created - No Company Name ==========
 
[2012.01.07 18:39:52 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.04 23:21:30 | 000,044,249 | ---- | C] () -- C:\Users\***\Desktop\OTL.zip
[2012.01.04 22:38:14 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.01.04 22:33:21 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.01.02 19:03:06 | 000,097,686 | ---- | C] () -- C:\Users\***\Desktop\Lamborghini_Aventador_LP700_4.jpg
[2011.12.29 12:27:57 | 1073,741,824 | ---- | C] () -- D:\Eigene Dokumente\tc.tc
[2011.12.29 12:18:04 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2011.12.27 22:22:45 | 000,002,072 | ---- | C] () -- C:\Users\***\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2011.12.27 22:22:45 | 000,002,001 | ---- | C] () -- C:\Users\***\Desktop\Avira DE-Cleaner.lnk
[2011.12.21 01:18:42 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\bridf07a.dat
[2011.12.21 00:32:58 | 008,766,422 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.18 15:35:53 | 000,001,476 | ---- | C] () -- C:\Users\***\Desktop\Wow - Verknüpfung.lnk
[2011.12.17 19:29:29 | 000,001,338 | ---- | C] () -- C:\Users\***\Desktop\World of Warcraft-Installationsprogramm.lnk
[2011.12.12 23:59:18 | 000,000,529 | ---- | C] () -- C:\Users\***\Desktop\BOS-5.6.lnk
[2011.12.10 20:19:12 | 000,002,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2011.11.10 21:13:53 | 000,007,607 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.11.10 03:09:35 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011.11.10 03:09:31 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2011.11.10 03:09:31 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2011.11.10 03:01:40 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.05.31 04:24:17 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.05.31 04:23:33 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.05.31 04:23:31 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.05.31 04:23:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.04.13 03:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009.07.29 06:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.02.26 07:50:32 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
 
========== LOP Check ==========
 
[2011.12.10 19:52:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2011.11.09 19:40:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASUS WebStorage
[2011.12.08 18:20:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command and Conquer 4
[2011.11.10 20:37:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.01.07 21:04:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.11.19 11:44:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\iWin
[2011.11.09 20:33:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda
[2011.11.15 23:53:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011.11.12 19:17:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nuance
[2011.12.21 01:25:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2011.12.21 00:33:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2011.12.29 12:26:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2011.12.10 20:19:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011.11.10 23:24:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zeon
[2009.07.14 06:08:49 | 000,029,148 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.10 19:52:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2011.11.26 12:50:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2011.11.13 18:02:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2011.11.09 19:40:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASUS WebStorage
[2011.11.09 20:28:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2011.12.08 18:20:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command and Conquer 4
[2011.11.10 20:37:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.11.12 19:17:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FLEXnet
[2011.11.09 19:34:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Google
[2012.01.07 21:04:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.11.09 19:35:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2011.11.19 11:44:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\iWin
[2011.11.09 19:47:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.01.07 18:39:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011.12.21 00:33:49 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2011.11.09 20:33:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda
[2011.11.09 19:49:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2011.11.15 23:53:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011.11.12 19:17:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nuance
[2012.01.03 23:51:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2011.12.21 01:25:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2011.12.21 00:33:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2011.12.29 12:26:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2011.12.10 20:19:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011.11.16 19:58:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
[2011.11.10 23:24:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zeon
 
< %APPDATA%\*.exe /s >
[2011.11.10 21:04:39 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009.12.19 23:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\eSupport\eDriver\Software\Others\Intel\IRST\Vista64_Win7_64_10.1.0.1008\iaStor.sys
[2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:52DBE86F
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:81F83028

< End of report >

--- --- ---

Danke

cosinus · 09.01.2012, 22:03

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{af9a7ac0-0bd2-11e1-9530-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{af9a7ac0-0bd2-11e1-9530-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:52DBE86F
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:81F83028
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

T0bbes · 10.01.2012, 08:37

Hallo,

hier der Log von OTL.
So nebenbei gefragt, was macht der Prozess TrustedInstallater.exe? Ich habe bei google gelesen, dass dieser die Systemeigenen Dateie schützt, aber ist es normal das dieser 80% meines Arbeitsspeichers belegt? (Habe 4GB)
Der Prozess lief fast parallel zur Reinigung von OTL...
Und das die Windows Funktionen beim Neustart nei eingerichtet wurden ist auch richtig, oder?

Code:

ATTFilter

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af9a7ac0-0bd2-11e1-9530-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af9a7ac0-0bd2-11e1-9530-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af9a7ac0-0bd2-11e1-9530-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af9a7ac0-0bd2-11e1-9530-806e6f6e6963}\ not found.
File F:\Autorun.exe not found.
Unable to delete ADS C:\ProgramData\Temp:52DBE86F .
Unable to delete ADS C:\ProgramData\Temp:81F83028 .
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Tobias
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3031040 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 3,00 mb
 
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01102012_005147

Files\Folders moved on Reboot...
File\Folder C:\Users\Tobias\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Danke

cosinus · 10.01.2012, 10:02

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

T0bbes · 10.01.2012, 23:10

Hallo,

anbei die Logs vom TDSS-Killer.
Die unhide.exe benötige ich nicht. Habe auf alle Dateien vollen Zugriff:

Code:

ATTFilter

23:03:04.0244 4632	TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
23:03:04.0400 4632	============================================================
23:03:04.0400 4632	Current date / time: 2012/01/10 23:03:04.0400
23:03:04.0400 4632	SystemInfo:
23:03:04.0400 4632	
23:03:04.0400 4632	OS Version: 6.1.7601 ServicePack: 1.0
23:03:04.0400 4632	Product type: Workstation
23:03:04.0400 4632	ComputerName: ***-PC
23:03:04.0400 4632	UserName: ***
23:03:04.0400 4632	Windows directory: C:\Windows
23:03:04.0400 4632	System windows directory: C:\Windows
23:03:04.0400 4632	Running under WOW64
23:03:04.0400 4632	Processor architecture: Intel x64
23:03:04.0400 4632	Number of processors: 4
23:03:04.0400 4632	Page size: 0x1000
23:03:04.0400 4632	Boot type: Normal boot
23:03:04.0400 4632	============================================================
23:03:05.0538 4632	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000, SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
23:03:05.0960 4632	Initialize success
23:03:33.0587 1600	============================================================
23:03:33.0587 1600	Scan started
23:03:33.0587 1600	Mode: Manual; SigCheck; TDLFS; 
23:03:33.0587 1600	============================================================
23:03:35.0225 1600	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:03:35.0350 1600	1394ohci - ok
23:03:36.0068 1600	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:03:36.0130 1600	ACPI - ok
23:03:36.0692 1600	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:03:36.0910 1600	AcpiPmi - ok
23:03:37.0706 1600	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
23:03:37.0752 1600	adp94xx - ok
23:03:38.0267 1600	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
23:03:38.0314 1600	adpahci - ok
23:03:38.0891 1600	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
23:03:38.0938 1600	adpu320 - ok
23:03:39.0546 1600	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
23:03:39.0734 1600	AFD - ok
23:03:40.0373 1600	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:03:40.0404 1600	agp440 - ok
23:03:41.0122 1600	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:03:41.0153 1600	aliide - ok
23:03:41.0793 1600	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:03:41.0824 1600	amdide - ok
23:03:42.0557 1600	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
23:03:42.0666 1600	AmdK8 - ok
23:03:43.0353 1600	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
23:03:43.0415 1600	AmdPPM - ok
23:03:44.0148 1600	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:03:44.0180 1600	amdsata - ok
23:03:44.0960 1600	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
23:03:45.0006 1600	amdsbs - ok
23:03:45.0630 1600	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:03:45.0662 1600	amdxata - ok
23:03:46.0317 1600	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:03:46.0816 1600	AppID - ok
23:03:47.0362 1600	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
23:03:47.0393 1600	arc - ok
23:03:47.0970 1600	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
23:03:48.0017 1600	arcsas - ok
23:03:48.0189 1600	ASMMAP64        (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
23:03:48.0485 1600	ASMMAP64 - ok
23:03:49.0109 1600	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:03:49.0671 1600	AsyncMac - ok
23:03:50.0186 1600	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:03:50.0217 1600	atapi - ok
23:03:50.0732 1600	athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
23:03:50.0966 1600	athr - ok
23:03:51.0496 1600	atksgt          (4aef9ec86818375495fb78ca58df4e18) C:\Windows\system32\DRIVERS\atksgt.sys
23:03:51.0558 1600	atksgt ( UnsignedFile.Multi.Generic ) - warning
23:03:51.0558 1600	atksgt - detected UnsignedFile.Multi.Generic (1)
23:03:51.0746 1600	ATKWMIACPIIO    (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
23:03:51.0761 1600	ATKWMIACPIIO - ok
23:03:52.0292 1600	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
23:03:52.0323 1600	avgntflt - ok
23:03:52.0978 1600	avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
23:03:53.0009 1600	avipbb - ok
23:03:53.0477 1600	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
23:03:53.0493 1600	avkmgr - ok
23:03:54.0164 1600	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
23:03:54.0304 1600	b06bdrv - ok
23:03:54.0803 1600	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:03:54.0866 1600	b57nd60a - ok
23:03:55.0334 1600	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:03:55.0458 1600	Beep - ok
23:03:56.0004 1600	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:03:56.0082 1600	blbdrive - ok
23:03:56.0566 1600	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:03:56.0660 1600	bowser - ok
23:03:57.0330 1600	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
23:03:57.0658 1600	BrFiltLo - ok
23:03:58.0313 1600	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
23:03:58.0360 1600	BrFiltUp - ok
23:03:59.0109 1600	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:03:59.0249 1600	Brserid - ok
23:03:59.0936 1600	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:04:00.0060 1600	BrSerWdm - ok
23:04:00.0918 1600	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:04:01.0012 1600	BrUsbMdm - ok
23:04:01.0792 1600	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:04:01.0886 1600	BrUsbSer - ok
23:04:02.0572 1600	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
23:04:02.0712 1600	BthEnum - ok
23:04:03.0196 1600	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
23:04:03.0274 1600	BTHMODEM - ok
23:04:03.0992 1600	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
23:04:04.0070 1600	BthPan - ok
23:04:04.0663 1600	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
23:04:04.0897 1600	BTHPORT - ok
23:04:05.0521 1600	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
23:04:05.0615 1600	BTHUSB - ok
23:04:06.0240 1600	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:04:06.0349 1600	cdfs - ok
23:04:07.0068 1600	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:04:07.0146 1600	cdrom - ok
23:04:07.0692 1600	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
23:04:07.0832 1600	circlass - ok
23:04:08.0441 1600	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:04:08.0472 1600	CLFS - ok
23:04:09.0158 1600	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:04:09.0267 1600	CmBatt - ok
23:04:09.0969 1600	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:04:10.0001 1600	cmdide - ok
23:04:10.0609 1600	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
23:04:10.0718 1600	CNG - ok
23:04:11.0405 1600	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
23:04:11.0436 1600	Compbatt - ok
23:04:12.0075 1600	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:04:12.0185 1600	CompositeBus - ok
23:04:12.0824 1600	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
23:04:12.0855 1600	crcdisk - ok
23:04:13.0729 1600	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:04:13.0807 1600	DfsC - ok
23:04:14.0353 1600	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:04:14.0493 1600	discache - ok
23:04:15.0149 1600	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
23:04:15.0180 1600	Disk - ok
23:04:15.0913 1600	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:04:15.0991 1600	drmkaud - ok
23:04:16.0865 1600	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:04:16.0989 1600	DXGKrnl - ok
23:04:18.0113 1600	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
23:04:18.0331 1600	ebdrv - ok
23:04:19.0049 1600	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
23:04:19.0158 1600	elxstor - ok
23:04:19.0797 1600	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:04:19.0844 1600	ErrDev - ok
23:04:20.0562 1600	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:04:20.0640 1600	exfat - ok
23:04:21.0389 1600	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:04:21.0513 1600	fastfat - ok
23:04:22.0184 1600	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
23:04:22.0262 1600	fdc - ok
23:04:22.0902 1600	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:04:22.0933 1600	FileInfo - ok
23:04:23.0463 1600	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:04:23.0557 1600	Filetrace - ok
23:04:24.0197 1600	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
23:04:24.0243 1600	flpydisk - ok
23:04:24.0883 1600	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:04:24.0945 1600	FltMgr - ok
23:04:25.0663 1600	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:04:25.0694 1600	FsDepends - ok
23:04:26.0334 1600	fssfltr         (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
23:04:26.0365 1600	fssfltr - ok
23:04:26.0942 1600	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:04:26.0973 1600	Fs_Rec - ok
23:04:27.0504 1600	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:04:27.0551 1600	fvevol - ok
23:04:28.0159 1600	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
23:04:28.0190 1600	gagp30kx - ok
23:04:28.0830 1600	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:04:28.0845 1600	GEARAspiWDM - ok
23:04:29.0485 1600	hamachi         (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
23:04:29.0532 1600	hamachi - ok
23:04:30.0187 1600	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:04:30.0312 1600	hcw85cir - ok
23:04:30.0858 1600	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:04:30.0920 1600	HdAudAddService - ok
23:04:31.0638 1600	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:04:31.0669 1600	HDAudBus - ok
23:04:32.0418 1600	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
23:04:32.0511 1600	HidBatt - ok
23:04:33.0104 1600	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
23:04:33.0167 1600	HidBth - ok
23:04:33.0713 1600	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
23:04:33.0759 1600	HidIr - ok
23:04:34.0477 1600	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:04:34.0524 1600	HidUsb - ok
23:04:35.0195 1600	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:04:35.0226 1600	HpSAMD - ok
23:04:35.0881 1600	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:04:36.0146 1600	HTTP - ok
23:04:36.0801 1600	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:04:36.0833 1600	hwpolicy - ok
23:04:37.0488 1600	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:04:37.0519 1600	i8042prt - ok
23:04:38.0112 1600	iaStor          (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
23:04:38.0143 1600	iaStor - ok
23:04:38.0767 1600	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:04:38.0798 1600	iaStorV - ok
23:04:40.0545 1600	igfx            (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:04:41.0216 1600	igfx - ok
23:04:41.0903 1600	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
23:04:41.0934 1600	iirsp - ok
23:04:42.0807 1600	IntcAzAudAddService (c15a21b1e2291952424f361093734f95) C:\Windows\system32\drivers\RTKVHD64.sys
23:04:43.0026 1600	IntcAzAudAddService - ok
23:04:43.0775 1600	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
23:04:43.0915 1600	IntcDAud - ok
23:04:44.0711 1600	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:04:44.0726 1600	intelide - ok
23:04:45.0381 1600	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:04:45.0428 1600	intelppm - ok
23:04:46.0021 1600	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:04:46.0083 1600	IpFilterDriver - ok
23:04:46.0770 1600	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:04:46.0848 1600	IPMIDRV - ok
23:04:47.0612 1600	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:04:47.0784 1600	IPNAT - ok
23:04:48.0470 1600	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:04:48.0704 1600	IRENUM - ok
23:04:49.0297 1600	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:04:49.0328 1600	isapnp - ok
23:04:49.0968 1600	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:04:50.0015 1600	iScsiPrt - ok
23:04:50.0607 1600	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:04:50.0639 1600	kbdclass - ok
23:04:51.0216 1600	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:04:51.0278 1600	kbdhid - ok
23:04:52.0152 1600	kbfiltr         (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
23:04:52.0183 1600	kbfiltr - ok
23:04:52.0745 1600	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
23:04:52.0776 1600	KSecDD - ok
23:04:53.0306 1600	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
23:04:53.0337 1600	KSecPkg - ok
23:04:53.0915 1600	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:04:53.0993 1600	ksthunk - ok
23:04:54.0773 1600	L1C             (a4a9ca24e54e81c6c3e469eaeb4b3f42) C:\Windows\system32\DRIVERS\L1C62x64.sys
23:04:54.0804 1600	L1C - ok
23:04:55.0397 1600	lirsgt          (b658b7076b1acaa5876524595630f183) C:\Windows\system32\DRIVERS\lirsgt.sys
23:04:55.0443 1600	lirsgt ( UnsignedFile.Multi.Generic ) - warning
23:04:55.0443 1600	lirsgt - detected UnsignedFile.Multi.Generic (1)
23:04:56.0099 1600	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:04:56.0161 1600	lltdio - ok
23:04:56.0863 1600	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
23:04:56.0910 1600	LSI_FC - ok
23:04:57.0503 1600	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
23:04:57.0550 1600	LSI_SAS - ok
23:04:58.0205 1600	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
23:04:58.0236 1600	LSI_SAS2 - ok
23:04:58.0876 1600	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
23:04:58.0907 1600	LSI_SCSI - ok
23:04:59.0468 1600	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:04:59.0562 1600	luafv - ok
23:05:00.0295 1600	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
23:05:00.0326 1600	MBAMProtector - ok
23:05:01.0184 1600	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
23:05:01.0216 1600	megasas - ok
23:05:01.0918 1600	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
23:05:02.0011 1600	MegaSR - ok
23:05:02.0542 1600	MEIx64          (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
23:05:02.0573 1600	MEIx64 - ok
23:05:03.0275 1600	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:05:03.0353 1600	Modem - ok
23:05:04.0055 1600	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:05:04.0102 1600	monitor - ok
23:05:04.0663 1600	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:05:04.0710 1600	mouclass - ok
23:05:05.0350 1600	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:05:05.0412 1600	mouhid - ok
23:05:06.0114 1600	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:05:06.0130 1600	mountmgr - ok
23:05:06.0738 1600	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:05:06.0769 1600	mpio - ok
23:05:07.0409 1600	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:05:07.0518 1600	mpsdrv - ok
23:05:08.0142 1600	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:05:08.0360 1600	MRxDAV - ok
23:05:08.0891 1600	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:05:09.0000 1600	mrxsmb - ok
23:05:09.0702 1600	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:05:09.0827 1600	mrxsmb10 - ok
23:05:10.0357 1600	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:05:10.0435 1600	mrxsmb20 - ok
23:05:10.0888 1600	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:05:10.0919 1600	msahci - ok
23:05:11.0356 1600	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:05:11.0402 1600	msdsm - ok
23:05:12.0011 1600	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:05:12.0104 1600	Msfs - ok
23:05:12.0619 1600	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:05:12.0697 1600	mshidkmdf - ok
23:05:13.0321 1600	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:05:13.0352 1600	msisadrv - ok
23:05:14.0039 1600	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:05:14.0101 1600	MSKSSRV - ok
23:05:14.0585 1600	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:05:14.0663 1600	MSPCLOCK - ok
23:05:15.0022 1600	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:05:15.0131 1600	MSPQM - ok
23:05:15.0490 1600	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:05:15.0521 1600	MsRPC - ok
23:05:15.0864 1600	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:05:15.0880 1600	mssmbios - ok
23:05:16.0238 1600	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:05:16.0301 1600	MSTEE - ok
23:05:16.0644 1600	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
23:05:16.0691 1600	MTConfig - ok
23:05:17.0034 1600	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:05:17.0065 1600	Mup - ok
23:05:17.0408 1600	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:05:17.0471 1600	NativeWifiP - ok
23:05:17.0845 1600	NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
23:05:17.0908 1600	NDIS - ok
23:05:18.0251 1600	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:05:18.0313 1600	NdisCap - ok
23:05:18.0641 1600	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:05:18.0719 1600	NdisTapi - ok
23:05:19.0062 1600	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:05:19.0156 1600	Ndisuio - ok
23:05:19.0483 1600	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:05:19.0561 1600	NdisWan - ok
23:05:19.0920 1600	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:05:19.0998 1600	NDProxy - ok
23:05:20.0357 1600	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:05:20.0450 1600	NetBIOS - ok
23:05:20.0794 1600	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:05:20.0872 1600	NetBT - ok
23:05:21.0277 1600	netr28x         (f1814e62eb6e50472afc9903525ecec1) C:\Windows\system32\DRIVERS\netr28x.sys
23:05:21.0371 1600	netr28x - ok
23:05:21.0714 1600	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
23:05:21.0745 1600	nfrd960 - ok
23:05:22.0135 1600	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:05:22.0213 1600	Npfs - ok
23:05:22.0556 1600	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:05:22.0634 1600	nsiproxy - ok
23:05:23.0009 1600	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:05:23.0149 1600	Ntfs - ok
23:05:23.0492 1600	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:05:23.0570 1600	Null - ok
23:05:24.0226 1600	nvlddmkm        (41a7c6ed2bab4c304633b785c884a912) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:05:24.0694 1600	nvlddmkm - ok
23:05:25.0052 1600	nvpciflt        (d542153cb23459b8aad88cf17e36b670) C:\Windows\system32\DRIVERS\nvpciflt.sys
23:05:25.0068 1600	nvpciflt - ok
23:05:25.0427 1600	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:05:25.0458 1600	nvraid - ok
23:05:25.0801 1600	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:05:25.0832 1600	nvstor - ok
23:05:26.0222 1600	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:05:26.0254 1600	nv_agp - ok
23:05:26.0581 1600	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:05:26.0628 1600	ohci1394 - ok
23:05:27.0065 1600	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
23:05:27.0112 1600	Parport - ok
23:05:27.0439 1600	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:05:27.0470 1600	partmgr - ok
23:05:27.0814 1600	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:05:27.0845 1600	pci - ok
23:05:28.0204 1600	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:05:28.0219 1600	pciide - ok
23:05:28.0687 1600	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
23:05:28.0734 1600	pcmcia - ok
23:05:29.0093 1600	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:05:29.0093 1600	pcw - ok
23:05:29.0795 1600	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:05:29.0857 1600	PEAUTH - ok
23:05:30.0684 1600	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:05:30.0762 1600	PptpMiniport - ok
23:05:31.0324 1600	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
23:05:31.0402 1600	Processor - ok
23:05:31.0932 1600	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:05:32.0010 1600	Psched - ok
23:05:32.0400 1600	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
23:05:32.0462 1600	ql2300 - ok
23:05:32.0899 1600	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
23:05:32.0899 1600	ql40xx - ok
23:05:33.0242 1600	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:05:33.0274 1600	QWAVEdrv - ok
23:05:33.0617 1600	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:05:33.0648 1600	RasAcd - ok
23:05:34.0007 1600	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:05:34.0038 1600	RasAgileVpn - ok
23:05:34.0381 1600	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:05:34.0428 1600	Rasl2tp - ok
23:05:34.0865 1600	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:05:34.0896 1600	RasPppoe - ok
23:05:35.0239 1600	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:05:35.0286 1600	RasSstp - ok
23:05:35.0848 1600	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:05:35.0957 1600	rdbss - ok
23:05:36.0487 1600	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
23:05:36.0503 1600	rdpbus - ok
23:05:36.0877 1600	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:05:36.0924 1600	RDPCDD - ok
23:05:37.0423 1600	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:05:37.0470 1600	RDPENCDD - ok
23:05:38.0047 1600	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:05:38.0094 1600	RDPREFMP - ok
23:05:38.0578 1600	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
23:05:38.0624 1600	RDPWD - ok
23:05:39.0326 1600	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:05:39.0373 1600	rdyboost - ok
23:05:40.0590 1600	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
23:05:40.0652 1600	RFCOMM - ok
23:05:41.0276 1600	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:05:41.0370 1600	rspndr - ok
23:05:42.0322 1600	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:05:42.0368 1600	sbp2port - ok
23:05:43.0164 1600	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:05:43.0258 1600	scfilter - ok
23:05:44.0100 1600	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:05:44.0147 1600	secdrv - ok
23:05:44.0490 1600	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
23:05:44.0521 1600	Serenum - ok
23:05:44.0896 1600	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
23:05:44.0911 1600	Serial - ok
23:05:45.0239 1600	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
23:05:45.0270 1600	sermouse - ok
23:05:45.0598 1600	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:05:45.0613 1600	sffdisk - ok
23:05:45.0956 1600	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:05:45.0972 1600	sffp_mmc - ok
23:05:46.0315 1600	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:05:46.0331 1600	sffp_sd - ok
23:05:46.0658 1600	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:05:46.0674 1600	sfloppy - ok
23:05:47.0033 1600	Sftfs           (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
23:05:47.0064 1600	Sftfs - ok
23:05:47.0516 1600	Sftplay         (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:05:47.0579 1600	Sftplay - ok
23:05:48.0515 1600	Sftredir        (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:05:48.0546 1600	Sftredir - ok
23:05:48.0952 1600	Sftvol          (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
23:05:48.0967 1600	Sftvol - ok
23:05:50.0309 1600	SiSGbeLH        (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
23:05:50.0356 1600	SiSGbeLH - ok
23:05:50.0886 1600	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
23:05:50.0902 1600	SiSRaid2 - ok
23:05:51.0572 1600	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
23:05:51.0588 1600	SiSRaid4 - ok
23:05:52.0493 1600	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:05:52.0571 1600	Smb - ok
23:05:54.0022 1600	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:05:54.0068 1600	spldr - ok
23:05:54.0396 1600	sptd - ok
23:05:55.0379 1600	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:05:55.0769 1600	srv - ok
23:05:57.0391 1600	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:05:57.0454 1600	srv2 - ok
23:05:58.0592 1600	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:05:58.0624 1600	srvnet - ok
23:05:59.0575 1600	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
23:05:59.0591 1600	stexstor - ok
23:06:00.0402 1600	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:06:00.0464 1600	swenum - ok
23:06:02.0336 1600	SynTP           (f0d7c68cda9784689caa72c17af393b2) C:\Windows\system32\DRIVERS\SynTP.sys
23:06:02.0477 1600	SynTP - ok
23:06:03.0990 1600	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
23:06:04.0068 1600	Tcpip - ok
23:06:05.0363 1600	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
23:06:05.0394 1600	TCPIP6 - ok
23:06:08.0108 1600	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:06:08.0280 1600	tcpipreg - ok
23:06:10.0604 1600	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:06:10.0667 1600	TDPIPE - ok
23:06:12.0882 1600	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:06:12.0976 1600	TDTCP - ok
23:06:13.0662 1600	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:06:14.0192 1600	tdx - ok
23:06:15.0659 1600	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
23:06:15.0830 1600	TermDD - ok
23:06:16.0844 1600	truecrypt       (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys
23:06:16.0922 1600	truecrypt - ok
23:06:17.0546 1600	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:06:17.0609 1600	tssecsrv - ok
23:06:18.0638 1600	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:06:18.0701 1600	TsUsbFlt - ok
23:06:19.0216 1600	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
23:06:19.0278 1600	TsUsbGD - ok
23:06:19.0590 1600	TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
23:06:19.0621 1600	TuneUpUtilitiesDrv - ok
23:06:20.0744 1600	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:06:20.0822 1600	tunnel - ok
23:06:21.0618 1600	TurboB          (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
23:06:21.0634 1600	TurboB - ok
23:06:22.0616 1600	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
23:06:22.0741 1600	uagp35 - ok
23:06:23.0318 1600	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:06:23.0412 1600	udfs - ok
23:06:24.0613 1600	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:06:24.0660 1600	uliagpkx - ok
23:06:25.0253 1600	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
23:06:25.0300 1600	umbus - ok
23:06:26.0189 1600	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
23:06:26.0282 1600	UmPass - ok
23:06:26.0938 1600	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
23:06:27.0016 1600	USBAAPL64 - ok
23:06:27.0437 1600	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:06:27.0499 1600	usbccgp - ok
23:06:28.0451 1600	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:06:28.0513 1600	usbcir - ok
23:06:29.0278 1600	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
23:06:29.0340 1600	usbehci - ok
23:06:30.0073 1600	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:06:30.0104 1600	usbhub - ok
23:06:30.0760 1600	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:06:30.0791 1600	usbohci - ok
23:06:31.0290 1600	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:06:31.0384 1600	usbprint - ok
23:06:32.0195 1600	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:06:32.0304 1600	usbscan - ok
23:06:32.0850 1600	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:06:32.0912 1600	USBSTOR - ok
23:06:33.0568 1600	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:06:33.0755 1600	usbuhci - ok
23:06:34.0472 1600	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
23:06:34.0535 1600	usbvideo - ok
23:06:35.0112 1600	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:06:35.0159 1600	vdrvroot - ok
23:06:35.0752 1600	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:06:35.0798 1600	vga - ok
23:06:36.0422 1600	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:06:36.0500 1600	VgaSave - ok
23:06:37.0202 1600	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:06:37.0249 1600	vhdmp - ok
23:06:38.0045 1600	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:06:38.0092 1600	viaide - ok
23:06:38.0918 1600	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:06:38.0965 1600	volmgr - ok
23:06:39.0605 1600	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:06:39.0776 1600	volmgrx - ok
23:06:40.0634 1600	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:06:40.0681 1600	volsnap - ok
23:06:41.0399 1600	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
23:06:41.0430 1600	vsmraid - ok
23:06:42.0413 1600	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:06:42.0522 1600	vwifibus - ok
23:06:43.0318 1600	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:06:43.0380 1600	vwififlt - ok
23:06:44.0113 1600	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
23:06:44.0191 1600	vwifimp - ok
23:06:44.0800 1600	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
23:06:44.0878 1600	WacomPen - ok
23:06:45.0439 1600	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:06:45.0564 1600	WANARP - ok
23:06:45.0642 1600	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:06:45.0704 1600	Wanarpv6 - ok
23:06:46.0406 1600	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
23:06:46.0453 1600	Wd - ok
23:06:47.0155 1600	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:06:47.0249 1600	Wdf01000 - ok
23:06:47.0764 1600	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:06:47.0826 1600	WfpLwf - ok
23:06:48.0372 1600	WimFltr         (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
23:06:48.0419 1600	WimFltr - ok
23:06:48.0949 1600	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:06:48.0996 1600	WIMMount - ok
23:06:49.0573 1600	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:06:49.0620 1600	WinUsb - ok
23:06:50.0182 1600	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:06:50.0197 1600	WmiAcpi - ok
23:06:50.0931 1600	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:06:51.0024 1600	ws2ifsl - ok
23:06:51.0508 1600	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:06:51.0586 1600	WudfPf - ok
23:06:52.0069 1600	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:06:52.0132 1600	WUDFRd - ok
23:06:52.0225 1600	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:06:52.0537 1600	\Device\Harddisk0\DR0 - ok
23:06:52.0537 1600	Boot (0x1200)   (a6eb552a4f4af289f9d6204ef7d012fc) \Device\Harddisk0\DR0\Partition0
23:06:52.0537 1600	\Device\Harddisk0\DR0\Partition0 - ok
23:06:52.0584 1600	Boot (0x1200)   (8dbb6bd9eac3859a67c4ca6ec0953aa1) \Device\Harddisk0\DR0\Partition1
23:06:52.0600 1600	\Device\Harddisk0\DR0\Partition1 - ok
23:06:52.0600 1600	============================================================
23:06:52.0600 1600	Scan finished
23:06:52.0600 1600	============================================================
23:06:52.0600 4232	Detected object count: 2
23:06:52.0600 4232	Actual detected object count: 2
23:08:08.0931 4232	atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
23:08:08.0931 4232	atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:08:08.0931 4232	lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
23:08:08.0931 4232	lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 11.01.2012, 10:42

Ist auch unauffällig. Bevor wir tiefer graben: hast du übernoch noch Probleme offen? Die nächsten Tools die ich aufgeben würde sollte man nicht unbedingt einsetzen, wenn man es vermeiden kann.

05.01.2012, 12:21	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Antivir schlägt an - HTML/Infected.WebPage.Gen2 Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner. __________________ __________________

11.01.2012, 10:42	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Antivir schlägt an - HTML/Infected.WebPage.Gen2 Ist auch unauffällig. Bevor wir tiefer graben: hast du übernoch noch Probleme offen? Die nächsten Tools die ich aufgeben würde sollte man nicht unbedingt einsetzen, wenn man es vermeiden kann. __________________ Logfiles bitte immer in CODE-Tags posten

Antivir schlägt an - HTML/Infected.WebPage.Gen2

Log-Analyse und Auswertung: Antivir schlägt an - HTML/Infected.WebPage.Gen2