Backdoor.Win32.LolBot!IK - Trojaner oder nicht?

cosinus · 17.01.2012, 20:23

Zitat:

(Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe

Eine zusätzliche bzw. andere Software-Firewall und v.a. sowas wie SecuritySuites sind Quatsch mit Sauce, in vielen Fällen kontraproduktiv und Ursache für die "lustigsten" Fehler.
Bitte umgehend deinstallieren, Windows danach neustarten und sicherstellen, dass die Windows-Firewall aktiv ist und keine gefährlichen "Löcher" (siehe Ausnahmeliste) hat.

Mach danach wieder wie o.g. einen neuen OTL-CustomScan

Heimdal82 · 17.01.2012, 21:14

Hmm...jetzt bin ich leicht verwirrt...eigentlich hab ich immer wieder gelesen, das nur die Windows-Firewall nicht ausreichend sei...deshalb hab ich mich mal Jahren schon umgehört und bin bei Zonealarm gelandet... Reicht die Windows-Firewall oder nicht??????
Aber okay...hab sie deinstalliert (wobei ich ehrlich zugeben muß mit ziemlich viel Unbehagen) und OTL noch mal durchlaufen lassen...
Hier die Logfile
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 17/01/2012 21:00:07 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Master of Desaster\Desktop\Backdoor.Win32.LolBot!IK
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: Großbritannien | Language: ENG | Date Format: dd/MM/yyyy
 
3.00 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 63.70% Memory free
6.22 Gb Paging File | 5.13 Gb Available in Paging File | 82.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 47.67 Gb Free Space | 48.82% Space Free | Partition Type: NTFS
Drive D: | 368.10 Gb Total Space | 101.61 Gb Free Space | 27.60% Space Free | Partition Type: NTFS
Drive E: | 7.87 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 695.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 465.65 Gb Total Space | 217.59 Gb Free Space | 46.73% Space Free | Partition Type: FAT32
 
Computer Name: HORT-DES-CHAOS | User Name: Master of Desaster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/01/15 12:20:16 | 002,998,832 | ---- | M] (Emsi Software GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe
PRC - [2012/01/14 18:51:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Master of Desaster\Desktop\Backdoor.Win32.LolBot!IK\OTL.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- d:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/10/15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 09:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/10/15 09:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/10/11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/04/11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- D:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/05/07 15:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (nosGetPlusHelper) getPlus(R)
SRV - File not found [Auto | Stopped] --  -- (IswSvc)
SRV - [2012/01/15 12:20:16 | 002,998,832 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- d:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/10/11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/09/30 19:34:21 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- D:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2005/11/17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- d:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/08 17:12:01 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/11/02 10:13:12 | 000,051,632 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2011/10/15 09:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/10/11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/05/19 13:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2011/02/09 15:44:55 | 000,075,264 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV79.sys -- (SSHDRV79)
DRV - [2010/11/16 09:22:21 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/11/16 09:22:09 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/03 16:45:07 | 000,059,520 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2009/02/03 16:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/11/21 10:35:06 | 000,569,344 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/04/03 09:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2007/02/08 18:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006/11/30 14:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006/06/14 15:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 AA B0 CB 3D A9 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: d:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: d:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: d:\programme\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: d:\programme\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: d:\programme\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/21 20:45:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011/12/07 17:51:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012/01/14 12:17:36 | 000,000,000 | ---D | M]
 
[2011/03/07 07:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Master of Desaster\AppData\Roaming\mozilla\Extensions
[2012/01/08 17:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Master of Desaster\AppData\Roaming\mozilla\Firefox\Profiles\74ro8g6q.default\extensions
[2011/04/19 16:55:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Master of Desaster\AppData\Roaming\mozilla\Firefox\Profiles\74ro8g6q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/19 15:13:08 | 000,000,933 | ---- | M] () -- C:\Users\Master of Desaster\AppData\Roaming\Mozilla\Firefox\Profiles\74ro8g6q.default\searchplugins\11-suche.xml
[2011/12/19 15:13:08 | 000,002,419 | ---- | M] () -- C:\Users\Master of Desaster\AppData\Roaming\Mozilla\Firefox\Profiles\74ro8g6q.default\searchplugins\englische-ergebnisse.xml
[2011/12/19 15:13:08 | 000,010,525 | ---- | M] () -- C:\Users\Master of Desaster\AppData\Roaming\Mozilla\Firefox\Profiles\74ro8g6q.default\searchplugins\gmx-suche.xml
[2011/12/19 15:13:08 | 000,002,457 | ---- | M] () -- C:\Users\Master of Desaster\AppData\Roaming\Mozilla\Firefox\Profiles\74ro8g6q.default\searchplugins\lastminute.xml
[2011/12/19 15:13:08 | 000,005,508 | ---- | M] () -- C:\Users\Master of Desaster\AppData\Roaming\Mozilla\Firefox\Profiles\74ro8g6q.default\searchplugins\webde-suche.xml
() (No name found) -- C:\USERS\MASTER OF DESASTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74RO8G6Q.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
 
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandenes PDF anfügen - d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} hxxp://www.smartphoto.de/ExtraFilmUploader6.cab (ExtraFilm Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8429BA10-518A-4778-AC94-966DB9F88E55}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (D:\Programme\SuperAntiSpyware\SASWINLO.DLL) -  File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/10/24 10:35:04 | 000,161,070 | R--- | M] () - E:\autorun.ico -- [ UDF ]
O32 - AutoRun File - [2011/10/24 10:34:22 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2002/09/27 18:26:44 | 000,098,304 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/09/27 18:26:44 | 000,002,998 | R--- | M] () - F:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2002/09/27 18:26:44 | 000,000,051 | R--- | M] () - F:\AutoRun.inf -- [ CDFS ]
O33 - MountPoints2\{1e039f04-cca5-11df-ae25-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1e039f04-cca5-11df-ae25-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2011/10/24 10:35:04 | 000,378,144 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{1e039f05-cca5-11df-ae25-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1e039f05-cca5-11df-ae25-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2002/09/27 18:26:44 | 000,098,304 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe - ()
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk - D:\Programme\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Users^Master of Desaster^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\MASTER~1\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - D:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Programme\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - D:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - d:\Programme\CyberLink\PowerDVD\Language\Language.exe ()
MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - d:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - D:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: PDFPrint - hkey= - key= - d:\Programme\PDFDrucker\PDFPrintBackend.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - d:\Programme\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - d:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: Steam - hkey= - key= - D:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - D:\Programme\update\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - D:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.divxa32 - C:\Windows\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/16 21:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/15 12:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012/01/15 12:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012/01/14 19:33:39 | 000,000,000 | ---D | C] -- C:\Users\Master of Desaster\Desktop\Backdoor.Win32.LolBot!IK
[2012/01/14 12:17:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/23 10:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/23 10:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/17 21:01:25 | 000,632,094 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/01/17 21:01:25 | 000,598,792 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/17 21:01:25 | 000,127,356 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/01/17 21:01:25 | 000,104,806 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/17 20:55:41 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/17 20:55:40 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/17 20:55:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/16 15:42:30 | 000,750,248 | ---- | M] () -- C:\Users\Master of Desaster\Desktop\Oxidation of Cys278 of ADH I isozyme from Kluyveromyces lactis by naturally occurring disulfides causes its reversible inactivationOriginal.pdf
[2012/01/16 15:01:54 | 000,997,848 | ---- | M] () -- C:\Users\Master of Desaster\Desktop\Characterization of the programmed cell death induced.pdf
[2012/01/13 16:55:10 | 000,070,144 | ---- | M] () -- C:\Users\Master of Desaster\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/23 13:36:59 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/12/19 18:25:55 | 000,268,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012/01/16 15:42:30 | 000,750,248 | ---- | C] () -- C:\Users\Master of Desaster\Desktop\Oxidation of Cys278 of ADH I isozyme from Kluyveromyces lactis by naturally occurring disulfides causes its reversible inactivationOriginal.pdf
[2012/01/16 15:01:54 | 000,997,848 | ---- | C] () -- C:\Users\Master of Desaster\Desktop\Characterization of the programmed cell death induced.pdf
[2011/10/14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/09/25 17:16:12 | 000,073,424 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011/08/15 10:31:11 | 000,017,408 | ---- | C] () -- C:\Users\Master of Desaster\AppData\Local\WebpageIcons.db
[2011/05/04 15:01:23 | 000,004,096 | -H-- | C] () -- C:\Users\Master of Desaster\AppData\Local\keyfile3.drm
[2011/04/07 09:26:53 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/04/03 11:18:54 | 000,000,081 | ---- | C] () -- C:\Users\Master of Desaster\AppData\Roaming\clipcatcher.ini
[2011/04/01 11:37:15 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2011/04/01 11:36:02 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011/03/07 07:11:36 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/09 15:44:55 | 000,075,264 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV79.sys
[2011/01/24 20:12:00 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010/11/16 09:22:10 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010/11/16 09:22:09 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010/11/10 21:53:09 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/10/11 17:51:35 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2010/10/01 08:43:00 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/10/01 08:07:42 | 000,070,144 | ---- | C] () -- C:\Users\Master of Desaster\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/30 21:34:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/09/30 21:34:16 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/09/30 21:01:46 | 001,513,984 | ---- | C] () -- C:\Windows\System32\Mgxrdr80.dll
[2010/09/30 21:01:45 | 000,338,944 | ---- | C] () -- C:\Windows\System32\LFFPX7.DLL
[2010/09/30 21:01:45 | 000,118,784 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL
[2010/09/30 21:01:40 | 000,064,000 | ---- | C] () -- C:\Windows\System32\Ppiv30.dll
[2010/09/30 21:01:40 | 000,000,986 | ---- | C] () -- C:\Windows\Mgxclean.sys
[2010/09/30 21:01:40 | 000,000,100 | ---- | C] () -- C:\Windows\MGXCLEAN.DAT
[2010/09/30 20:06:39 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2010/09/30 20:00:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/09/30 19:28:37 | 000,001,025 | ---- | C] () -- C:\Windows\System32\jqgkhtc.dll
[2010/09/30 19:28:37 | 000,000,204 | ---- | C] () -- C:\Windows\System32\nvxe6wa.dll
[2010/09/30 19:28:36 | 000,001,025 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2010/09/30 19:28:36 | 000,001,025 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2010/09/30 19:28:36 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2010/09/30 19:28:36 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2010/09/30 19:28:36 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2010/09/30 19:28:36 | 000,000,072 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2010/09/30 19:28:36 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\mb6a5lr.dll
[2010/09/30 19:16:12 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/09/30 18:52:12 | 000,000,028 | R--- | C] () -- C:\Windows\System32\drivers\VERSION.DAT
[2010/09/30 16:20:37 | 000,000,680 | ---- | C] () -- C:\Users\Master of Desaster\AppData\Local\d3d9caps.dat
[2008/06/12 19:36:38 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/04/12 06:41:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/04/12 06:30:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/01/21 08:15:58 | 000,632,094 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 08:15:58 | 000,127,356 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,268,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,598,792 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,104,806 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/05/04 09:36:12 | 000,245,760 | R--- | C] () -- C:\Windows\System32\setupsup.dll
[2003/02/20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1996/03/21 23:32:26 | 000,162,304 | ---- | C] () -- C:\Windows\System32\DLWBC31.DLL
 
========== LOP Check ==========
 
[2011/01/15 18:22:46 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Atari
[2011/04/19 22:54:52 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\BOM
[2011/08/12 14:59:50 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Broken Sword 2.5
[2011/11/15 20:40:01 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Canneverbe Limited
[2010/09/30 19:43:42 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\CheckPoint
[2011/05/04 18:23:00 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Dropbox
[2011/12/07 18:43:15 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\DVDVideoSoft
[2011/12/08 21:12:40 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\FLV Extract
[2011/04/03 11:17:22 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\GetRightToGo
[2011/04/01 11:40:30 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\MAGIX
[2012/01/17 20:42:55 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\MySQL
[2011/04/03 10:29:25 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\MyVideoDownloader
[2011/04/03 10:29:29 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\MyVideoDownloaderHD
[2011/02/22 16:09:32 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Opera
[2011/03/15 20:23:29 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Scalabium
[2010/09/30 20:58:23 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\ScummVM
[2011/03/06 19:49:42 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Ubisoft
[2011/12/08 21:43:33 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\XMedia Recode
[2012/01/17 20:54:15 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/02/17 12:30:11 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Adobe
[2010/10/14 21:22:15 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Apple Computer
[2011/01/15 18:22:46 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Atari
[2011/11/23 20:55:09 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Avira
[2011/04/19 22:54:52 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\BOM
[2011/08/12 14:59:50 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Broken Sword 2.5
[2011/11/15 20:40:01 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Canneverbe Limited
[2010/09/30 19:43:42 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\CheckPoint
[2010/10/01 08:59:51 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\CyberLink
[2010/12/19 14:17:53 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\DivX
[2011/05/04 18:23:00 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Dropbox
[2011/12/07 18:43:15 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\DVDVideoSoft
[2011/12/08 21:12:40 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\FLV Extract
[2011/04/03 11:17:22 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\GetRightToGo
[2010/09/30 16:20:41 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Identities
[2010/09/30 18:45:36 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Macromedia
[2011/04/01 11:40:30 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\MAGIX
[2011/11/22 10:28:38 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Malwarebytes
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Media Center Programs
[2011/03/15 20:28:09 | 000,000,000 | --SD | M] -- C:\Users\Master of Desaster\AppData\Roaming\Microsoft
[2011/03/07 07:11:37 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Mozilla
[2012/01/17 20:42:55 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\MySQL
[2011/04/03 10:29:25 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\MyVideoDownloader
[2011/04/03 10:29:29 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\MyVideoDownloaderHD
[2010/09/30 20:53:15 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Nero
[2011/10/26 19:40:33 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\NVIDIA
[2011/02/22 16:09:32 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Opera
[2011/12/09 08:55:29 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Real
[2011/03/15 20:23:29 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Scalabium
[2010/09/30 20:58:23 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\ScummVM
[2011/02/01 17:33:12 | 000,000,000 | RH-D | M] -- C:\Users\Master of Desaster\AppData\Roaming\SecuROM
[2011/11/23 14:20:59 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\SUPERAntiSpyware.com
[2011/03/06 19:49:42 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Ubisoft
[2011/08/05 09:07:54 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\vlc
[2011/12/19 12:54:33 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Winamp
[2010/09/30 20:58:19 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\WinRAR
[2011/12/08 21:43:33 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\XMedia Recode
 
< %APPDATA%\*.exe /s >
[2011/03/31 03:42:50 | 023,360,040 | ---- | M] (Dropbox, Inc.) -- C:\Users\Master of Desaster\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011/03/31 03:42:54 | 000,155,424 | ---- | M] (Dropbox, Inc.) -- C:\Users\Master of Desaster\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011/02/07 19:17:59 | 000,010,134 | R--- | M] () -- C:\Users\Master of Desaster\AppData\Roaming\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\ARPPRODUCTICON.exe
[2011/02/07 19:17:59 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Master of Desaster\AppData\Roaming\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\NewShortcut1_1A4E47DC67014A85AA16C1F99A44598C.exe
[2011/02/07 19:17:59 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Master of Desaster\AppData\Roaming\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\NewShortcut5_1A4E47DC67014A85AA16C1F99A44598C.exe
[2011/11/28 12:04:37 | 000,010,134 | R--- | M] () -- C:\Users\Master of Desaster\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
[2011/10/20 18:41:33 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Master of Desaster\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe
[2011/10/21 07:43:01 | 026,533,840 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Master of Desaster\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_data\RealPlayer_de.exe
[2011/10/21 07:36:48 | 000,676,624 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Master of Desaster\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_exe\RealPlayer_de.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008/01/21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009/04/11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009/04/11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008/01/21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008/01/21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008/01/21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

--- --- ---

[/code]

cosinus · 17.01.2012, 22:33

Zitat:

die Windows-Firewall oder nicht??????

Mehr Fragezeichen machen aus der Frage keine Super-Frage sieht einfach nur ... aus

Die Windows-Firewall ist auf jeden Fall vorzuziehen. ZoneAlarm ist Schund mit utopischen Versprechungen und für viele Probleme ist dieses "Spielzeug" die Ursache.

Code:

ATTFilter

Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)

Wo du schonmal dabei bist; Avira und Emsi A² parallel ist auch eine schlechte Idee. Bitte einen der beiden ebenfalls deinstallieren

Heimdal82 · 17.01.2012, 23:50

Ich habe eigentlich als Echtschutz Avira laufen. Emsisoft hatte ich noch nach meinen letzten Trojaner-Problem behalten und vergessen zu deinstallieren...aber evtl. bleib ich nun auch dabei und lösche das andere Programm.
Okay, heißt das nun, mein Rechner ist sauber?
Und kannst du mir eine andere Firewall empfehlen? Ich trau der Windows-Firewall einfach nur bedingt über den Weg...

cosinus · 18.01.2012, 12:00

Zitat:

Ich trau der Windows-Firewall einfach nur bedingt über den Weg...

Sry aber das ist einfach nur Quatsch. Dann musst du auch konsequenterweise das Betriebssystem wechseln wenn du MS bzw. Windows in einem sehr wichtigen Kernteil nicht traust.

Lies einfach mal hier, ich denke dann sollte es etwas klarer werden:

Die Vertrauensbrecher c't Editorial über Internet Security Suites und warum sie idR nichts taugen
Oberthal online: Personal Firewalls: Sinnvoll oder sinnfrei?
personal firewalls ? Wiki ? ubuntuusers.de

Dann wirst Du feststellen, dass es einfach nur unnötig ist, sich das System mit einer weiteren "Schutzkomponente" zu verhunzen...

Malwarebefall vermeiden kannst Du sowieso nur, wenn Du selbst Dein verhalten in den Griff bekommst => Kompromittierung unvermeidbar?

Heimdal82 · 18.01.2012, 16:29

Danke für die Links...sobald die Prüfungszeit vorbei ist, werd ich mir die in Ruhe mal durchlesen.
Nur weiß ich jetzt leider noch nicht, ob die Datei ein Trojaner ist oder nicht.

cosinus · 18.01.2012, 17:15

Wir sind hier auch noch nicht fertig, ich hab nicht geschrieben dein Rechner ist nun ok.
Wenn nun der andere Scanner auch weg ist machst du erneut einen OTL-CustomScan da sich das System signifikant verändert hat

Heimdal82 · 18.01.2012, 17:55

Schade...ich hatte mich schon gefreut...
Okay, hier die neue Logfile

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 18/01/2012 17:41:28 - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Master of Desaster\Desktop\Backdoor.Win32.LolBot!IK
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: Großbritannien | Language: ENG | Date Format: dd/MM/yyyy
 
3.00 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 64.41% Memory free
6.19 Gb Paging File | 5.08 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 45.50 Gb Free Space | 46.59% Space Free | Partition Type: NTFS
Drive D: | 368.10 Gb Total Space | 101.76 Gb Free Space | 27.64% Space Free | Partition Type: NTFS
Drive E: | 7.87 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 695.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 465.65 Gb Total Space | 217.59 Gb Free Space | 46.73% Space Free | Partition Type: FAT32
 
Computer Name: HORT-DES-CHAOS | User Name: Master of Desaster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/01/15 12:20:16 | 002,998,832 | ---- | M] (Emsi Software GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe
PRC - [2012/01/14 18:51:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Master of Desaster\Desktop\Backdoor.Win32.LolBot!IK\OTL.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- d:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/10/15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 09:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/10/15 09:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/04/11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- D:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/05/07 15:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (nosGetPlusHelper) getPlus(R)
SRV - File not found [Auto | Stopped] --  -- (IswSvc)
SRV - [2012/01/15 12:20:16 | 002,998,832 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- d:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/09/30 19:34:21 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- D:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2005/11/17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- d:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/02 10:13:12 | 000,051,632 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2011/10/15 09:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/05/19 13:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2011/02/09 15:44:55 | 000,075,264 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV79.sys -- (SSHDRV79)
DRV - [2010/11/16 09:22:21 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/11/16 09:22:09 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/02/03 16:45:07 | 000,059,520 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2009/02/03 16:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/11/21 10:35:06 | 000,569,344 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/04/03 09:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2007/02/08 18:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006/11/30 14:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006/06/14 15:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 AA B0 CB 3D A9 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: d:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: d:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: d:\programme\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: d:\programme\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: d:\programme\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/21 20:45:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011/12/07 17:51:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012/01/14 12:17:36 | 000,000,000 | ---D | M]
 
[2011/03/07 07:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Master of Desaster\AppData\Roaming\mozilla\Extensions
[2012/01/08 17:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Master of Desaster\AppData\Roaming\mozilla\Firefox\Profiles\74ro8g6q.default\extensions
[2011/04/19 16:55:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Master of Desaster\AppData\Roaming\mozilla\Firefox\Profiles\74ro8g6q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/19 15:13:08 | 000,000,933 | ---- | M] () -- C:\Users\Master of Desaster\AppData\Roaming\Mozilla\Firefox\Profiles\74ro8g6q.default\searchplugins\11-suche.xml
[2011/12/19 15:13:08 | 000,002,419 | ---- | M] () -- C:\Users\Master of Desaster\AppData\Roaming\Mozilla\Firefox\Profiles\74ro8g6q.default\searchplugins\englische-ergebnisse.xml
[2011/12/19 15:13:08 | 000,010,525 | ---- | M] () -- C:\Users\Master of Desaster\AppData\Roaming\Mozilla\Firefox\Profiles\74ro8g6q.default\searchplugins\gmx-suche.xml
[2011/12/19 15:13:08 | 000,002,457 | ---- | M] () -- C:\Users\Master of Desaster\AppData\Roaming\Mozilla\Firefox\Profiles\74ro8g6q.default\searchplugins\lastminute.xml
[2011/12/19 15:13:08 | 000,005,508 | ---- | M] () -- C:\Users\Master of Desaster\AppData\Roaming\Mozilla\Firefox\Profiles\74ro8g6q.default\searchplugins\webde-suche.xml
() (No name found) -- C:\USERS\MASTER OF DESASTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\74RO8G6Q.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
 
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandenes PDF anfügen - d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - d:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} hxxp://www.smartphoto.de/ExtraFilmUploader6.cab (ExtraFilm Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8429BA10-518A-4778-AC94-966DB9F88E55}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (D:\Programme\SuperAntiSpyware\SASWINLO.DLL) -  File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/10/24 10:35:04 | 000,161,070 | R--- | M] () - E:\autorun.ico -- [ UDF ]
O32 - AutoRun File - [2011/10/24 10:34:22 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2002/09/27 18:26:44 | 000,098,304 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/09/27 18:26:44 | 000,002,998 | R--- | M] () - F:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2002/09/27 18:26:44 | 000,000,051 | R--- | M] () - F:\AutoRun.inf -- [ CDFS ]
O33 - MountPoints2\{1e039f04-cca5-11df-ae25-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1e039f04-cca5-11df-ae25-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2011/10/24 10:35:04 | 000,378,144 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{1e039f05-cca5-11df-ae25-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1e039f05-cca5-11df-ae25-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2002/09/27 18:26:44 | 000,098,304 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe - ()
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk - D:\Programme\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Users^Master of Desaster^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\MASTER~1\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - D:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Programme\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - D:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - d:\Programme\CyberLink\PowerDVD\Language\Language.exe ()
MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - d:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - D:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: PDFPrint - hkey= - key= - d:\Programme\PDFDrucker\PDFPrintBackend.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - d:\Programme\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - d:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: Steam - hkey= - key= - D:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - D:\Programme\update\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - D:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.divxa32 - C:\Windows\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/16 21:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/15 12:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012/01/15 12:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012/01/14 19:33:39 | 000,000,000 | ---D | C] -- C:\Users\Master of Desaster\Desktop\Backdoor.Win32.LolBot!IK
[2012/01/14 12:17:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/23 10:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/23 10:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/18 17:41:57 | 000,632,094 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/01/18 17:41:57 | 000,598,792 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/18 17:41:57 | 000,127,356 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/01/18 17:41:57 | 000,104,806 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/18 17:36:21 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/18 17:36:21 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/18 17:36:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/16 15:42:30 | 000,750,248 | ---- | M] () -- C:\Users\Master of Desaster\Desktop\Oxidation of Cys278 of ADH I isozyme from Kluyveromyces lactis by naturally occurring disulfides causes its reversible inactivationOriginal.pdf
[2012/01/16 15:01:54 | 000,997,848 | ---- | M] () -- C:\Users\Master of Desaster\Desktop\Characterization of the programmed cell death induced.pdf
[2012/01/13 16:55:10 | 000,070,144 | ---- | M] () -- C:\Users\Master of Desaster\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/23 13:36:59 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/12/19 18:25:55 | 000,268,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012/01/16 15:42:30 | 000,750,248 | ---- | C] () -- C:\Users\Master of Desaster\Desktop\Oxidation of Cys278 of ADH I isozyme from Kluyveromyces lactis by naturally occurring disulfides causes its reversible inactivationOriginal.pdf
[2012/01/16 15:01:54 | 000,997,848 | ---- | C] () -- C:\Users\Master of Desaster\Desktop\Characterization of the programmed cell death induced.pdf
[2011/10/14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/09/25 17:16:12 | 000,073,424 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011/08/15 10:31:11 | 000,017,408 | ---- | C] () -- C:\Users\Master of Desaster\AppData\Local\WebpageIcons.db
[2011/05/04 15:01:23 | 000,004,096 | -H-- | C] () -- C:\Users\Master of Desaster\AppData\Local\keyfile3.drm
[2011/04/07 09:26:53 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/04/03 11:18:54 | 000,000,081 | ---- | C] () -- C:\Users\Master of Desaster\AppData\Roaming\clipcatcher.ini
[2011/04/01 11:37:15 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2011/04/01 11:36:02 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011/03/07 07:11:36 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/09 15:44:55 | 000,075,264 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV79.sys
[2011/01/24 20:12:00 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010/11/16 09:22:10 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010/11/16 09:22:09 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010/11/10 21:53:09 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/10/11 17:51:35 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2010/10/01 08:43:00 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/10/01 08:07:42 | 000,070,144 | ---- | C] () -- C:\Users\Master of Desaster\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/30 21:34:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/09/30 21:34:16 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/09/30 21:01:46 | 001,513,984 | ---- | C] () -- C:\Windows\System32\Mgxrdr80.dll
[2010/09/30 21:01:45 | 000,338,944 | ---- | C] () -- C:\Windows\System32\LFFPX7.DLL
[2010/09/30 21:01:45 | 000,118,784 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL
[2010/09/30 21:01:40 | 000,064,000 | ---- | C] () -- C:\Windows\System32\Ppiv30.dll
[2010/09/30 21:01:40 | 000,000,986 | ---- | C] () -- C:\Windows\Mgxclean.sys
[2010/09/30 21:01:40 | 000,000,100 | ---- | C] () -- C:\Windows\MGXCLEAN.DAT
[2010/09/30 20:06:39 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2010/09/30 20:00:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/09/30 19:28:37 | 000,001,025 | ---- | C] () -- C:\Windows\System32\jqgkhtc.dll
[2010/09/30 19:28:37 | 000,000,204 | ---- | C] () -- C:\Windows\System32\nvxe6wa.dll
[2010/09/30 19:28:36 | 000,001,025 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2010/09/30 19:28:36 | 000,001,025 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2010/09/30 19:28:36 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2010/09/30 19:28:36 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2010/09/30 19:28:36 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2010/09/30 19:28:36 | 000,000,072 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2010/09/30 19:28:36 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\mb6a5lr.dll
[2010/09/30 19:16:12 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/09/30 18:52:12 | 000,000,028 | R--- | C] () -- C:\Windows\System32\drivers\VERSION.DAT
[2010/09/30 16:20:37 | 000,000,680 | ---- | C] () -- C:\Users\Master of Desaster\AppData\Local\d3d9caps.dat
[2008/06/12 19:36:38 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/04/12 06:41:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/04/12 06:30:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/01/21 08:15:58 | 000,632,094 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 08:15:58 | 000,127,356 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,268,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,598,792 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,104,806 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/05/04 09:36:12 | 000,245,760 | R--- | C] () -- C:\Windows\System32\setupsup.dll
[2003/02/20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1996/03/21 23:32:26 | 000,162,304 | ---- | C] () -- C:\Windows\System32\DLWBC31.DLL
 
========== LOP Check ==========
 
[2011/01/15 18:22:46 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Atari
[2011/04/19 22:54:52 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\BOM
[2011/08/12 14:59:50 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Broken Sword 2.5
[2011/11/15 20:40:01 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Canneverbe Limited
[2010/09/30 19:43:42 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\CheckPoint
[2011/05/04 18:23:00 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Dropbox
[2011/12/07 18:43:15 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\DVDVideoSoft
[2011/12/08 21:12:40 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\FLV Extract
[2011/04/03 11:17:22 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\GetRightToGo
[2011/04/01 11:40:30 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\MAGIX
[2012/01/17 20:42:55 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\MySQL
[2011/04/03 10:29:25 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\MyVideoDownloader
[2011/04/03 10:29:29 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\MyVideoDownloaderHD
[2011/02/22 16:09:32 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Opera
[2011/03/15 20:23:29 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Scalabium
[2010/09/30 20:58:23 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\ScummVM
[2011/03/06 19:49:42 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Ubisoft
[2011/12/08 21:43:33 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\XMedia Recode
[2012/01/18 17:35:19 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/02/17 12:30:11 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Adobe
[2010/10/14 21:22:15 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Apple Computer
[2011/01/15 18:22:46 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Atari
[2011/04/19 22:54:52 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\BOM
[2011/08/12 14:59:50 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Broken Sword 2.5
[2011/11/15 20:40:01 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Canneverbe Limited
[2010/09/30 19:43:42 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\CheckPoint
[2010/10/01 08:59:51 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\CyberLink
[2010/12/19 14:17:53 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\DivX
[2011/05/04 18:23:00 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Dropbox
[2011/12/07 18:43:15 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\DVDVideoSoft
[2011/12/08 21:12:40 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\FLV Extract
[2011/04/03 11:17:22 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\GetRightToGo
[2010/09/30 16:20:41 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Identities
[2010/09/30 18:45:36 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Macromedia
[2011/04/01 11:40:30 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\MAGIX
[2011/11/22 10:28:38 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Malwarebytes
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Media Center Programs
[2011/03/15 20:28:09 | 000,000,000 | --SD | M] -- C:\Users\Master of Desaster\AppData\Roaming\Microsoft
[2011/03/07 07:11:37 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Mozilla
[2012/01/17 20:42:55 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\MySQL
[2011/04/03 10:29:25 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\MyVideoDownloader
[2011/04/03 10:29:29 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\MyVideoDownloaderHD
[2010/09/30 20:53:15 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Nero
[2011/10/26 19:40:33 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\NVIDIA
[2011/02/22 16:09:32 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Opera
[2011/12/09 08:55:29 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Real
[2011/03/15 20:23:29 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Scalabium
[2010/09/30 20:58:23 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\ScummVM
[2011/02/01 17:33:12 | 000,000,000 | RH-D | M] -- C:\Users\Master of Desaster\AppData\Roaming\SecuROM
[2011/11/23 14:20:59 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\SUPERAntiSpyware.com
[2011/03/06 19:49:42 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Ubisoft
[2011/08/05 09:07:54 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\vlc
[2011/12/19 12:54:33 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\Winamp
[2010/09/30 20:58:19 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\WinRAR
[2011/12/08 21:43:33 | 000,000,000 | ---D | M] -- C:\Users\Master of Desaster\AppData\Roaming\XMedia Recode
 
< %APPDATA%\*.exe /s >
[2011/03/31 03:42:50 | 023,360,040 | ---- | M] (Dropbox, Inc.) -- C:\Users\Master of Desaster\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011/03/31 03:42:54 | 000,155,424 | ---- | M] (Dropbox, Inc.) -- C:\Users\Master of Desaster\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011/02/07 19:17:59 | 000,010,134 | R--- | M] () -- C:\Users\Master of Desaster\AppData\Roaming\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\ARPPRODUCTICON.exe
[2011/02/07 19:17:59 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Master of Desaster\AppData\Roaming\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\NewShortcut1_1A4E47DC67014A85AA16C1F99A44598C.exe
[2011/02/07 19:17:59 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Master of Desaster\AppData\Roaming\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\NewShortcut5_1A4E47DC67014A85AA16C1F99A44598C.exe
[2011/11/28 12:04:37 | 000,010,134 | R--- | M] () -- C:\Users\Master of Desaster\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
[2011/10/20 18:41:33 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Master of Desaster\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe
[2011/10/21 07:43:01 | 026,533,840 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Master of Desaster\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_data\RealPlayer_de.exe
[2011/10/21 07:36:48 | 000,676,624 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Master of Desaster\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_exe\RealPlayer_de.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008/01/21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009/04/11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009/04/11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008/01/21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008/01/21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008/01/21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

--- --- ---

[/code]

cosinus · 18.01.2012, 19:02

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/10/24 10:35:04 | 000,161,070 | R--- | M] () - E:\autorun.ico -- [ UDF ]
O32 - AutoRun File - [2011/10/24 10:34:22 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2002/09/27 18:26:44 | 000,098,304 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/09/27 18:26:44 | 000,002,998 | R--- | M] () - F:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2002/09/27 18:26:44 | 000,000,051 | R--- | M] () - F:\AutoRun.inf -- [ CDFS ]
O33 - MountPoints2\{1e039f04-cca5-11df-ae25-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1e039f04-cca5-11df-ae25-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2011/10/24 10:35:04 | 000,378,144 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{1e039f05-cca5-11df-ae25-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1e039f05-cca5-11df-ae25-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2002/09/27 18:26:44 | 000,098,304 | R--- | M] ()
:Files
C:\Users\Master of Desaster\Desktop\Backdoor*
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Heimdal82 · 18.01.2012, 20:11

Okay...beim Durchlauf gabs ein Problem. OTL ist abgestürzt und ich mußte den Rechner neu starten. Danach mußte ich erst mal wieder unseren Internetzugang neu konfigurieren, damit wir in der WG wieder ins Internet gehen können. Wobei das mit dem Internet in letzter Zeit öfters mal passiert...in dem Fall war halt genau, nachdem OTL den Geist aufgegeben hatte.
Nach dem Rechnerneustart war zudem der Ordner, in dem OTL und ein paar andere Programme und Logfiles gespeichert waren, die ich mir im Laufe der letzten Tage runtergeladen habe gelöscht.
Nach erneuten Runterladen von OTL konnte ich das Programm dann aber wieder wie gewohnt laufen lassen.

Hier die neue Logfile...

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
File D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
File D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
File move failed. E:\autorun.ico scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
File move failed. F:\AutoRun.ico scheduled to be moved on reboot.
File move failed. F:\AutoRun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e039f04-cca5-11df-ae25-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e039f04-cca5-11df-ae25-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e039f04-cca5-11df-ae25-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e039f04-cca5-11df-ae25-806e6f6e6963}\ not found.
File move failed. E:\Setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e039f05-cca5-11df-ae25-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e039f05-cca5-11df-ae25-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e039f05-cca5-11df-ae25-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e039f05-cca5-11df-ae25-806e6f6e6963}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
========== FILES ==========
File\Folder C:\Users\Master of Desaster\Desktop\Backdoor* not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Master of Desaster
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1971075 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5882407 bytes
->Opera cache emptied: 26780 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 1259972400 bytes
 
Total Files Cleaned = 1,209.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01182012_200306

Files\Folders moved on Reboot...
File move failed. E:\autorun.ico scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
File move failed. F:\AutoRun.ico scheduled to be moved on reboot.
File move failed. F:\AutoRun.inf scheduled to be moved on reboot.
File move failed. E:\Setup.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus · 18.01.2012, 20:23

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Heimdal82 · 18.01.2012, 20:48

Okay, habe den TDSS-Killer ausgeführt und er hat zwei Funde angezeigt...
Hier die Logfile...zumindest geh ich mal davon aus, das die Textfile unter "Report" die Logfile ist...

Code:

ATTFilter

20:42:41.0203 3916	TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24
20:42:41.0484 3916	============================================================
20:42:41.0484 3916	Current date / time: 2012/01/18 20:42:41.0484
20:42:41.0484 3916	SystemInfo:
20:42:41.0484 3916	
20:42:41.0484 3916	OS Version: 6.0.6002 ServicePack: 2.0
20:42:41.0484 3916	Product type: Workstation
20:42:41.0484 3916	ComputerName: HORT-DES-CHAOS
20:42:41.0484 3916	UserName: Master of Desaster
20:42:41.0484 3916	Windows directory: C:\Windows
20:42:41.0484 3916	System windows directory: C:\Windows
20:42:41.0484 3916	Processor architecture: Intel x86
20:42:41.0484 3916	Number of processors: 4
20:42:41.0484 3916	Page size: 0x1000
20:42:41.0484 3916	Boot type: Normal boot
20:42:41.0484 3916	============================================================
20:42:42.0311 3916	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:42:42.0342 3916	Drive \Device\Harddisk4\DR4 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:42:45.0571 3916	Initialize success
20:43:50.0920 1752	============================================================
20:43:50.0920 1752	Scan started
20:43:50.0920 1752	Mode: Manual; SigCheck; TDLFS; 
20:43:50.0920 1752	============================================================
20:43:51.0793 1752	a2acc           (05dac43a484272de87eac038814a7840) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
20:43:51.0918 1752	a2acc - ok
20:43:51.0934 1752	A2DDA           (f7eabca8375ea2dc6f35c4bca4757515) C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
20:43:51.0949 1752	A2DDA - ok
20:43:51.0996 1752	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:43:52.0012 1752	ACPI - ok
20:43:52.0074 1752	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:43:52.0105 1752	adp94xx - ok
20:43:52.0121 1752	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:43:52.0136 1752	adpahci - ok
20:43:52.0152 1752	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:43:52.0168 1752	adpu160m - ok
20:43:52.0183 1752	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:43:52.0199 1752	adpu320 - ok
20:43:52.0230 1752	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:43:52.0277 1752	AFD - ok
20:43:52.0308 1752	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:43:52.0324 1752	agp440 - ok
20:43:52.0339 1752	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:43:52.0355 1752	aic78xx - ok
20:43:52.0370 1752	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:43:52.0386 1752	aliide - ok
20:43:52.0402 1752	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:43:52.0402 1752	amdagp - ok
20:43:52.0417 1752	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:43:52.0433 1752	amdide - ok
20:43:52.0448 1752	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:43:52.0480 1752	AmdK7 - ok
20:43:52.0495 1752	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:43:52.0526 1752	AmdK8 - ok
20:43:52.0573 1752	AmdLLD          (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys
20:43:52.0604 1752	AmdLLD - ok
20:43:52.0636 1752	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:43:52.0651 1752	arc - ok
20:43:52.0682 1752	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:43:52.0698 1752	arcsas - ok
20:43:52.0714 1752	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:43:52.0745 1752	AsyncMac - ok
20:43:52.0776 1752	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:43:52.0792 1752	atapi - ok
20:43:52.0838 1752	atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
20:43:52.0854 1752	atksgt - ok
20:43:52.0885 1752	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:43:52.0932 1752	Beep - ok
20:43:52.0963 1752	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:43:52.0994 1752	blbdrive - ok
20:43:53.0026 1752	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:43:53.0057 1752	bowser - ok
20:43:53.0088 1752	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:43:53.0119 1752	BrFiltLo - ok
20:43:53.0119 1752	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:43:53.0182 1752	BrFiltUp - ok
20:43:53.0197 1752	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:43:53.0275 1752	Brserid - ok
20:43:53.0291 1752	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:43:53.0353 1752	BrSerWdm - ok
20:43:53.0369 1752	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:43:53.0416 1752	BrUsbMdm - ok
20:43:53.0447 1752	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:43:53.0494 1752	BrUsbSer - ok
20:43:53.0509 1752	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:43:53.0556 1752	BTHMODEM - ok
20:43:53.0587 1752	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:43:53.0603 1752	cdfs - ok
20:43:53.0634 1752	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:43:53.0665 1752	cdrom - ok
20:43:53.0696 1752	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:43:53.0712 1752	circlass - ok
20:43:53.0743 1752	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:43:53.0759 1752	CLFS - ok
20:43:53.0790 1752	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:43:53.0806 1752	cmdide - ok
20:43:53.0821 1752	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
20:43:53.0821 1752	Compbatt - ok
20:43:53.0837 1752	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:43:53.0852 1752	crcdisk - ok
20:43:53.0868 1752	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:43:53.0915 1752	Crusoe - ok
20:43:53.0930 1752	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:43:53.0962 1752	DfsC - ok
20:43:54.0008 1752	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:43:54.0024 1752	disk - ok
20:43:54.0071 1752	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:43:54.0118 1752	drmkaud - ok
20:43:54.0149 1752	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:43:54.0196 1752	DXGKrnl - ok
20:43:54.0227 1752	e1express       (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
20:43:54.0274 1752	e1express - ok
20:43:54.0305 1752	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:43:54.0336 1752	E1G60 - ok
20:43:54.0398 1752	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:43:54.0414 1752	Ecache - ok
20:43:54.0445 1752	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:43:54.0461 1752	elxstor - ok
20:43:54.0492 1752	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:43:54.0523 1752	ErrDev - ok
20:43:54.0570 1752	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:43:54.0586 1752	exfat - ok
20:43:54.0617 1752	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:43:54.0648 1752	fastfat - ok
20:43:54.0664 1752	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:43:54.0710 1752	fdc - ok
20:43:54.0742 1752	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:43:54.0757 1752	FileInfo - ok
20:43:54.0757 1752	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:43:54.0788 1752	Filetrace - ok
20:43:54.0804 1752	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:43:54.0866 1752	flpydisk - ok
20:43:54.0898 1752	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:43:54.0913 1752	FltMgr - ok
20:43:54.0929 1752	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:43:54.0960 1752	Fs_Rec - ok
20:43:54.0976 1752	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:43:54.0991 1752	gagp30kx - ok
20:43:55.0007 1752	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:43:55.0007 1752	GEARAspiWDM - ok
20:43:55.0069 1752	gUSBSTOi - ok
20:43:55.0132 1752	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:43:55.0194 1752	HdAudAddService - ok
20:43:55.0225 1752	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:43:55.0288 1752	HDAudBus - ok
20:43:55.0319 1752	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:43:55.0366 1752	HidBth - ok
20:43:55.0397 1752	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:43:55.0459 1752	HidIr - ok
20:43:55.0490 1752	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:43:55.0522 1752	HidUsb - ok
20:43:55.0537 1752	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:43:55.0553 1752	HpCISSs - ok
20:43:55.0600 1752	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:43:55.0646 1752	HTTP - ok
20:43:55.0693 1752	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:43:55.0693 1752	i2omp - ok
20:43:55.0740 1752	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:43:55.0771 1752	i8042prt - ok
20:43:55.0787 1752	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:43:55.0818 1752	iaStorV - ok
20:43:55.0849 1752	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:43:55.0865 1752	iirsp - ok
20:43:55.0943 1752	IntcAzAudAddService (219ca9a36d6de2ec04f958c907673436) C:\Windows\system32\drivers\RTKVHDA.sys
20:43:56.0052 1752	IntcAzAudAddService - ok
20:43:56.0083 1752	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:43:56.0099 1752	intelide - ok
20:43:56.0114 1752	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:43:56.0161 1752	intelppm - ok
20:43:56.0192 1752	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:43:56.0224 1752	IpFilterDriver - ok
20:43:56.0239 1752	IpInIp - ok
20:43:56.0270 1752	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:43:56.0302 1752	IPMIDRV - ok
20:43:56.0317 1752	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:43:56.0348 1752	IPNAT - ok
20:43:56.0364 1752	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:43:56.0411 1752	IRENUM - ok
20:43:56.0426 1752	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:43:56.0426 1752	isapnp - ok
20:43:56.0489 1752	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:43:56.0504 1752	iScsiPrt - ok
20:43:56.0551 1752	ISWKL - ok
20:43:56.0567 1752	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:43:56.0567 1752	iteatapi - ok
20:43:56.0598 1752	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:43:56.0614 1752	iteraid - ok
20:43:56.0614 1752	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:43:56.0629 1752	kbdclass - ok
20:43:56.0660 1752	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
20:43:56.0676 1752	kbdhid - ok
20:43:56.0707 1752	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
20:43:56.0738 1752	KSecDD - ok
20:43:56.0770 1752	lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
20:43:56.0785 1752	lirsgt - ok
20:43:56.0801 1752	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:43:56.0816 1752	lltdio - ok
20:43:56.0848 1752	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:43:56.0863 1752	LSI_FC - ok
20:43:56.0879 1752	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:43:56.0879 1752	LSI_SAS - ok
20:43:56.0910 1752	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:43:56.0910 1752	LSI_SCSI - ok
20:43:56.0926 1752	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:43:56.0957 1752	luafv - ok
20:43:56.0988 1752	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
20:43:56.0988 1752	MBAMProtector - ok
20:43:57.0019 1752	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:43:57.0019 1752	megasas - ok
20:43:57.0066 1752	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:43:57.0082 1752	MegaSR - ok
20:43:57.0113 1752	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:43:57.0160 1752	Modem - ok
20:43:57.0175 1752	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:43:57.0222 1752	monitor - ok
20:43:57.0238 1752	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:43:57.0253 1752	mouclass - ok
20:43:57.0269 1752	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:43:57.0316 1752	mouhid - ok
20:43:57.0316 1752	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:43:57.0331 1752	MountMgr - ok
20:43:57.0362 1752	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:43:57.0378 1752	mpio - ok
20:43:57.0378 1752	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:43:57.0409 1752	mpsdrv - ok
20:43:57.0425 1752	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:43:57.0425 1752	Mraid35x - ok
20:43:57.0456 1752	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:43:57.0472 1752	MRxDAV - ok
20:43:57.0503 1752	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:43:57.0518 1752	mrxsmb - ok
20:43:57.0565 1752	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:43:57.0581 1752	mrxsmb10 - ok
20:43:57.0596 1752	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:43:57.0628 1752	mrxsmb20 - ok
20:43:57.0659 1752	msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
20:43:57.0674 1752	msahci - ok
20:43:57.0690 1752	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:43:57.0706 1752	msdsm - ok
20:43:57.0737 1752	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:43:57.0768 1752	Msfs - ok
20:43:57.0784 1752	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:43:57.0799 1752	msisadrv - ok
20:43:57.0830 1752	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:43:57.0877 1752	MSKSSRV - ok
20:43:57.0893 1752	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:43:57.0924 1752	MSPCLOCK - ok
20:43:57.0940 1752	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:43:57.0971 1752	MSPQM - ok
20:43:58.0002 1752	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:43:58.0018 1752	MsRPC - ok
20:43:58.0064 1752	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:43:58.0080 1752	mssmbios - ok
20:43:58.0080 1752	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:43:58.0127 1752	MSTEE - ok
20:43:58.0127 1752	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:43:58.0142 1752	Mup - ok
20:43:58.0174 1752	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:43:58.0205 1752	NativeWifiP - ok
20:43:58.0236 1752	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:43:58.0283 1752	NDIS - ok
20:43:58.0314 1752	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:43:58.0361 1752	NdisTapi - ok
20:43:58.0376 1752	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:43:58.0408 1752	Ndisuio - ok
20:43:58.0423 1752	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:43:58.0454 1752	NdisWan - ok
20:43:58.0486 1752	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:43:58.0501 1752	NDProxy - ok
20:43:58.0532 1752	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:43:58.0564 1752	NetBIOS - ok
20:43:58.0595 1752	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:43:58.0626 1752	netbt - ok
20:43:58.0673 1752	netr28u         (df938648626332e830a9bd153110aa75) C:\Windows\system32\DRIVERS\netr28u.sys
20:43:58.0766 1752	netr28u - ok
20:43:58.0782 1752	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:43:58.0782 1752	nfrd960 - ok
20:43:58.0829 1752	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:43:58.0844 1752	Npfs - ok
20:43:58.0860 1752	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:43:58.0876 1752	nsiproxy - ok
20:43:58.0938 1752	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:43:58.0985 1752	Ntfs - ok
20:43:59.0000 1752	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:43:59.0047 1752	ntrigdigi - ok
20:43:59.0047 1752	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:43:59.0078 1752	Null - ok
20:43:59.0281 1752	nvlddmkm        (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:43:59.0671 1752	nvlddmkm - ok
20:43:59.0702 1752	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:43:59.0702 1752	nvraid - ok
20:43:59.0718 1752	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:43:59.0734 1752	nvstor - ok
20:43:59.0765 1752	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:43:59.0780 1752	nv_agp - ok
20:43:59.0780 1752	NwlnkFlt - ok
20:43:59.0796 1752	NwlnkFwd - ok
20:43:59.0827 1752	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:43:59.0858 1752	ohci1394 - ok
20:43:59.0890 1752	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:43:59.0952 1752	Parport - ok
20:43:59.0983 1752	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:43:59.0983 1752	partmgr - ok
20:43:59.0999 1752	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:44:00.0046 1752	Parvdm - ok
20:44:00.0061 1752	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:44:00.0077 1752	pci - ok
20:44:00.0092 1752	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
20:44:00.0108 1752	pciide - ok
20:44:00.0139 1752	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:44:00.0139 1752	pcmcia - ok
20:44:00.0186 1752	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:44:00.0248 1752	PEAUTH - ok
20:44:00.0311 1752	Ph3xIB32        (9f2f541c52cd7a452e235e885f7d95de) C:\Windows\system32\DRIVERS\Ph3xIB32.sys
20:44:00.0373 1752	Ph3xIB32 - ok
20:44:00.0404 1752	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:44:00.0436 1752	PptpMiniport - ok
20:44:00.0451 1752	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:44:00.0482 1752	Processor - ok
20:44:00.0529 1752	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:44:00.0560 1752	PSched - ok
20:44:00.0607 1752	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:44:00.0685 1752	ql2300 - ok
20:44:00.0716 1752	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:44:00.0732 1752	ql40xx - ok
20:44:00.0748 1752	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:44:00.0779 1752	QWAVEdrv - ok
20:44:00.0794 1752	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:44:00.0857 1752	RasAcd - ok
20:44:00.0872 1752	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:44:00.0904 1752	Rasl2tp - ok
20:44:00.0919 1752	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:44:00.0966 1752	RasPppoe - ok
20:44:00.0966 1752	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:44:00.0982 1752	RasSstp - ok
20:44:01.0028 1752	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:44:01.0060 1752	rdbss - ok
20:44:01.0075 1752	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:44:01.0091 1752	RDPCDD - ok
20:44:01.0122 1752	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:44:01.0153 1752	rdpdr - ok
20:44:01.0169 1752	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:44:01.0200 1752	RDPENCDD - ok
20:44:01.0216 1752	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
20:44:01.0247 1752	RDPWD - ok
20:44:01.0278 1752	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:44:01.0309 1752	rspndr - ok
20:44:01.0325 1752	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:44:01.0340 1752	sbp2port - ok
20:44:01.0387 1752	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:44:01.0418 1752	secdrv - ok
20:44:01.0450 1752	Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
20:44:01.0481 1752	Serenum - ok
20:44:01.0512 1752	Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
20:44:01.0528 1752	Serial - ok
20:44:01.0543 1752	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:44:01.0559 1752	sermouse - ok
20:44:01.0606 1752	sfdrv01         (b7018644e132a8dfb12ed90106e06739) C:\Windows\system32\drivers\sfdrv01.sys
20:44:01.0606 1752	sfdrv01 - ok
20:44:01.0621 1752	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:44:01.0652 1752	sffdisk - ok
20:44:01.0652 1752	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:44:01.0684 1752	sffp_mmc - ok
20:44:01.0699 1752	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:44:01.0730 1752	sffp_sd - ok
20:44:01.0746 1752	sfhlp02         (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
20:44:01.0762 1752	sfhlp02 - ok
20:44:01.0777 1752	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:44:01.0808 1752	sfloppy - ok
20:44:01.0840 1752	sfsync04        (755c933969a81d119106097aa466715d) C:\Windows\system32\drivers\sfsync04.sys
20:44:01.0840 1752	sfsync04 - ok
20:44:01.0871 1752	sfvfs02         (197cef62eb4bc043e1578529fa2b9a48) C:\Windows\system32\drivers\sfvfs02.sys
20:44:01.0886 1752	sfvfs02 - ok
20:44:01.0902 1752	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:44:01.0902 1752	sisagp - ok
20:44:01.0918 1752	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:44:01.0933 1752	SiSRaid2 - ok
20:44:01.0949 1752	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:44:01.0964 1752	SiSRaid4 - ok
20:44:01.0996 1752	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:44:02.0027 1752	Smb - ok
20:44:02.0058 1752	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:44:02.0074 1752	spldr - ok
20:44:02.0105 1752	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:44:02.0136 1752	srv - ok
20:44:02.0167 1752	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:44:02.0183 1752	srv2 - ok
20:44:02.0198 1752	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:44:02.0214 1752	srvnet - ok
20:44:02.0245 1752	SSHDRV79        (b4710b65d78849dd7743b8998162c2fc) C:\Windows\system32\drivers\SSHDRV79.sys
20:44:02.0261 1752	SSHDRV79 ( UnsignedFile.Multi.Generic ) - warning
20:44:02.0261 1752	SSHDRV79 - detected UnsignedFile.Multi.Generic (1)
20:44:02.0308 1752	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:44:02.0323 1752	swenum - ok
20:44:02.0339 1752	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:44:02.0339 1752	Symc8xx - ok
20:44:02.0354 1752	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:44:02.0370 1752	Sym_hi - ok
20:44:02.0386 1752	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:44:02.0386 1752	Sym_u3 - ok
20:44:02.0432 1752	Tcpip           (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
20:44:02.0495 1752	Tcpip - ok
20:44:02.0526 1752	Tcpip6          (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
20:44:02.0557 1752	Tcpip6 - ok
20:44:02.0588 1752	tcpipreg        (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
20:44:02.0604 1752	tcpipreg - ok
20:44:02.0620 1752	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:44:02.0666 1752	TDPIPE - ok
20:44:02.0682 1752	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:44:02.0713 1752	TDTCP - ok
20:44:02.0729 1752	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:44:02.0760 1752	tdx - ok
20:44:02.0807 1752	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:44:02.0822 1752	TermDD - ok
20:44:02.0854 1752	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:44:02.0885 1752	tssecsrv - ok
20:44:02.0916 1752	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:44:02.0947 1752	tunmp - ok
20:44:02.0963 1752	tunnel          (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
20:44:02.0994 1752	tunnel - ok
20:44:03.0010 1752	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:44:03.0025 1752	uagp35 - ok
20:44:03.0056 1752	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:44:03.0088 1752	udfs - ok
20:44:03.0119 1752	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:44:03.0119 1752	uliagpkx - ok
20:44:03.0150 1752	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:44:03.0166 1752	uliahci - ok
20:44:03.0181 1752	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:44:03.0181 1752	UlSata - ok
20:44:03.0212 1752	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:44:03.0212 1752	ulsata2 - ok
20:44:03.0244 1752	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:44:03.0259 1752	umbus - ok
20:44:03.0306 1752	USBAAPL         (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
20:44:03.0322 1752	USBAAPL ( UnsignedFile.Multi.Generic ) - warning
20:44:03.0322 1752	USBAAPL - detected UnsignedFile.Multi.Generic (1)
20:44:03.0353 1752	usbccgp         (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
20:44:03.0415 1752	usbccgp - ok
20:44:03.0431 1752	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:44:03.0493 1752	usbcir - ok
20:44:03.0540 1752	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:44:03.0571 1752	usbehci - ok
20:44:03.0587 1752	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:44:03.0618 1752	usbhub - ok
20:44:03.0634 1752	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:44:03.0696 1752	usbohci - ok
20:44:03.0727 1752	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:44:03.0758 1752	usbprint - ok
20:44:03.0774 1752	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:44:03.0805 1752	USBSTOR - ok
20:44:03.0821 1752	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:44:03.0852 1752	usbuhci - ok
20:44:03.0868 1752	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:44:03.0914 1752	vga - ok
20:44:03.0930 1752	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:44:03.0977 1752	VgaSave - ok
20:44:03.0992 1752	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:44:04.0008 1752	viaagp - ok
20:44:04.0024 1752	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:44:04.0055 1752	ViaC7 - ok
20:44:04.0086 1752	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:44:04.0086 1752	viaide - ok
20:44:04.0117 1752	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:44:04.0117 1752	volmgr - ok
20:44:04.0164 1752	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:44:04.0180 1752	volmgrx - ok
20:44:04.0195 1752	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:44:04.0211 1752	volsnap - ok
20:44:04.0258 1752	vsdatant7 - ok
20:44:04.0273 1752	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:44:04.0289 1752	vsmraid - ok
20:44:04.0320 1752	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:44:04.0382 1752	WacomPen - ok
20:44:04.0414 1752	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:44:04.0429 1752	Wanarp - ok
20:44:04.0429 1752	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:44:04.0460 1752	Wanarpv6 - ok
20:44:04.0476 1752	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:44:04.0492 1752	Wd - ok
20:44:04.0507 1752	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:44:04.0523 1752	Wdf01000 - ok
20:44:04.0570 1752	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
20:44:04.0601 1752	WmiAcpi - ok
20:44:04.0632 1752	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:44:04.0648 1752	ws2ifsl - ok
20:44:04.0679 1752	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:44:04.0726 1752	WUDFRd - ok
20:44:04.0772 1752	XUIF            (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys
20:44:04.0772 1752	XUIF - ok
20:44:04.0788 1752	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:44:04.0913 1752	\Device\Harddisk0\DR0 - ok
20:44:04.0913 1752	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk4\DR4
20:44:05.0428 1752	\Device\Harddisk4\DR4 - ok
20:44:05.0428 1752	Boot (0x1200)   (cc427fc72a56e7772477a6f3e4536066) \Device\Harddisk0\DR0\Partition0
20:44:05.0428 1752	\Device\Harddisk0\DR0\Partition0 - ok
20:44:05.0459 1752	Boot (0x1200)   (81a38c70357ce24429ef89ff9b1942fd) \Device\Harddisk0\DR0\Partition1
20:44:05.0459 1752	\Device\Harddisk0\DR0\Partition1 - ok
20:44:05.0459 1752	Boot (0x1200)   (a85c00241115c722638634931c9de247) \Device\Harddisk4\DR4\Partition0
20:44:05.0459 1752	\Device\Harddisk4\DR4\Partition0 - ok
20:44:05.0459 1752	============================================================
20:44:05.0459 1752	Scan finished
20:44:05.0459 1752	============================================================
20:44:05.0474 2628	Detected object count: 2
20:44:05.0474 2628	Actual detected object count: 2
20:44:32.0915 2628	SSHDRV79 ( UnsignedFile.Multi.Generic ) - skipped by user
20:44:32.0915 2628	SSHDRV79 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:44:32.0915 2628	USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
20:44:32.0915 2628	USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

Unhide lasse ich gerade noch laufen...

cosinus · 18.01.2012, 20:54

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Heimdal82 · 18.01.2012, 21:21

Okay...Combofix hat eine Datei gelöscht...war zwar nicht die, warum ich den Thread aufgemacht hab, aber wenn ich damit einen Schädling weniger auf meinem Rechner habe, umso besser...
Hier die Logfile...

Code:

ATTFilter

Combofix Logfile:

	Code: 

 ATTFilter

  
	ComboFix 12-01-18.04 - Master of Desaster 18/01/2012  21:06:49.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.1845 [GMT 1:00]
ausgeführt von:: c:\users\Master of Desaster\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\odbcad32.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XPROTECTOR
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-18 bis 2012-01-18  ))))))))))))))))))))))))))))))
.
.
2012-01-18 20:12 . 2012-01-18 20:12	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-01-18 20:12 . 2012-01-18 20:12	--------	d-----w-	c:\users\Master of Desaster\AppData\Local\temp
2012-01-18 20:12 . 2012-01-18 20:12	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-01-18 18:43 . 2012-01-18 18:43	--------	d-----w-	C:\_OTL
2012-01-16 20:12 . 2012-01-16 20:12	--------	d-----w-	c:\program files\ESET
2012-01-16 18:20 . 2011-11-17 06:48	440192	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-01-16 18:20 . 2011-11-16 16:23	278528	----a-w-	c:\windows\system32\schannel.dll
2012-01-16 18:20 . 2011-11-16 16:23	377344	----a-w-	c:\windows\system32\winhttp.dll
2012-01-16 18:20 . 2011-11-16 16:23	72704	----a-w-	c:\windows\system32\secur32.dll
2012-01-16 18:20 . 2011-11-16 16:21	1259008	----a-w-	c:\windows\system32\lsasrv.dll
2012-01-16 18:20 . 2011-11-16 14:12	9728	----a-w-	c:\windows\system32\lsass.exe
2012-01-15 11:10 . 2012-01-18 16:40	--------	d-----w-	c:\program files\Emsisoft Anti-Malware
2012-01-11 07:18 . 2011-10-14 16:03	189952	----a-w-	c:\windows\system32\winmm.dll
2012-01-11 07:18 . 2011-10-14 16:00	23552	----a-w-	c:\windows\system32\mciseq.dll
2012-01-11 07:18 . 2011-11-18 20:23	1205064	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 07:18 . 2011-11-18 17:47	66560	----a-w-	c:\windows\system32\packager.dll
2012-01-11 07:18 . 2011-11-25 15:59	376320	----a-w-	c:\windows\system32\winsrv.dll
2012-01-11 07:18 . 2011-12-01 15:21	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 07:17 . 2011-10-25 15:58	1314816	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 07:17 . 2011-10-25 15:58	497152	----a-w-	c:\windows\system32\qdvd.dll
2012-01-03 13:10 . 2012-01-03 13:10	182672	----a-w-	c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-12-23 09:14 . 2011-12-23 09:14	--------	d-----w-	c:\program files\iPod
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 14:24 . 2011-11-22 09:28	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-08 14:48 . 2011-05-19 05:51	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:37 . 2011-12-14 18:23	2043904	----a-w-	c:\windows\system32\win32k.sys
2011-11-18 18:34 . 2010-11-10 20:53	43520	----a-w-	c:\windows\system32\CmdLineExt03.dll
2011-11-08 14:42 . 2011-12-14 18:23	2048	----a-w-	c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-14 23:48	1798144	----a-w-	c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-14 23:48	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 23:48	1127424	----a-w-	c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-14 23:48	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-10-27 08:01 . 2011-12-14 18:23	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01 . 2011-12-14 18:23	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-10-25 15:56 . 2011-12-14 18:23	49152	----a-w-	c:\windows\system32\csrsrv.dll
2011-10-24 13:29 . 2011-10-24 13:29	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29	69632	----a-w-	c:\windows\system32\QuickTime.qts
2011-10-21 19:45 . 2010-09-30 18:09	499712	----a-w-	c:\windows\system32\msvcp71.dll
2011-10-21 19:45 . 2010-09-30 18:09	348160	----a-w-	c:\windows\system32\msvcr71.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Master of Desaster\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Master of Desaster\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Master of Desaster\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Master of Desaster\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Master of Desaster^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Master of Desaster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2011-08-30 11:24	624056	----a-w-	d:\programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37	843712	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 13:10	35736	----a-w-	c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 22:25	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04	1164584	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 16:07	1828136	----a-w-	c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-04-17 10:41	196608	----a-w-	c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-04-13 04:07	69632	----a-w-	c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 00:36	421736	----a-w-	d:\programme\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 20:55	54832	----a-w-	d:\programme\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-12-24 16:50	460872	----a-w-	d:\programme\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 15:29	2221352	----a-w-	d:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2005-07-03 20:52	71080	----a-w-	d:\programme\PDFDrucker\PDFPrintBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 13:10	56928	------w-	d:\programme\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07	2260480	--sha-r-	d:\programme\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-02 06:35	1242448	----a-w-	d:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-10-21 19:45	273528	----a-w-	d:\programme\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-10-26 18:48	74752	----a-w-	d:\programme\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-11-02 51632]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2012-01-15 2998832]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.web.de/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandenes PDF anfügen - d:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - d:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - d:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - d:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - d:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - d:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft &Excel exportieren - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - d:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - d:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Master of Desaster\AppData\Roaming\Mozilla\Firefox\Profiles\74ro8g6q.default\
FF - prefs.js: browser.search.defaulturl - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - d:\programme\SuperAntiSpyware\SASWINLO.DLL
AddRemove-ZoneAlarm Toolbar - c:\program files\CheckPoint\ZAForceField\Clean_tool.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1800057530-444976485-2819642141-1000\Software\SecuROM\License information*]
"datasecu"=hex:29,80,fd,43,e4,a8,04,66,82,7c,08,a5,0b,0e,d8,0f,57,15,85,8e,2e,
   cc,dc,3d,22,b7,a8,5d,c2,e9,92,62,fd,1e,0f,7a,31,92,6c,60,10,f1,25,49,2b,eb,\
"rkeysecu"=hex:f2,eb,21,cd,d0,e4,bf,9b,b0,a3,a3,ca,d0,82,91,a1
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{0cc11f82-0764-4192-b637-7d8f8658e150}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c0015af
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{4a0b0c51-e430-4c3b-ad1e-68655defd0f3}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:10020054
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{67b2889b-25c6-488f-af1d-2891c3833cee}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{8429ba10-518a-4778-ac94-966db9f88e55}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f002185
"Dhcpv6State"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f26686bf-c77e-429d-b7d0-ee7dd2182e7d}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:18000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001422
"Dhcpv6State"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2968)
c:\users\Master of Desaster\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\RtHDVCpl.exe
d:\programme\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
d:\programme\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
d:\programme\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-18  21:18:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-18 20:17
.
Vor Suchlauf: 10 Verzeichnis(se), 50,853,306,368 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 50,307,866,624 Bytes frei
.
- - End Of File - - C2F1479AF803460C861ADD9ED744AFCC
         
 --- --- ---

Unhide hat den gelöschten Ordner auf dem Desktop übrigens nicht geunden. Keine Ahnung, was da schiefgelaufen ist...

cosinus · 18.01.2012, 21:50

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

18.01.2012, 17:15	#22
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Backdoor.Win32.LolBot!IK - Trojaner oder nicht? Wir sind hier auch noch nicht fertig, ich hab nicht geschrieben dein Rechner ist nun ok. Wenn nun der andere Scanner auch weg ist machst du erneut einen OTL-CustomScan da sich das System signifikant verändert hat __________________ Logfiles bitte immer in CODE-Tags posten

Backdoor.Win32.LolBot!IK - Trojaner oder nicht?

Plagegeister aller Art und deren Bekämpfung: Backdoor.Win32.LolBot!IK - Trojaner oder nicht?