System Check Virus

france · 22.01.2012, 20:40

Hallo,
ich habe mir GoogleBilder angeschaut, heruntergeladen, dann öffneten sich 1000 Fenster und es wurde angezeigt, dass meine Hardware beschädigt ist.
Anschließend öffnete sich folgendes Fenster :
www.fixrogues.com/rogues/system-check-main.jpg

..habe dann Malwarebytes durchlaufen lassen etc., aber der virus ist trzd noch da...
kann mir da i-wer helfen... brauche DRINGEND eure Hilfe !!!!!!

Swisstreasure · 22.01.2012, 22:51

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Schritt 2

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.

Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Gmer startet automatisch einen ersten Scan.

Sollte sich ein Fenster mit folgender Warnung öffnen:

Code:

ATTFilter

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

Unbedingt auf "No" klicken,
in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

.
Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
Wenn der Scan fertig ist, bleibt die Zeile leer.
Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

france · 23.01.2012, 13:43

logfile kommt später

france · 23.01.2012, 15:32

ich habe beim ersten scan OTL nicht als administrator ausgeführt (einfach geöffnet) und es kam die OTL.txt und Extra.txt Datei...
daraufhin habe ich den QuickScan nochmal durchgeführt (diesmal als administrator ausgeführt) und dann kam nur noch folgendes OTL.txt ...
Extra.txt erschien nicht mehr ...... :/

france · 23.01.2012, 15:34

gfile created on: 1/23/2012 2:03:47 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\ASUS\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4.00 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 55.34% Memory free
8.00 Gb Paging File | 6.14 Gb Available in Paging File | 76.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 22.51 Gb Free Space | 30.21% Space Free | Partition Type: NTFS
Drive D: | 208.92 Gb Total Space | 208.78 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

Computer Name: ASUS-PC | User Name: ASUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/23 13:15:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\ASUS\Downloads\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/11/08 17:04:03 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\fsav32.exe
PRC - [2011/09/08 17:09:01 | 001,008,296 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\fssm32.exe
PRC - [2011/09/08 17:09:01 | 000,512,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\FSGK32.EXE
PRC - [2011/07/25 19:33:11 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\ORSP Client\fsorsp.exe
PRC - [2011/05/26 10:29:04 | 000,800,768 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011/03/28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/11/12 09:10:06 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/11/03 18:23:45 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009/09/03 19:33:14 | 000,054,400 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/08/20 05:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2009/08/17 18:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/08/12 23:20:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/08/05 16:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Common\FSMA32.EXE
PRC - [2009/08/05 16:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Common\FSM32.EXE
PRC - [2009/08/05 16:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Common\FSHDLL32.EXE
PRC - [2009/08/05 16:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\fsgk32st.exe
PRC - [2009/06/24 21:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009/06/19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2009/05/19 00:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/12/23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/14 05:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/07/19 04:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/03/31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/11/30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/08/08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe

========== Modules (No Company Name) ==========

MOD - [2011/07/25 20:52:49 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/05/26 12:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/11/12 09:10:06 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009/09/03 19:33:14 | 000,054,400 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009/08/05 16:59:02 | 000,001,536 | ---- | M] () -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPC\fspcfsm.eng
MOD - [2009/08/05 16:58:30 | 000,330,336 | ---- | M] () -- \\?\c:\program files (x86)\unitymedia\sicherheitspaket\hips\fshook32.dll
MOD - [2009/08/05 16:57:04 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSGUI\strres.eng
MOD - [2009/08/05 16:56:56 | 000,920,160 | ---- | M] () -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSGUI\gres.dll
MOD - [2009/08/05 16:56:50 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSGUI\flyerres.eng
MOD - [2009/08/05 16:56:50 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSGUI\fsavures.eng
MOD - [2009/08/05 16:56:32 | 000,838,240 | ---- | M] () -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSGUI\about.dll
MOD - [2009/08/05 16:56:32 | 000,088,672 | ---- | M] () -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSGUI\aboutres.dll
MOD - [2008/08/28 01:32:36 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008/06/09 18:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2007/11/30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/09/17 20:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/25 19:44:01 | 000,844,384 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2011/07/25 19:33:11 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2011/04/01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/15 02:03:42 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/08/05 16:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/08/05 16:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/06/16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/03/31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/04 15:28:36 | 000,016,640 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/25 19:45:25 | 000,094,280 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)
DRV:64bit: - [2011/07/25 19:44:43 | 000,045,624 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)
DRV:64bit: - [2011/05/13 14:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/11/03 18:24:05 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2009/10/05 15:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/20 10:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 04:11:41 | 000,140,800 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/06/10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 11:15:55 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/05/22 15:52:29 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/13 02:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/05/01 03:13:33 | 000,081,440 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008/05/24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/07/24 20:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2011/09/08 17:09:44 | 000,198,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2009/08/05 16:58:30 | 000,057,920 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/08/05 16:56:12 | 000,014,904 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Asus | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Hotmail und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\Unitymedia\Sicherheitspaket\NRS\litmus-ff@f-secure.com [2011/12/08 19:55:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/10 19:05:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/07/25 19:55:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Extensions
[2011/07/25 20:36:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\wsbmrkfl.default\extensions
[2011/07/25 20:36:18 | 000,000,000 | ---D | M] (Messenger Plus Community Toolbar) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\wsbmrkfl.default\extensions\{9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D}
[2011/11/13 22:38:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/12/08 19:55:48 | 000,000,000 | ---D | M] ("Browsing Protection") -- C:\PROGRAM FILES (X86)\UNITYMEDIA\SICHERHEITSPAKET\NRS\LITMUS-FF@F-SECURE.COM
[2012/01/10 19:05:00 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/13 22:38:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/13 22:38:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/13 22:38:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/13 22:38:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/13 22:38:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/13 22:38:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\ASUS\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Messenger Plus Community Toolbar) - {9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D} - C:\Program Files (x86)\msgplscomtb\MsgPlsComDx.dll ()
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Messenger Plus Community Toolbar) - {9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D} - C:\Program Files (x86)\msgplscomtb\MsgPlsComDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe (ECAREME)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{354B3813-646F-447D-960E-796DE655EB3E}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/23 13:08:18 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{BED4E703-9B87-4ED4-AD6B-8F361BD60221}
[2012/01/23 13:08:00 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{843E973A-5287-444A-8D26-8B5E11A42932}
[2012/01/22 20:18:59 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{F2461058-DF20-41DA-9C75-A09D6B3A5D2E}
[2012/01/22 20:18:45 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{FF5AFC47-B566-449C-B0D3-9AFC98F38657}
[2012/01/21 16:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012/01/21 16:02:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2012/01/21 11:29:08 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{017FB543-A845-4FCA-AEFC-6831957E868D}
[2012/01/21 11:28:55 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{3E72FE68-5B4F-400F-9B22-816B4095463F}
[2012/01/21 00:54:57 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Malwarebytes
[2012/01/21 00:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/21 00:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/21 00:54:44 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/21 00:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/20 19:58:01 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/20 19:30:27 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Desktop\JB
[2012/01/20 18:15:39 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{43381B76-B988-4273-86CF-5CF6046426F3}
[2012/01/20 18:15:23 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{CDE7BC74-86A5-45C2-8CC1-5063C059D42B}
[2012/01/19 15:37:47 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{9C342F0B-5ECF-4CE6-98B5-4F0D9EEB840D}
[2012/01/19 15:37:34 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{7C9C0730-4888-420C-B94C-7386D47E0ECA}
[2012/01/18 17:45:32 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{7997ADFE-7C88-4337-A438-AC91F94AC6AE}
[2012/01/18 17:45:20 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{09D30F72-A67C-4111-886B-6014B8EB338B}
[2012/01/17 17:29:23 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{EB914222-5FB9-4091-B33F-1548FB0583A6}
[2012/01/16 17:19:32 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{7EFE931F-5D17-49C0-B3FC-D14BF29622D5}
[2012/01/16 17:19:14 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{E8861CF9-7838-49D7-8B10-38E2AB6A6BFE}
[2012/01/15 12:25:38 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{860D3B7E-C369-41FE-B1B2-EF0596B7D5D0}
[2012/01/15 12:25:26 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{D3B68DCD-DF07-42BD-801A-914AB9C92194}
[2012/01/14 13:50:26 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{B6C1145B-DF9C-4031-B3D5-4DC8DA97017C}
[2012/01/14 13:50:13 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{3B4BF5E4-3549-473A-8DED-96B7BCBACD83}
[2012/01/13 17:38:05 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{F9A5AAFE-02C6-483F-A957-25231C5EE443}
[2012/01/13 17:37:52 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{5E60604D-70B1-4173-8F22-63E2E8176D5D}
[2012/01/12 13:21:20 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{4A83A613-B993-482B-AA43-1FAAC4BEF627}
[2012/01/12 13:21:06 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{713397BF-AD13-47F1-AF6E-FBF046FD6280}
[2012/01/11 19:18:33 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{4F100B30-4EC2-4149-92E8-3AE7EBA07962}
[2012/01/11 19:18:21 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{9A8E3154-6482-4141-9D69-97D6BDAB255A}
[2012/01/10 19:02:15 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{08C5120C-D8BD-4C2C-8231-B0873FD2D11C}
[2012/01/10 19:02:03 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{6BB9818E-B02D-4B1D-90FC-74E337EFDFBD}
[2012/01/09 13:54:07 | 000,000,000 | ---D | C] -- C:\Users\ASUS\Desktop\chrisso
[2012/01/09 13:45:24 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{B8C199E2-7277-499A-A833-E568E5CF2238}
[2012/01/09 13:45:12 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{2AF730D8-F122-4AAF-8A87-24FBE997D355}
[2012/01/08 13:09:10 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{2AC2A720-2956-4CA0-96A4-86AFDB2DC15D}
[2012/01/08 13:08:57 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{EEA85730-38F9-4148-9595-FFC65E9FB455}
[2012/01/07 11:18:03 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{F6B92F0B-A053-4583-96F1-F706ED05F127}
[2012/01/07 11:17:51 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{6D1A7E93-FA9A-4CCA-99EB-32670C1A9FD0}
[2012/01/06 19:41:06 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{7EF18B32-D3A7-43A9-892F-510CF8ED346E}
[2012/01/06 19:40:52 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{360EE1C5-2F24-40DF-93A7-125418ECB81B}
[2012/01/05 13:44:16 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{8D2CD049-0CC8-4484-B796-1E1730E2CB5B}
[2012/01/05 13:44:03 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{9D36984F-3A19-461A-8B4B-ACF6AC81428C}
[2012/01/04 17:48:51 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{5919C2BB-4BF8-4B48-8371-AFFB47E498CD}
[2012/01/04 17:48:38 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{1F30509D-AA63-4F03-92B6-1533A936EE37}
[2012/01/04 15:28:36 | 000,016,640 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\gtkdrv.sys
[2012/01/03 17:12:54 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{B1E57C6D-A3C4-4032-935A-5239CDB6B054}
[2012/01/03 17:12:41 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{DA8D44B2-79AC-4B59-8BC5-1AA07C5489C0}
[2012/01/02 14:27:07 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{F20ADE72-CC44-4F78-938E-E2E82A516C55}
[2012/01/02 14:26:54 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{42776E5C-E615-423C-87BA-A782A871AA16}
[2012/01/01 16:54:07 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{C71D7ED9-188E-4780-BF34-A453769E698D}
[2012/01/01 16:53:54 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{980FA710-2251-46CB-9BB9-5C9DE92EBC97}
[2012/01/01 14:10:12 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{B2D0AE10-3C46-48EE-937C-39F9B5A05FCF}
[2011/12/31 16:02:26 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{BA6E5C4A-251A-4162-9D56-D2A5F8DD3D85}
[2011/12/31 16:02:02 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{06C4C00D-5BDD-4C74-8D65-FAFBF2D83332}
[2011/12/31 01:29:44 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{87DE4881-957F-4B7B-B2E8-4DEBA1E7EA5E}
[2011/12/31 01:29:32 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{304B47E2-5510-4071-9B18-19175DA0282B}
[2011/12/30 13:28:59 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{32EC2E16-ABB7-4F0F-B7F9-B23ED66068CB}
[2011/12/30 13:28:44 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{B359C37B-4EC7-466A-BFE3-7DA5D7ED02A7}
[2011/12/29 17:51:27 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{BFB365D5-FA25-4181-B9ED-05F6CF059393}
[2011/12/29 17:51:14 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{6AB9102B-2BA4-4A9F-842B-95EC93518506}
[2011/12/28 11:02:33 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{8D93E690-B169-4C64-BB81-3F078234A899}
[2011/12/28 11:02:18 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{BE447AF0-C153-46B6-9162-1C3FF36ADBA3}
[2011/12/27 15:24:19 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{798AA6F1-D2E6-4340-B924-B262719FF382}
[2011/12/27 15:24:02 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{3D1F3A7F-3896-40B4-9F64-FE247729C726}
[2011/12/26 17:53:39 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{F6C3BEA1-D497-4A30-80FF-C1C35E61A7A6}
[2011/12/26 17:52:58 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{3202ED75-46C3-408B-A804-1F5CCDA1B7F5}
[2011/12/25 13:22:33 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{A4F8307C-DE2F-4CF5-BFED-A7EFBF5C7536}
[2011/12/25 13:22:04 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{4851E85D-DB56-4BAE-9F48-B3B3F43A50DD}
[2011/12/24 14:58:04 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{C2567FFC-E4BC-448D-9971-6FE6D7903438}
[2011/12/24 14:57:51 | 000,000,000 | ---D | C] -- C:\Users\ASUS\AppData\Local\{DFC836B7-E810-4B2F-9F91-481E6DBD86E2}

========== Files - Modified Within 30 Days ==========

[2012/01/23 13:49:05 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/23 13:15:16 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/23 13:15:16 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/23 13:06:31 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/23 13:06:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/23 13:06:07 | 3220,647,936 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/21 16:02:28 | 000,001,145 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012/01/21 15:49:46 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012/01/21 01:07:26 | 000,001,870 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/01/21 01:07:23 | 000,001,357 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/01/21 00:54:48 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/01/20 19:59:45 | 000,000,448 | ---- | M] () -- C:\ProgramData\UF9Ino0hgB9vTl
[2012/01/20 19:58:03 | 000,000,296 | ---- | M] () -- C:\ProgramData\~UF9Ino0hgB9vTl
[2012/01/20 19:58:03 | 000,000,176 | ---- | M] () -- C:\ProgramData\~UF9Ino0hgB9vTlr
[2012/01/20 19:52:47 | 000,000,000 | ---- | M] () -- C:\Users\ASUS\AppData\Local\{F691DE43-1F2D-415D-827D-4E336F8F1658}
[2012/01/12 14:22:05 | 007,255,112 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/12 14:22:05 | 000,701,558 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/01/12 14:22:05 | 000,700,582 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/01/12 14:22:05 | 000,698,320 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012/01/12 14:22:05 | 000,696,236 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/01/12 14:22:05 | 000,686,470 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2012/01/12 14:22:05 | 000,661,294 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/01/12 14:22:05 | 000,623,136 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/12 14:22:05 | 000,558,898 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2012/01/12 14:22:05 | 000,392,448 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2012/01/12 14:22:05 | 000,360,650 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2012/01/12 14:22:05 | 000,140,306 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/01/12 14:22:05 | 000,136,996 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2012/01/12 14:22:05 | 000,136,184 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012/01/12 14:22:05 | 000,133,384 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/01/12 14:22:05 | 000,133,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/01/12 14:22:05 | 000,130,388 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/01/12 14:22:05 | 000,109,632 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2012/01/12 14:22:05 | 000,109,632 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/12 14:22:05 | 000,092,680 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2012/01/12 14:22:05 | 000,072,338 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2012/01/12 13:19:18 | 000,000,000 | ---- | M] () -- C:\Users\ASUS\AppData\Local\{6CF09F70-3A05-46D6-9616-AE604FAEE1F2}
[2012/01/09 17:17:16 | 000,000,000 | ---- | M] () -- C:\Users\ASUS\AppData\Local\{5F32FA2F-4189-4A75-97D2-BD9178DDB805}
[2012/01/07 11:37:16 | 000,000,000 | ---- | M] () -- C:\Users\ASUS\AppData\Local\{21E56C28-DB31-4CB5-9A52-3ADC22C5ED1F}
[2012/01/04 15:28:36 | 000,016,640 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\gtkdrv.sys
[2012/01/01 16:51:39 | 000,000,000 | ---- | M] () -- C:\Users\ASUS\AppData\Local\{AF4C507F-6B62-4B98-8C2A-EBE347798153}
[2011/12/30 19:07:33 | 000,000,000 | ---- | M] () -- C:\Users\ASUS\AppData\Local\{BD539DBB-EEC3-45DA-833F-7193E6A0618F}

========== Files Created - No Company Name ==========

[2012/01/21 16:02:28 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012/01/21 00:54:48 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/01/20 19:58:03 | 000,000,296 | ---- | C] () -- C:\ProgramData\~UF9Ino0hgB9vTl
[2012/01/20 19:58:03 | 000,000,176 | ---- | C] () -- C:\ProgramData\~UF9Ino0hgB9vTlr
[2012/01/20 19:57:56 | 000,000,448 | ---- | C] () -- C:\ProgramData\UF9Ino0hgB9vTl
[2012/01/20 19:52:47 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{F691DE43-1F2D-415D-827D-4E336F8F1658}
[2012/01/12 13:19:18 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{6CF09F70-3A05-46D6-9616-AE604FAEE1F2}
[2012/01/09 17:17:16 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{5F32FA2F-4189-4A75-97D2-BD9178DDB805}
[2012/01/07 11:37:16 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{21E56C28-DB31-4CB5-9A52-3ADC22C5ED1F}
[2012/01/01 16:51:39 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{AF4C507F-6B62-4B98-8C2A-EBE347798153}
[2011/12/30 19:07:33 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{BD539DBB-EEC3-45DA-833F-7193E6A0618F}
[2011/12/23 17:23:56 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{BD8804F7-99B2-4AF6-AA0D-FEE06B8C164D}
[2011/12/17 22:04:19 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{49E5EACE-F2ED-4D1C-B47E-6698B4139A31}
[2011/12/17 22:02:01 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{11E38B0B-13DC-4459-91B3-3BBADEB9D165}
[2011/12/16 15:04:36 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{0FA120E7-02C7-430D-8752-4A1FC01C2FCD}
[2011/12/12 15:09:12 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{EC1736FD-D43A-4151-BADE-DCF510877C49}
[2011/12/02 23:50:16 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{3D980779-1A82-4D47-BA84-7FB176810CE3}
[2011/12/02 18:37:06 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{086E8589-AD94-4407-BD65-508B236BBB88}
[2011/11/28 18:33:04 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{90988062-5DF9-4B2C-A424-199D183E46EE}
[2011/11/22 13:59:30 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{A112E674-D860-4D45-9616-A39164663AD6}
[2011/11/10 21:59:29 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{B8208BAD-38B8-4BBB-B60F-F0CC16E7411B}
[2011/11/10 13:32:40 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{D6F7CE4B-7C6C-409A-8950-98D6246215F9}
[2011/11/08 16:58:27 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{DDE33B00-6196-4B05-8880-EF986DE92259}
[2011/11/07 21:32:40 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{15297AB6-0CF9-41A7-BD93-0BAFE48240BE}
[2011/11/07 14:54:44 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{6398A055-F0B9-49C1-93FB-E00DB617C9AB}
[2011/11/07 14:52:52 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{C083C34D-598D-4E91-BFEF-1285E7339E21}
[2011/11/06 21:37:01 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{323CA58F-913D-42AA-815C-23FF03ADFC79}
[2011/11/06 17:55:33 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{8D612E4A-0350-439D-8644-562281FBF429}
[2011/11/06 15:00:32 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{6172ACD8-62F0-48D0-A043-5BE4E1383F3D}
[2011/11/06 12:00:31 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{3F869AC5-1E51-404C-8265-00E87E41A86B}
[2011/11/06 09:50:18 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{DBD3BB93-A9DE-4705-95CE-0ACD9F9E61A6}
[2011/11/05 10:36:16 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{98E0153E-4DDE-4E2E-8BCA-2E7860AF1760}
[2011/11/05 10:33:30 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{3533AD7C-1231-474A-9B60-D02BC979A743}
[2011/11/03 13:34:49 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{B91E0052-6D5F-4928-B69F-A582705B5E0E}
[2011/11/02 13:19:32 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{2FD9E696-DA04-4C37-9313-C29CE22AF056}
[2011/11/01 14:27:38 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{C2BBF2CE-4AFB-4C76-88CD-D39F201EEB5E}
[2011/10/31 15:38:56 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{A223F611-B3B5-454C-BFB2-D8F6F9CBE56E}
[2011/10/30 21:59:40 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{85424869-ED8E-469E-9C16-272B2477A0B2}
[2011/10/30 17:32:15 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{7FFED7E4-799F-4346-8AB2-E2603AA6F26E}
[2011/10/29 09:32:03 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{07AD5F58-A687-42CE-9CD2-A3AAFFFBB974}
[2011/10/27 15:34:59 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{EBFC0C98-C60C-4653-A32C-CEA7134B00C7}
[2011/10/26 20:49:29 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{BD58CE61-D713-40B3-89EA-6323CD4AC6E9}
[2011/10/26 18:37:20 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{B05BB913-7634-48DE-9894-C84CAEB041AE}
[2011/10/26 16:24:00 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{B525D999-97EE-4111-8EFD-057BC586414B}
[2011/10/26 14:11:20 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{8D6515F1-689D-4B72-8E87-2383CEDAEB0F}
[2011/10/17 17:44:36 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{0A0B67C0-D10B-4095-89B4-ED0FA873B433}
[2011/10/17 11:57:41 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{BD6F930F-B1FC-4230-809E-C00533C2136B}
[2011/10/16 18:01:05 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{A81A0EF7-235F-4AAB-AF15-D7A09FE847A0}
[2011/10/16 15:48:41 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{209E773C-6F57-4640-8896-7A5E4F0963F4}
[2011/10/15 16:50:35 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{8F923D66-987F-488B-B255-F738AABF926E}
[2011/10/07 16:26:03 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{1CDC83BF-C3F9-472A-8D40-8806E2F45E5A}
[2011/09/22 20:34:42 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{05B1F66E-5E4A-401B-9591-C4B3687968F7}
[2011/09/21 17:23:19 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{7A1F24D1-DE7A-4C51-90F3-E1F3FD19CAA0}
[2011/09/18 19:01:38 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{E438CDE9-086F-496B-8DBB-17CD97A2D520}
[2011/09/18 16:59:25 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{62F05A51-EB1B-4FF2-BE5B-B22D8578E7BD}
[2011/09/17 13:38:49 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{1973D310-1C19-4A3A-A02D-1014B82D05F4}
[2011/09/11 15:37:22 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{3569A4C5-CDC8-43ED-A07A-1382ECB3ECB4}
[2011/09/10 23:18:17 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{90F8728A-AE21-4801-8C1E-884166EF0042}
[2011/09/02 18:06:36 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{5787E84C-B0AD-4178-8C0D-D8A2FB3C068E}
[2011/09/01 18:39:07 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{3CBC66F2-989F-4C41-8056-3439D2EE9EB4}
[2011/08/31 17:19:06 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{6A9B6463-93B4-4B1A-B630-1B27D404AB25}
[2011/08/29 16:40:04 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{B3C9B1E2-E8EB-487F-BC6E-ABD2219328A3}
[2011/08/28 14:39:07 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{C19952D8-A034-4840-997B-998E86A42A64}
[2011/08/14 18:23:34 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{FC4DE3DB-8E28-4CA0-9B98-8A9D15D9B18B}
[2011/08/10 17:55:51 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{0C491E92-E6ED-4BA0-85ED-B51D37F9499A}
[2011/08/06 19:32:39 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{F1B42A2D-A30B-4A35-B14F-22168A4BEF6F}
[2011/08/06 13:36:05 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{22FE46BC-CAD1-4806-8090-486386611D8A}
[2011/08/04 17:05:36 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{E65B5E5B-F80C-4774-9812-BE772D4FACE9}
[2011/08/04 14:26:51 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{4AC71B44-106F-4888-9623-AB65E766AA71}
[2011/08/03 18:51:42 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{A5372EFC-2C3E-448A-93D5-BFE2D6313462}
[2011/07/31 19:01:11 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{FB2FD5B1-396C-4393-943E-85C699A841EA}
[2011/07/27 17:16:32 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{6F7E006E-C1B2-425A-9FDD-A0DAAF614C91}
[2011/07/25 19:29:00 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2011/07/25 19:28:17 | 007,203,400 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/03 19:23:02 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2009/08/19 09:33:09 | 000,018,432 | ---- | C] () -- C:\Windows\OOBEPlayer.exe
[2009/08/19 09:33:09 | 000,000,031 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/07/29 06:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/01 09:10:50 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/07/05 11:13:20 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Asus WebStorage
[2011/09/08 18:57:28 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\OpenOffice.org
[2011/12/05 19:56:51 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/06/15 12:11:59 | 000,000,054 | ---- | M] () -- C:\AdobeReader.log
[2009/07/14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/07/29 07:03:37 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/11/03 19:29:17 | 000,012,902 | ---- | M] () -- C:\devlist.txt
[2009/11/03 19:29:17 | 000,000,009 | ---- | M] () -- C:\Finish.log
[2012/01/23 13:06:07 | 3220,647,936 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/14 08:56:55 | 000,000,018 | ---- | M] () -- C:\K61IC_K70IC_WIN7.10
[2009/09/11 14:10:53 | 001,048,576 | ---- | M] () -- C:\K70IC.BIN
[2009/07/02 08:17:15 | 000,000,037 | ---- | M] () -- C:\Nero.Log
[2009/06/12 02:32:00 | 000,000,057 | ---- | M] () -- C:\OFFICE2007_L.TXT
[2012/01/23 13:06:10 | 4294,201,344 | -HS- | M] () -- C:\pagefile.sys
[2009/11/03 04:47:30 | 000,000,146 | ---- | M] () -- C:\Pass.txt
[2009/09/23 06:07:14 | 000,003,923 | ---- | M] () -- C:\Patch.LOG
[2009/09/14 08:56:55 | 000,000,014 | ---- | M] () -- C:\RECOVERY.DAT
[2009/11/03 18:18:14 | 000,003,240 | ---- | M] () -- C:\RHDSetup.log
[2009/11/03 18:23:30 | 000,000,090 | ---- | M] () -- C:\setup.log
[2009/11/03 17:59:18 | 000,000,170 | ---- | M] () -- C:\SumHidd.txt
[2009/11/03 17:57:35 | 000,000,098 | ---- | M] () -- C:\SumOS.txt
[2012/01/21 15:11:54 | 000,076,432 | ---- | M] () -- C:\TDSSKiller.2.7.6.0_21.01.2012_15.09.20_log.txt
[2012/01/21 15:14:27 | 000,076,432 | ---- | M] () -- C:\TDSSKiller.2.7.6.0_21.01.2012_15.11.59_log.txt
[2009/09/16 19:04:46 | 000,000,024 | ---- | M] () -- C:\v82.txt

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >
[2011/05/13 14:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2009/07/14 02:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\system32\ws2help.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: WININIT.EXE >
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

Swisstreasure · 24.01.2012, 01:42

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
[2012/01/20 19:59:45 | 000,000,448 | ---- | M] () -- C:\ProgramData\UF9Ino0hgB9vTl
[2012/01/20 19:58:03 | 000,000,296 | ---- | M] () -- C:\ProgramData\~UF9Ino0hgB9vTl
[2012/01/20 19:58:03 | 000,000,176 | ---- | M] () -- C:\ProgramData\~UF9Ino0hgB9vTlr
[2012/01/20 19:52:47 | 000,000,000 | ---- | M] () -- C:\Users\ASUS\AppData\Local\{F691DE43-1F2D-415D-827D-4E336F8F1658}
[2012/01/20 19:58:03 | 000,000,296 | ---- | C] () -- C:\ProgramData\~UF9Ino0hgB9vTl
[2012/01/20 19:58:03 | 000,000,176 | ---- | C] () -- C:\ProgramData\~UF9Ino0hgB9vTlr
[2012/01/20 19:57:56 | 000,000,448 | ---- | C] () -- C:\ProgramData\UF9Ino0hgB9vTl
[2012/01/20 19:52:47 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\AppData\Local\{F691DE43-1F2D-415D-827D-4E336F8F1658}
:Commands
[purity]
[emptytemp]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

france · 24.01.2012, 15:39

OTL- textdatei:

All processes killed
========== OTL ==========
C:\ProgramData\UF9Ino0hgB9vTl moved successfully.
C:\ProgramData\~UF9Ino0hgB9vTl moved successfully.
C:\ProgramData\~UF9Ino0hgB9vTlr moved successfully.
C:\Users\ASUS\AppData\Local\{F691DE43-1F2D-415D-827D-4E336F8F1658} moved successfully.
File C:\ProgramData\~UF9Ino0hgB9vTl not found.
File C:\ProgramData\~UF9Ino0hgB9vTlr not found.
File C:\ProgramData\UF9Ino0hgB9vTl not found.
File C:\Users\ASUS\AppData\Local\{F691DE43-1F2D-415D-827D-4E336F8F1658} not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: ASUS
->Temp folder emptied: 170467834 bytes
->Temporary Internet Files folder emptied: 82381096 bytes
->Java cache emptied: 3262285 bytes
->FireFox cache emptied: 46573545 bytes
->Google Chrome cache emptied: 50891896 bytes
->Flash cache emptied: 163080 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1183950785 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 50544873 bytes

Total Files Cleaned = 1,515.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01242012_152814

Files\Folders moved on Reboot...
C:\Users\ASUS\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

france · 24.01.2012, 17:34

gmer logfile konnte aber nur Services, Registry und Files. anklicken

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-01-24 17:25:21
Windows 6.1.7600  
Running: wqcl6rqo.exe


---- Files - GMER 1.0.15 ----

File  C:\ADSM_PData_0150               0 bytes
File  C:\ADSM_PData_0150\DB            0 bytes
File  C:\ADSM_PData_0150\DB\SI.db      624 bytes
File  C:\ADSM_PData_0150\DB\UL.db      16 bytes
File  C:\ADSM_PData_0150\DB\VL.db      16 bytes
File  C:\ADSM_PData_0150\DB\WAL.db     2048 bytes
File  C:\ADSM_PData_0150\DragWait.exe  315392 bytes executable
File  C:\ADSM_PData_0150\_avt          512 bytes

---- EOF - GMER 1.0.15 ----

Swisstreasure · 24.01.2012, 17:51

Schon eine Besserung?

france · 25.01.2012, 14:23

also ich habe alle Schritte, die Sie mir angeordnet haben, durchgeführt und jetzt scheint alles wieder normal zu sein. Ist jetzt der Virus weg bzw der ganze Laptop wieder in Ordnung?

Swisstreasure · 25.01.2012, 22:00

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

24.01.2012, 17:51	#9
Swisstreasure /// Malwareteam	System Check Virus Schon eine Besserung?

System Check Virus

Log-Analyse und Auswertung: System Check Virus