Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.02.2012, 13:23   #1
ch0ka
 
Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" - Standard

Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus"



Hallo liebe Mitglieder des Trojaner-Boards!

Wie vielen Personen in jüngster Vergangenheit erging es vor ein paar Minuten auch mir so, dass mich der bekannte "50€-Virus" befiel und nach dem Systemstart mein System unbrauchbar machte.

Hektisch und etwas ratlos erkundigte ich mich hier und benutzte OTL, um der Lage Herr zu werden.
In meiner Hektik achtete ich jedoch nicht darauf, dass die Kommando-Parameter im OTL für jeden User spezifisch und individuell erstellt wurden, und nahm einen der vorgefertigten Befehle.
Nachdem ich anhand dessen OTL seinen Dienst verrichten ließ (von einem anderen Konto aus), und mein System erneut startete, scheint das Problem nun behoben zu sein.
Da ich mir nun nicht sicher bin, wie es um mein System steht, befinden sich im Anhang noch ein paar Logs (OTL, Hijackthis). Falls erwünscht, können andersweitige Logs noch nachgereicht werden.

Mit freundlichen Grüßen
Dennis

Alt 09.02.2012, 16:46   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" - Standard

Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus"



Bitte KEINE HijackThis Log mehr posten!

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 10.02.2012, 12:46   #3
ch0ka
 
Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" - Standard

Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus"



MBAM: (Es existieren keine älteren Scans)

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.10.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Dennis :: DENNIS-PC [Administrator]

10.02.2012 09:15:44
mbam-log-2012-02-10 (09-15-44).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 558292
Laufzeit: 1 Stunde(n), 38 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7ad4fc2456799d4bb809c2f9f21158a0
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-10 11:43:48
# local_time=2012-02-10 12:43:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 88340 65409665 79943 0
# compatibility_mode=5893 16776573 100 94 14444 80502694 0 0
# compatibility_mode=8192 67108863 100 0 3691 3691 0 0
# scanned=21459
# found=0
# cleaned=0
# scan_time=1384
         
__________________

Geändert von ch0ka (10.02.2012 um 13:30 Uhr)

Alt 10.02.2012, 14:25   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" - Standard

Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus"



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.02.2012, 14:48   #5
ch0ka
 
Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" - Standard

Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus"



OTL

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.02.2012 14:33:31 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = H:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 56,65% Memory free
7,99 Gb Paging File | 6,19 Gb Available in Paging File | 77,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,59 Gb Total Space | 16,91 Gb Free Space | 28,86% Space Free | Partition Type: NTFS
Drive E: | 97,66 Gb Total Space | 16,71 Gb Free Space | 17,11% Space Free | Partition Type: NTFS
Drive F: | 97,66 Gb Total Space | 28,21 Gb Free Space | 28,89% Space Free | Partition Type: NTFS
Drive G: | 97,66 Gb Total Space | 0,12 Gb Free Space | 0,12% Space Free | Partition Type: NTFS
Drive H: | 101,10 Gb Total Space | 25,63 Gb Free Space | 25,36% Space Free | Partition Type: NTFS
 
Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.09 12:58:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
PRC - [2011.09.02 14:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- E:\AdAware\AAWService.exe
PRC - [2011.08.15 14:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- E:\AdAware\AAWTray.exe
PRC - [2011.06.29 13:57:55 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.20 04:56:48 | 000,234,792 | ---- | M] (CyberLink Corp.) -- H:\PowerDVD\PowerDVD11\PDVD11Serv.exe
PRC - [2011.04.20 04:56:47 | 000,083,240 | ---- | M] () -- H:\PowerDVD\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011.03.31 14:37:11 | 000,312,616 | ---- | M] (CyberLink) -- H:\PowerDVD\PowerDVD11\Common\MediaServer\CLMSServer.exe
PRC - [2011.03.31 14:37:06 | 000,070,952 | ---- | M] (CyberLink) -- H:\PowerDVD\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 15:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.01.03 01:48:49 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.08.10 10:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.08.10 10:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.08.10 10:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.06.09 17:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.06.09 17:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009.05.20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.11.26 03:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.09.26 17:16:22 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- E:\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2011.09.26 17:16:16 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- E:\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011.09.02 14:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- E:\AdAware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.06.29 13:57:55 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.20 04:56:47 | 000,083,240 | ---- | M] () [Auto | Running] -- H:\PowerDVD\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011.03.31 14:37:11 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- H:\PowerDVD\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011.03.31 14:37:06 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- H:\PowerDVD\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.01.11 18:04:04 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- E:\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2011.01.03 01:48:49 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.10.25 13:18:19 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.08.10 10:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.11 13:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.06.01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.15 22:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.06.29 13:57:56 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.29 13:57:56 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.06.08 12:06:32 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2011.04.29 11:12:00 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.11 18:04:04 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011.01.11 18:04:00 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010.12.25 20:11:09 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.12.25 16:16:09 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2010.11.26 05:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.11.26 03:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.16 16:24:16 | 000,015,672 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2010.09.14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010.09.14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010.09.14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010.09.14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010.07.21 16:58:50 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010.07.12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.06.17 10:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.05.15 13:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010.05.11 11:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.01.27 04:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.12.10 12:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.10.26 16:54:22 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.08.23 10:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011.08.22 22:18:31 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- E:\AdAware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2011.04.20 04:56:48 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- H:\PowerDVD\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2011.04.12 10:16:53 | 000,148,976 | ---- | M] (CyberLink Corp.) [2012/02/09 09:44:33] [Kernel | Auto | Running] -- H:\PowerDVD\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011.01.11 18:04:04 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- E:\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.7
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.14
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: E:\DivXWebPlayer\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: E:\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: E:\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.25 16:34:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: E:\Firefox\components [2012.02.10 13:27:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: E:\Firefox\plugins [2011.10.19 18:08:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: E:\Firefox\components [2012.02.10 13:27:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: E:\Firefox\plugins [2011.10.19 18:08:41 | 000,000,000 | ---D | M]
 
[2010.12.24 19:24:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions
[2012.01.26 09:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\wef4pq6t.default\extensions
[2011.03.16 23:36:45 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\wef4pq6t.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2011.12.24 15:56:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\wef4pq6t.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.01.26 09:07:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\wef4pq6t.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.10.21 13:02:03 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\wef4pq6t.default\extensions\LogMeInClient@logmein.com
() (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WEF4PQ6T.DEFAULT\EXTENSIONS\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.XPI
() (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WEF4PQ6T.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WEF4PQ6T.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WEF4PQ6T.DEFAULT\EXTENSIONS\SECURELOGIN@BLUEIMP.NET.XPI
() (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WEF4PQ6T.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
 
Hosts file not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] E:\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [RemoteControl11] H:\PowerDVD\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] E:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\ICQ\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\ICQ\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Dennis\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Dennis\Desktop\PartyPoker.lnk File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32EBF9C2-18F3-4502-8B1D-5DC6412F6EDE}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A2E9BA4-4171-4983-B472-E525B029C54D}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{435C03AB-BF0C-4DFB-9C9D-C282B4ED729A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C19A40CF-B54E-41CD-808E-C2E68611E58C}: DhcpNameServer = 10.44.37.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DivX Download Manager - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - E:\ICQ\ICQ7.4\ICQ.exe (ICQ, LLC.)
MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: VideoWebCamera - hkey= - key= - C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - E:\AdAware\AAWService.exe (Lavasoft Limited)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - E:\AdAware\AAWService.exe (Lavasoft Limited)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.10 12:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.02.09 13:43:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.02.09 13:41:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.02.09 09:44:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 11
[2012.02.08 16:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[2012.02.08 16:35:29 | 000,015,672 | ---- | C] (InterVideo) -- C:\Windows\SysNative\drivers\regi.sys
[2012.02.07 15:32:20 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\MediaShow
[2012.02.07 15:31:29 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Documents\CyberLink
[2012.02.07 15:27:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink
[2012.02.07 15:27:02 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\MediaServer
[2012.02.07 15:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\PDVD
[2012.02.07 15:26:44 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\CyberLink
[2012.02.07 15:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012.02.07 15:13:12 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\CyberLink
[2012.02.07 15:07:03 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2012.02.02 14:32:28 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\Data
[2012.01.30 00:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2012.01.29 19:25:25 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Avira
[2012.01.29 11:24:18 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Mozilla-Cache
[2012.01.29 11:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PartyPoker
[2012.01.26 13:19:15 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\FullTiltPoker
[2012.01.26 13:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
[2012.01.19 23:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MMI PHARMINDEX
[2012.01.19 23:47:32 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Gelbe Liste Pharmindex
[2012.01.19 19:14:13 | 000,000,000 | ---D | C] -- C:\med7net
[2012.01.16 15:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PassMark
[2012.01.16 15:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyboardTest
[2012.01.12 11:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.08.13 21:33:20 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Dennis\AppData\Roaming\pcouffin.sys
[2010.10.25 13:11:10 | 000,051,712 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.10 14:22:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.10 09:22:06 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.10 09:15:22 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.10 09:15:22 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.10 09:13:23 | 001,501,272 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.10 09:13:23 | 000,653,986 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.10 09:13:23 | 000,615,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.10 09:13:23 | 000,131,652 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.10 09:13:23 | 000,107,642 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.10 09:07:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.10 09:07:17 | 3217,211,392 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.09 14:20:59 | 000,299,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.08 16:36:05 | 000,000,040 | -H-- | M] () -- C:\Windows\SysNative\ivireg.ivr
[2012.02.07 16:42:24 | 000,006,144 | ---- | M] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.07 12:22:36 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.02.07 12:22:36 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.01.30 09:33:30 | 000,001,494 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.15 16:26:47 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.01.15 16:26:47 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.01.15 16:25:33 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
 
========== Files Created - No Company Name ==========
 
[2012.02.08 16:35:58 | 000,000,040 | -H-- | C] () -- C:\Windows\SysNative\ivireg.ivr
[2011.12.20 20:50:18 | 000,000,534 | ---- | C] () -- C:\Windows\eReg.dat
[2011.09.04 16:36:28 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.09.04 16:36:28 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.08.22 21:05:21 | 000,000,008 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\Me gone wild nude JPEG.exe
[2011.08.13 21:33:20 | 000,099,384 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\inst.exe
[2011.08.13 21:33:20 | 000,007,859 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\pcouffin.cat
[2011.08.13 21:33:20 | 000,001,167 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\pcouffin.inf
[2011.06.06 19:43:06 | 000,000,343 | ---- | C] () -- C:\Windows\ATB_Prec.Ini
[2011.04.14 11:27:50 | 000,006,144 | ---- | C] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.14 11:26:09 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.02.23 13:12:57 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI
[2011.02.16 20:02:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.11 15:07:04 | 000,001,057 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\vso_ts_preview.xml
[2011.01.29 20:45:53 | 000,000,000 | ---- | C] () -- C:\Windows\LiveBilliardsDemo.INI
[2011.01.14 11:04:40 | 001,528,202 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.05 14:21:21 | 000,007,605 | ---- | C] () -- C:\Users\Dennis\AppData\Local\Resmon.ResmonCfg
[2011.01.03 01:10:37 | 000,280,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.01.03 01:10:33 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.01.03 01:10:33 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.12.24 23:39:49 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.12.24 19:24:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.10.25 13:11:10 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.10.25 13:11:10 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2010.10.25 13:11:10 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2010.10.25 13:06:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.09.17 20:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005.07.14 15:22:22 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll
[2005.07.14 15:22:21 | 000,831,488 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
 
========== LOP Check ==========
 
[2010.12.25 20:28:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Atari
[2011.06.05 02:14:07 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Babylon
[2010.12.25 21:35:47 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DAEMON Tools Lite
[2011.06.01 11:09:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\EAC
[2010.12.25 02:58:36 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Foxit Software
[2012.01.20 00:10:34 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Gelbe Liste Pharmindex
[2011.12.15 16:31:14 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\GetFoldersize
[2012.02.01 15:11:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ
[2010.12.25 20:25:39 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Leadertech
[2011.04.14 10:31:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenOffice.org
[2012.01.26 14:52:17 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\SoftGrid Client
[2012.01.09 10:50:10 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\SpeedProject
[2011.09.04 16:58:11 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Stand O'Food 3
[2011.02.23 13:09:32 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Teleca
[2011.06.18 23:38:30 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\thriXXX
[2011.01.14 11:05:54 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TP
[2011.07.06 22:41:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TrueCrypt
[2011.10.12 09:52:57 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software
[2011.08.13 21:33:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Vso
[2011.08.06 22:28:41 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\wargaming.net
[2011.05.26 21:21:10 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.06.01 12:00:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\AccurateRip
[2011.10.19 18:11:46 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Adobe
[2010.12.25 20:28:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Atari
[2010.12.24 18:50:09 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ATI
[2012.01.29 19:25:25 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Avira
[2011.06.05 02:14:07 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Babylon
[2012.02.07 15:31:56 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\CyberLink
[2010.12.25 21:35:47 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DAEMON Tools Lite
[2012.02.04 22:02:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DivX
[2011.06.01 11:09:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\EAC
[2010.12.25 02:58:36 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Foxit Software
[2012.01.20 00:10:34 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Gelbe Liste Pharmindex
[2011.12.15 16:31:14 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\GetFoldersize
[2012.02.01 15:11:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ
[2010.12.24 18:48:33 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Identities
[2010.12.25 20:25:39 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Leadertech
[2010.12.24 18:48:57 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Macromedia
[2011.08.22 22:18:59 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Malwarebytes
[2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Media Center Programs
[2012.01.19 19:13:50 | 000,000,000 | --SD | M] -- C:\Users\Dennis\AppData\Roaming\Microsoft
[2010.12.24 19:24:52 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Mozilla
[2012.01.29 11:24:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Mozilla-Cache
[2011.12.03 11:32:22 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Nero
[2011.04.14 10:31:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenOffice.org
[2011.01.03 01:34:23 | 000,000,000 | RH-D | M] -- C:\Users\Dennis\AppData\Roaming\SecuROM
[2012.01.12 12:57:42 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Skype
[2012.01.12 11:55:09 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\skypePM
[2012.01.26 14:52:17 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\SoftGrid Client
[2012.01.09 10:50:10 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\SpeedProject
[2011.09.04 16:58:11 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Stand O'Food 3
[2011.02.23 13:09:32 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Teleca
[2011.06.18 23:38:30 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\thriXXX
[2011.01.14 11:05:54 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TP
[2011.07.06 22:41:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TrueCrypt
[2011.10.12 09:52:57 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software
[2011.08.14 13:13:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\vlc
[2011.08.13 21:33:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Vso
[2011.08.06 22:28:41 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\wargaming.net
[2011.01.28 13:27:48 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Winamp
[2010.12.25 21:49:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.08.13 21:33:20 | 000,099,384 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\inst.exe
[2011.08.22 21:05:21 | 000,000,008 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Me gone wild nude JPEG.exe
[2011.08.22 21:12:43 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2012.01.30 18:33:15 | 005,185,536 | R--- | M] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\RapeLay.exe
[2012.01.30 18:33:15 | 000,028,672 | R--- | M] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\_EB52FE80E75B_486E_9850_195DAB8E8D59.exe
[2010.12.27 08:24:04 | 000,010,134 | R--- | M] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011.05.19 10:06:56 | 000,374,160 | ---- | M] (LogMeIn, Inc.) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\wef4pq6t.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardian.exe
[2011.05.16 12:31:42 | 000,070,984 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\wef4pq6t.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.07.17 20:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.07.17 20:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:BC359956

< End of report >
         
--- --- ---


Alt 10.02.2012, 16:38   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" - Standard

Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus"



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://packardbell.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://packardbell.msn.com
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Dennis\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Dennis\Desktop\PartyPoker.lnk File not found
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:BC359956
:Files
C:\Users\Dennis\AppData\Roaming\*.exe
C:\Users\Dennis\AppData\Roaming\Babylon
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
--> Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus"

Alt 12.02.2012, 10:48   #7
ch0ka
 
Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" - Standard

Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus"



Hier die OTL-Logfile nach dem Fix:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
E:\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
ADS C:\ProgramData\Temp:BC359956 deleted successfully.
========== FILES ==========
C:\Users\Dennis\AppData\Roaming\inst.exe moved successfully.
C:\Users\Dennis\AppData\Roaming\Me gone wild nude JPEG.exe moved successfully.
C:\Users\Dennis\AppData\Roaming\Babylon folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: cHk
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1660502 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 456 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Dennis
->Temp folder emptied: 17678844 bytes
->Temporary Internet Files folder emptied: 3921171 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 644459455 bytes
->Flash cache emptied: 4327 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 256377 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 637,00 mb
 
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 02122012_103717

Files\Folders moved on Reboot...
C:\Users\Dennis\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Dennis\AppData\Local\Temp\~PI46E4.tmp moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         

Alt 12.02.2012, 14:43   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" - Standard

Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus"



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.02.2012, 16:53   #9
ch0ka
 
Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" - Standard

Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus"



Code:
ATTFilter
16:53:08.0824 1160	TDSS rootkit removing tool 2.7.11.0 Feb  9 2012 10:12:57
16:53:08.0906 1160	============================================================
16:53:08.0906 1160	Current date / time: 2012/02/12 16:53:08.0906
16:53:08.0906 1160	SystemInfo:
16:53:08.0907 1160	
16:53:08.0907 1160	OS Version: 6.1.7601 ServicePack: 1.0
16:53:08.0907 1160	Product type: Workstation
16:53:08.0907 1160	ComputerName: DENNIS-PC
16:53:08.0907 1160	UserName: Dennis
16:53:08.0907 1160	Windows directory: C:\Windows
16:53:08.0907 1160	System windows directory: C:\Windows
16:53:08.0907 1160	Running under WOW64
16:53:08.0907 1160	Processor architecture: Intel x64
16:53:08.0907 1160	Number of processors: 2
16:53:08.0907 1160	Page size: 0x1000
16:53:08.0907 1160	Boot type: Normal boot
16:53:08.0907 1160	============================================================
16:53:10.0110 1160	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:53:10.0115 1160	\Device\Harddisk0\DR0:
16:53:10.0115 1160	MBR used
16:53:10.0115 1160	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
16:53:10.0115 1160	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x7530000
16:53:10.0136 1160	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x8F63000, BlocksNum 0xC350000
16:53:10.0155 1160	\Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x152B3800, BlocksNum 0xC350000
16:53:10.0176 1160	\Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x21604000, BlocksNum 0xC350000
16:53:10.0194 1160	\Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x2D954800, BlocksNum 0xCA31000
16:53:10.0425 1160	Initialize success
16:53:10.0425 1160	============================================================
16:53:14.0221 1972	============================================================
16:53:14.0221 1972	Scan started
16:53:14.0221 1972	Mode: Manual; SigCheck; TDLFS; 
16:53:14.0221 1972	============================================================
16:53:15.0662 1972	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:53:15.0719 1972	1394ohci - ok
16:53:15.0777 1972	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:53:15.0793 1972	ACPI - ok
16:53:15.0857 1972	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:53:15.0873 1972	AcpiPmi - ok
16:53:16.0054 1972	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:53:16.0072 1972	adp94xx - ok
16:53:16.0132 1972	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:53:16.0147 1972	adpahci - ok
16:53:16.0272 1972	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:53:16.0284 1972	adpu320 - ok
16:53:16.0417 1972	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
16:53:16.0436 1972	AFD - ok
16:53:16.0549 1972	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:53:16.0560 1972	agp440 - ok
16:53:16.0663 1972	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:53:16.0677 1972	aliide - ok
16:53:16.0816 1972	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:53:16.0825 1972	amdide - ok
16:53:16.0877 1972	amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
16:53:16.0915 1972	amdiox64 - ok
16:53:17.0027 1972	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:53:17.0041 1972	AmdK8 - ok
16:53:17.0313 1972	amdkmdag        (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
16:53:17.0481 1972	amdkmdag - ok
16:53:17.0576 1972	amdkmdap        (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
16:53:17.0616 1972	amdkmdap - ok
16:53:17.0694 1972	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:53:17.0708 1972	AmdPPM - ok
16:53:17.0765 1972	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:53:17.0776 1972	amdsata - ok
16:53:17.0828 1972	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:53:17.0845 1972	amdsbs - ok
16:53:17.0926 1972	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:53:17.0936 1972	amdxata - ok
16:53:18.0054 1972	AODDriver4.01   (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
16:53:18.0064 1972	AODDriver4.01 - ok
16:53:18.0175 1972	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:53:18.0211 1972	AppID - ok
16:53:18.0326 1972	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:53:18.0337 1972	arc - ok
16:53:18.0384 1972	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:53:18.0395 1972	arcsas - ok
16:53:18.0515 1972	ArcSec          (36661a0497d8ed2d07b82524df932ea3) C:\Windows\system32\drivers\ArcSec.sys
16:53:18.0528 1972	ArcSec - ok
16:53:18.0631 1972	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:53:18.0674 1972	AsyncMac - ok
16:53:18.0705 1972	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:53:18.0716 1972	atapi - ok
16:53:18.0851 1972	athr            (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
16:53:18.0900 1972	athr - ok
16:53:19.0034 1972	AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys
16:53:19.0044 1972	AtiHDAudioService - ok
16:53:19.0098 1972	AtiPcie         (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
16:53:19.0106 1972	AtiPcie - ok
16:53:19.0174 1972	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
16:53:19.0183 1972	avgntflt - ok
16:53:19.0219 1972	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
16:53:19.0229 1972	avipbb - ok
16:53:19.0317 1972	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:53:19.0336 1972	b06bdrv - ok
16:53:19.0389 1972	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:53:19.0405 1972	b57nd60a - ok
16:53:19.0511 1972	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:53:19.0549 1972	Beep - ok
16:53:19.0604 1972	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:53:19.0618 1972	blbdrive - ok
16:53:19.0664 1972	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:53:19.0677 1972	bowser - ok
16:53:19.0753 1972	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:53:19.0769 1972	BrFiltLo - ok
16:53:19.0921 1972	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:53:19.0937 1972	BrFiltUp - ok
16:53:20.0099 1972	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:53:20.0116 1972	Brserid - ok
16:53:20.0154 1972	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:53:20.0170 1972	BrSerWdm - ok
16:53:20.0249 1972	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:53:20.0268 1972	BrUsbMdm - ok
16:53:20.0280 1972	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:53:20.0294 1972	BrUsbSer - ok
16:53:20.0384 1972	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:53:20.0401 1972	BTHMODEM - ok
16:53:20.0512 1972	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:53:20.0551 1972	cdfs - ok
16:53:20.0657 1972	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:53:20.0672 1972	cdrom - ok
16:53:20.0726 1972	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:53:20.0742 1972	circlass - ok
16:53:20.0786 1972	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:53:20.0803 1972	CLFS - ok
16:53:20.0960 1972	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:53:20.0973 1972	CmBatt - ok
16:53:21.0001 1972	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:53:21.0011 1972	cmdide - ok
16:53:21.0097 1972	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:53:21.0120 1972	CNG - ok
16:53:21.0164 1972	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:53:21.0173 1972	Compbatt - ok
16:53:21.0209 1972	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:53:21.0234 1972	CompositeBus - ok
16:53:21.0344 1972	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:53:21.0354 1972	crcdisk - ok
16:53:21.0504 1972	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:53:21.0544 1972	DfsC - ok
16:53:21.0597 1972	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:53:21.0637 1972	discache - ok
16:53:21.0666 1972	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:53:21.0680 1972	Disk - ok
16:53:21.0813 1972	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:53:21.0828 1972	drmkaud - ok
16:53:21.0926 1972	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:53:21.0951 1972	DXGKrnl - ok
16:53:22.0066 1972	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:53:22.0116 1972	ebdrv - ok
16:53:22.0211 1972	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:53:22.0229 1972	elxstor - ok
16:53:22.0283 1972	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:53:22.0296 1972	ErrDev - ok
16:53:22.0379 1972	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:53:22.0419 1972	exfat - ok
16:53:22.0439 1972	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:53:22.0483 1972	fastfat - ok
16:53:22.0563 1972	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:53:22.0576 1972	fdc - ok
16:53:22.0606 1972	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:53:22.0618 1972	FileInfo - ok
16:53:22.0628 1972	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:53:22.0666 1972	Filetrace - ok
16:53:22.0752 1972	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:53:22.0768 1972	flpydisk - ok
16:53:22.0825 1972	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:53:22.0839 1972	FltMgr - ok
16:53:22.0876 1972	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:53:22.0886 1972	FsDepends - ok
16:53:22.0897 1972	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:53:22.0907 1972	Fs_Rec - ok
16:53:22.0965 1972	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:53:22.0981 1972	fvevol - ok
16:53:23.0010 1972	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:53:23.0021 1972	gagp30kx - ok
16:53:23.0146 1972	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:53:23.0163 1972	hcw85cir - ok
16:53:23.0219 1972	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:53:23.0238 1972	HdAudAddService - ok
16:53:23.0329 1972	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:53:23.0346 1972	HDAudBus - ok
16:53:23.0385 1972	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:53:23.0400 1972	HidBatt - ok
16:53:23.0419 1972	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:53:23.0437 1972	HidBth - ok
16:53:23.0458 1972	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:53:23.0476 1972	HidIr - ok
16:53:23.0578 1972	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:53:23.0592 1972	HidUsb - ok
16:53:23.0649 1972	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:53:23.0660 1972	HpSAMD - ok
16:53:23.0754 1972	HTCAND64        (cf44b25ae808765d7308f412ad492ddb) C:\Windows\system32\Drivers\ANDROIDUSB.sys
16:53:23.0767 1972	HTCAND64 - ok
16:53:23.0815 1972	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:53:23.0862 1972	HTTP - ok
16:53:23.0891 1972	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:53:23.0901 1972	hwpolicy - ok
16:53:23.0970 1972	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:53:23.0984 1972	i8042prt - ok
16:53:24.0049 1972	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:53:24.0065 1972	iaStorV - ok
16:53:24.0188 1972	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:53:24.0199 1972	iirsp - ok
16:53:24.0295 1972	IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
16:53:24.0345 1972	IntcAzAudAddService - ok
16:53:24.0376 1972	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:53:24.0386 1972	intelide - ok
16:53:24.0472 1972	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:53:24.0486 1972	intelppm - ok
16:53:24.0541 1972	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:53:24.0579 1972	IpFilterDriver - ok
16:53:24.0618 1972	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:53:24.0632 1972	IPMIDRV - ok
16:53:24.0673 1972	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:53:24.0716 1972	IPNAT - ok
16:53:24.0776 1972	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:53:24.0796 1972	IRENUM - ok
16:53:24.0841 1972	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:53:24.0851 1972	isapnp - ok
16:53:24.0903 1972	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:53:24.0917 1972	iScsiPrt - ok
16:53:24.0980 1972	k57nd60a        (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys
16:53:24.0994 1972	k57nd60a - ok
16:53:25.0060 1972	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:53:25.0070 1972	kbdclass - ok
16:53:25.0189 1972	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:53:25.0203 1972	kbdhid - ok
16:53:25.0241 1972	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:53:25.0252 1972	KSecDD - ok
16:53:25.0298 1972	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:53:25.0310 1972	KSecPkg - ok
16:53:25.0388 1972	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:53:25.0429 1972	ksthunk - ok
16:53:25.0542 1972	Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) E:\AdAware\KernExplorer64.sys
16:53:25.0551 1972	Lavasoft Kernexplorer - ok
16:53:25.0686 1972	Lbd             (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
16:53:25.0695 1972	Lbd - ok
16:53:25.0763 1972	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:53:25.0804 1972	lltdio - ok
16:53:25.0900 1972	LMIInfo         (0317335b15ff3bda8e10197e3434cfc0) E:\LogMeIn\x64\RaInfo.sys
16:53:25.0908 1972	LMIInfo - ok
16:53:26.0012 1972	lmimirr         (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
16:53:26.0021 1972	lmimirr - ok
16:53:26.0085 1972	LMIRfsClientNP - ok
16:53:26.0140 1972	LMIRfsDriver    (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
16:53:26.0149 1972	LMIRfsDriver - ok
16:53:26.0253 1972	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:53:26.0265 1972	LSI_FC - ok
16:53:26.0295 1972	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:53:26.0306 1972	LSI_SAS - ok
16:53:26.0334 1972	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:53:26.0344 1972	LSI_SAS2 - ok
16:53:26.0369 1972	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:53:26.0381 1972	LSI_SCSI - ok
16:53:26.0480 1972	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:53:26.0521 1972	luafv - ok
16:53:26.0568 1972	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:53:26.0580 1972	megasas - ok
16:53:26.0601 1972	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:53:26.0616 1972	MegaSR - ok
16:53:26.0647 1972	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:53:26.0688 1972	Modem - ok
16:53:26.0724 1972	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:53:26.0740 1972	monitor - ok
16:53:26.0786 1972	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:53:26.0796 1972	mouclass - ok
16:53:26.0845 1972	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:53:26.0858 1972	mouhid - ok
16:53:26.0918 1972	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:53:26.0929 1972	mountmgr - ok
16:53:26.0985 1972	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:53:26.0997 1972	mpio - ok
16:53:27.0022 1972	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:53:27.0063 1972	mpsdrv - ok
16:53:27.0128 1972	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:53:27.0148 1972	MRxDAV - ok
16:53:27.0185 1972	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:53:27.0200 1972	mrxsmb - ok
16:53:27.0236 1972	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:53:27.0251 1972	mrxsmb10 - ok
16:53:27.0281 1972	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:53:27.0295 1972	mrxsmb20 - ok
16:53:27.0337 1972	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:53:27.0347 1972	msahci - ok
16:53:27.0384 1972	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:53:27.0396 1972	msdsm - ok
16:53:27.0492 1972	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:53:27.0530 1972	Msfs - ok
16:53:27.0542 1972	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:53:27.0579 1972	mshidkmdf - ok
16:53:27.0608 1972	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:53:27.0618 1972	msisadrv - ok
16:53:27.0722 1972	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:53:27.0760 1972	MSKSSRV - ok
16:53:27.0793 1972	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:53:27.0830 1972	MSPCLOCK - ok
16:53:27.0884 1972	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:53:27.0923 1972	MSPQM - ok
16:53:27.0978 1972	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:53:27.0993 1972	MsRPC - ok
16:53:28.0029 1972	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:53:28.0041 1972	mssmbios - ok
16:53:28.0129 1972	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:53:28.0166 1972	MSTEE - ok
16:53:28.0180 1972	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:53:28.0194 1972	MTConfig - ok
16:53:28.0224 1972	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:53:28.0234 1972	Mup - ok
16:53:28.0296 1972	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:53:28.0317 1972	NativeWifiP - ok
16:53:28.0398 1972	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:53:28.0423 1972	NDIS - ok
16:53:28.0464 1972	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:53:28.0502 1972	NdisCap - ok
16:53:28.0587 1972	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:53:28.0626 1972	NdisTapi - ok
16:53:28.0666 1972	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:53:28.0702 1972	Ndisuio - ok
16:53:28.0735 1972	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:53:28.0773 1972	NdisWan - ok
16:53:28.0825 1972	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:53:28.0862 1972	NDProxy - ok
16:53:28.0965 1972	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:53:29.0003 1972	NetBIOS - ok
16:53:29.0042 1972	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:53:29.0082 1972	NetBT - ok
16:53:29.0190 1972	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:53:29.0200 1972	nfrd960 - ok
16:53:29.0238 1972	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:53:29.0279 1972	Npfs - ok
16:53:29.0447 1972	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:53:29.0487 1972	nsiproxy - ok
16:53:29.0579 1972	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:53:29.0616 1972	Ntfs - ok
16:53:29.0835 1972	ntk_PowerDVD12  (eaac965642ef5f818aed508cadf83e4b) E:\PowerDVD 12\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
16:53:29.0844 1972	ntk_PowerDVD12 - ok
16:53:29.0931 1972	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:53:29.0969 1972	Null - ok
16:53:30.0009 1972	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:53:30.0021 1972	nvraid - ok
16:53:30.0062 1972	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:53:30.0076 1972	nvstor - ok
16:53:30.0119 1972	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:53:30.0131 1972	nv_agp - ok
16:53:30.0167 1972	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:53:30.0182 1972	ohci1394 - ok
16:53:30.0476 1972	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:53:30.0490 1972	Parport - ok
16:53:30.0524 1972	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:53:30.0534 1972	partmgr - ok
16:53:30.0575 1972	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:53:30.0588 1972	pci - ok
16:53:30.0612 1972	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:53:30.0622 1972	pciide - ok
16:53:30.0659 1972	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:53:30.0673 1972	pcmcia - ok
16:53:30.0701 1972	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:53:30.0711 1972	pcw - ok
16:53:30.0729 1972	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:53:30.0776 1972	PEAUTH - ok
16:53:30.0872 1972	Point64         (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
16:53:30.0881 1972	Point64 - ok
16:53:30.0985 1972	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:53:31.0023 1972	PptpMiniport - ok
16:53:31.0050 1972	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:53:31.0064 1972	Processor - ok
16:53:31.0179 1972	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:53:31.0217 1972	Psched - ok
16:53:31.0248 1972	PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
16:53:31.0257 1972	PxHlpa64 - ok
16:53:31.0319 1972	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:53:31.0353 1972	ql2300 - ok
16:53:31.0375 1972	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:53:31.0387 1972	ql40xx - ok
16:53:31.0416 1972	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:53:31.0434 1972	QWAVEdrv - ok
16:53:31.0463 1972	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:53:31.0501 1972	RasAcd - ok
16:53:31.0613 1972	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:53:31.0652 1972	RasAgileVpn - ok
16:53:31.0787 1972	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:53:31.0825 1972	Rasl2tp - ok
16:53:31.0859 1972	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:53:31.0900 1972	RasPppoe - ok
16:53:31.0912 1972	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:53:31.0952 1972	RasSstp - ok
16:53:31.0996 1972	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:53:32.0037 1972	rdbss - ok
16:53:32.0065 1972	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:53:32.0081 1972	rdpbus - ok
16:53:32.0106 1972	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:53:32.0144 1972	RDPCDD - ok
16:53:32.0228 1972	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:53:32.0266 1972	RDPENCDD - ok
16:53:32.0291 1972	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:53:32.0331 1972	RDPREFMP - ok
16:53:32.0367 1972	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:53:32.0407 1972	RDPWD - ok
16:53:32.0504 1972	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:53:32.0517 1972	rdyboost - ok
16:53:32.0590 1972	regi            (84c83c7577407c4ff6ab1379ee944610) C:\Windows\system32\drivers\regi.sys
16:53:32.0600 1972	regi - ok
16:53:32.0727 1972	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:53:32.0767 1972	rspndr - ok
16:53:32.0866 1972	RSUSBSTOR       (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\system32\Drivers\RtsUStor.sys
16:53:32.0886 1972	RSUSBSTOR - ok
16:53:32.0923 1972	RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys
16:53:32.0934 1972	RTHDMIAzAudService - ok
16:53:33.0011 1972	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:53:33.0023 1972	sbp2port - ok
16:53:33.0099 1972	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:53:33.0137 1972	scfilter - ok
16:53:33.0200 1972	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:53:33.0241 1972	secdrv - ok
16:53:33.0304 1972	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:53:33.0316 1972	Serenum - ok
16:53:33.0352 1972	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:53:33.0366 1972	Serial - ok
16:53:33.0456 1972	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:53:33.0469 1972	sermouse - ok
16:53:33.0518 1972	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:53:33.0531 1972	sffdisk - ok
16:53:33.0552 1972	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:53:33.0566 1972	sffp_mmc - ok
16:53:33.0611 1972	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:53:33.0626 1972	sffp_sd - ok
16:53:33.0651 1972	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:53:33.0665 1972	sfloppy - ok
16:53:33.0792 1972	Sftfs           (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
16:53:33.0813 1972	Sftfs - ok
16:53:33.0865 1972	Sftplay         (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
16:53:33.0877 1972	Sftplay - ok
16:53:33.0906 1972	Sftredir        (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
16:53:33.0914 1972	Sftredir - ok
16:53:34.0018 1972	Sftvol          (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
16:53:34.0026 1972	Sftvol - ok
16:53:34.0141 1972	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:53:34.0152 1972	SiSRaid2 - ok
16:53:34.0194 1972	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:53:34.0206 1972	SiSRaid4 - ok
16:53:34.0256 1972	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:53:34.0307 1972	Smb - ok
16:53:34.0411 1972	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:53:34.0421 1972	spldr - ok
16:53:34.0496 1972	sptd            (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
16:53:34.0497 1972	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
16:53:34.0519 1972	sptd ( LockedFile.Multi.Generic ) - warning
16:53:34.0519 1972	sptd - detected LockedFile.Multi.Generic (1)
16:53:34.0565 1972	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:53:34.0597 1972	srv - ok
16:53:34.0672 1972	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:53:34.0692 1972	srv2 - ok
16:53:34.0732 1972	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:53:34.0748 1972	srvnet - ok
16:53:34.0895 1972	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:53:34.0905 1972	stexstor - ok
16:53:34.0953 1972	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:53:34.0963 1972	swenum - ok
16:53:35.0152 1972	SynTP           (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys
16:53:35.0166 1972	SynTP - ok
16:53:35.0253 1972	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:53:35.0298 1972	Tcpip - ok
16:53:35.0375 1972	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:53:35.0417 1972	TCPIP6 - ok
16:53:35.0498 1972	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:53:35.0536 1972	tcpipreg - ok
16:53:35.0592 1972	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:53:35.0629 1972	TDPIPE - ok
16:53:35.0648 1972	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:53:35.0687 1972	TDTCP - ok
16:53:35.0750 1972	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:53:35.0791 1972	tdx - ok
16:53:35.0826 1972	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:53:35.0836 1972	TermDD - ok
16:53:35.0949 1972	truecrypt       (ea43de1743c1ba0d2d17b8db90c91d88) C:\Windows\system32\drivers\truecrypt.sys
16:53:35.0962 1972	truecrypt - ok
16:53:36.0007 1972	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:53:36.0044 1972	tssecsrv - ok
16:53:36.0076 1972	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:53:36.0089 1972	TsUsbFlt - ok
16:53:36.0190 1972	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:53:36.0228 1972	tunnel - ok
16:53:36.0263 1972	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:53:36.0273 1972	uagp35 - ok
16:53:36.0322 1972	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:53:36.0361 1972	udfs - ok
16:53:36.0457 1972	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:53:36.0467 1972	uliagpkx - ok
16:53:36.0508 1972	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:53:36.0521 1972	umbus - ok
16:53:36.0560 1972	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:53:36.0573 1972	UmPass - ok
16:53:36.0610 1972	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:53:36.0624 1972	usbccgp - ok
16:53:36.0689 1972	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:53:36.0706 1972	usbcir - ok
16:53:36.0741 1972	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:53:36.0754 1972	usbehci - ok
16:53:36.0864 1972	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:53:36.0881 1972	usbhub - ok
16:53:36.0927 1972	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
16:53:36.0940 1972	usbohci - ok
16:53:37.0039 1972	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:53:37.0055 1972	usbprint - ok
16:53:37.0091 1972	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
16:53:37.0104 1972	USBSTOR - ok
16:53:37.0123 1972	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:53:37.0136 1972	usbuhci - ok
16:53:37.0231 1972	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:53:37.0249 1972	usbvideo - ok
16:53:37.0300 1972	usb_rndisx      (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
16:53:37.0316 1972	usb_rndisx - ok
16:53:37.0441 1972	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:53:37.0452 1972	vdrvroot - ok
16:53:37.0528 1972	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:53:37.0545 1972	vga - ok
16:53:37.0565 1972	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:53:37.0607 1972	VgaSave - ok
16:53:37.0663 1972	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:53:37.0677 1972	vhdmp - ok
16:53:37.0707 1972	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:53:37.0717 1972	viaide - ok
16:53:37.0785 1972	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:53:37.0796 1972	volmgr - ok
16:53:37.0859 1972	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:53:37.0875 1972	volmgrx - ok
16:53:37.0966 1972	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:53:37.0980 1972	volsnap - ok
16:53:38.0026 1972	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:53:38.0038 1972	vsmraid - ok
16:53:38.0059 1972	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:53:38.0075 1972	vwifibus - ok
16:53:38.0156 1972	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:53:38.0174 1972	vwififlt - ok
16:53:38.0269 1972	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:53:38.0286 1972	vwifimp - ok
16:53:38.0328 1972	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:53:38.0341 1972	WacomPen - ok
16:53:38.0435 1972	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:53:38.0472 1972	WANARP - ok
16:53:38.0491 1972	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:53:38.0529 1972	Wanarpv6 - ok
16:53:38.0601 1972	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:53:38.0612 1972	Wd - ok
16:53:38.0645 1972	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:53:38.0668 1972	Wdf01000 - ok
16:53:38.0796 1972	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:53:38.0836 1972	WfpLwf - ok
16:53:38.0858 1972	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:53:38.0868 1972	WIMMount - ok
16:53:39.0013 1972	WinUSB          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
16:53:39.0030 1972	WinUSB - ok
16:53:39.0087 1972	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:53:39.0102 1972	WmiAcpi - ok
16:53:39.0160 1972	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:53:39.0200 1972	ws2ifsl - ok
16:53:39.0297 1972	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:53:39.0335 1972	WudfPf - ok
16:53:39.0386 1972	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:53:39.0429 1972	WUDFRd - ok
16:53:39.0615 1972	{329F96B6-DF1E-4328-BFDA-39EA953C1312} (74983addca2d9618512c088d856d6615) E:\PowerDVD 12\PowerDVD12\Common\NavFilter\000.fcl
16:53:39.0626 1972	{329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
16:53:39.0688 1972	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:53:39.0912 1972	\Device\Harddisk0\DR0 - ok
16:53:39.0919 1972	Boot (0x1200)   (4e3aef28cafcf33c4d429cfcec665d08) \Device\Harddisk0\DR0\Partition0
16:53:39.0920 1972	\Device\Harddisk0\DR0\Partition0 - ok
16:53:39.0936 1972	Boot (0x1200)   (f25242f33a915291ecdacca4a033b879) \Device\Harddisk0\DR0\Partition1
16:53:39.0939 1972	\Device\Harddisk0\DR0\Partition1 - ok
16:53:39.0980 1972	Boot (0x1200)   (d09cd79c54ec9eab0ae37d102cd56401) \Device\Harddisk0\DR0\Partition2
16:53:39.0982 1972	\Device\Harddisk0\DR0\Partition2 - ok
16:53:40.0000 1972	Boot (0x1200)   (f11e41c889f093fad6929d60c432bb0d) \Device\Harddisk0\DR0\Partition3
16:53:40.0002 1972	\Device\Harddisk0\DR0\Partition3 - ok
16:53:40.0021 1972	Boot (0x1200)   (9d4d2898fbe398f697f4e6bc6e83608a) \Device\Harddisk0\DR0\Partition4
16:53:40.0023 1972	\Device\Harddisk0\DR0\Partition4 - ok
16:53:40.0042 1972	Boot (0x1200)   (0d82256b5134d65ab8b52e3271cb2972) \Device\Harddisk0\DR0\Partition5
16:53:40.0044 1972	\Device\Harddisk0\DR0\Partition5 - ok
16:53:40.0044 1972	============================================================
16:53:40.0044 1972	Scan finished
16:53:40.0045 1972	============================================================
16:53:40.0063 4900	Detected object count: 1
16:53:40.0063 4900	Actual detected object count: 1
16:53:42.0802 4900	sptd ( LockedFile.Multi.Generic ) - skipped by user
16:53:42.0802 4900	sptd ( LockedFile.Multi.Generic ) - User select action: Skip
         
Seit kurzem steht im übrigen meine RAM-Auslastung durchgehend bei 95% ?!...sehr seltsam !

Geändert von ch0ka (12.02.2012 um 17:40 Uhr)

Alt 12.02.2012, 18:04   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" - Standard

Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus"



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.02.2012, 20:18   #11
ch0ka
 
Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" - Standard

Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus"



War nach dem ComboFix schon ganz verzweifelt, als die von dir genannte Fehlermeldung erschien

Aber hier nun der Log (welcher sich übrigens nicht unter "C:\ComboFix.txt" sondern unter "C:\ComboFix/ComboFix.txt" befand

Code:
ATTFilter
ComboFix 12-02-12.01 - Dennis 12.02.2012  19:14:51.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4091.2616 [GMT 1:00]
ausgeführt von:: C:\Users\Dennis\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\Dennis\AppData\Roaming\vso_ts_preview.xml


(((((((((((((((((((((((   Dateien erstellt von 2012-01-12 bis 2012-02-12  ))))))))))))))))))))))))))))))


2012-02-12 18:24:58 . 2012-02-12 18:24:58	--------	d-----w-	C:\Users\Default\AppData\Local\temp
2012-02-12 18:24:58 . 2012-02-12 18:24:58	--------	d-----w-	C:\Users\cHk\AppData\Local\temp
2012-02-12 17:13:14 . 2011-05-20 12:49:22	34624	----a-w-	C:\Windows\system32\TURegOpt.exe
2012-02-12 17:13:06 . 2011-05-20 12:43:32	25920	----a-w-	C:\Windows\system32\authuitu.dll
2012-02-12 17:13:06 . 2011-05-20 12:43:26	36160	----a-w-	C:\Windows\system32\uxtuneup.dll
2012-02-12 17:13:06 . 2011-05-20 12:43:18	29504	----a-w-	C:\Windows\SysWow64\uxtuneup.dll
2012-02-12 17:13:02 . 2011-05-20 12:43:30	21312	----a-w-	C:\Windows\SysWow64\authuitu.dll
2012-02-12 15:47:29 . 2012-02-12 15:47:29	--------	d-----w-	C:\Users\Dennis\AppData\Roaming\ArcSoft
2012-02-12 15:46:57 . 2012-02-12 15:46:58	--------	d-----w-	C:\Users\Dennis\AppData\Local\ArcSoft
2012-02-12 15:46:56 . 2012-02-12 15:46:58	--------	d-----w-	C:\ProgramData\ArcSoft
2012-02-12 15:46:56 . 2012-02-12 15:46:56	--------	d-----w-	C:\Program Files (x86)\Common Files\ArcSoft
2012-02-12 15:46:52 . 2011-11-10 10:14:14	311872	----a-w-	C:\Windows\system32\drivers\ArcSec.sys
2012-02-12 15:46:52 . 2010-12-30 16:29:20	80448	----a-w-	C:\Windows\system32\MMCEDT5.exe
2012-02-12 15:44:20 . 2012-02-12 15:44:20	--------	d-----w-	C:\Users\Dennis\AppData\Local\Downloaded Installations
2012-02-12 15:22:11 . 2012-02-12 15:22:11	--------	d-----w-	C:\Users\Dennis\AppData\Local\AMD
2012-02-12 15:21:28 . 2012-02-12 15:21:28	--------	d-----w-	C:\ProgramData\ATI
2012-02-12 15:13:42 . 2012-02-12 15:13:42	--------	d-----w-	C:\Program Files (x86)\AMD APP
2012-02-12 15:12:35 . 2012-02-12 15:12:35	--------	d-----w-	C:\ProgramData\AMD
2012-02-12 15:12:33 . 2010-02-18 08:18:24	46136	----a-w-	C:\Windows\system32\drivers\amdiox64.sys
2012-02-12 09:40:45 . 2012-02-12 09:40:45	--------	d-----w-	C:\Windows\system32\%LOCALAPPDATA%
2012-02-10 11:19:13 . 2012-02-10 11:19:13	--------	d-----w-	C:\Program Files (x86)\ESET
2012-02-10 08:20:00 . 2012-01-06 05:15:20	8602168	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{73B97690-9A8A-484B-9F5A-D364843EC570}\mpengine.dll
2012-02-09 12:43:16 . 2012-02-09 12:43:16	--------	d-----w-	C:\Windows\system32\SPReview
2012-02-09 12:41:57 . 2012-02-09 12:41:58	--------	d-----w-	C:\Windows\system32\EventProviders
2012-02-09 11:55:02 . 2012-02-09 11:55:02	--------	d-----w-	C:\Users\cHk\AppData\Local\LogMeIn
2012-02-08 15:37:38 . 2012-02-08 15:39:35	--------	d-----w-	C:\ProgramData\Protexis
2012-02-08 15:35:29 . 2010-11-16 15:24:16	15672	----a-w-	C:\Windows\system32\drivers\regi.sys
2012-02-07 14:32:20 . 2012-02-07 14:32:20	--------	d-----w-	C:\Users\Dennis\AppData\Local\MediaShow
2012-02-07 14:27:02 . 2012-02-07 14:27:02	--------	d-----w-	C:\Users\Dennis\AppData\Local\MediaServer
2012-02-07 14:26:59 . 2012-02-08 15:05:39	--------	d-----w-	C:\ProgramData\PDVD
2012-02-07 14:26:44 . 2012-02-12 16:25:31	--------	d-----w-	C:\Users\Public\CyberLink
2012-02-07 14:26:44 . 2012-02-12 16:25:31	--------	d-----w-	C:\Users\Dennis\AppData\Local\CyberLink
2012-02-07 14:13:13 . 2012-02-12 16:26:53	--------	d-----w-	C:\ProgramData\CyberLink
2012-02-07 14:13:12 . 2012-02-07 14:31:56	--------	d-----w-	C:\Users\Dennis\AppData\Roaming\CyberLink
2012-02-07 14:07:03 . 2012-02-07 14:23:05	--------	d-----w-	C:\ProgramData\install_clap
2012-01-30 17:33:15 . 2012-01-30 17:33:15	5185536	----a-r-	C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\RapeLay.exe
2012-01-30 17:33:15 . 2012-01-30 17:33:15	28672	----a-r-	C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\_EB52FE80E75B_486E_9850_195DAB8E8D59.exe
2012-01-29 18:25:25 . 2012-01-29 18:25:25	--------	d-----w-	C:\Users\Dennis\AppData\Roaming\Avira
2012-01-29 10:24:18 . 2012-01-29 10:24:18	--------	d-----w-	C:\Users\Dennis\AppData\Roaming\Mozilla-Cache
2012-01-26 12:19:15 . 2012-01-26 12:20:22	--------	d-----w-	C:\Users\Dennis\AppData\Local\FullTiltPoker
2012-01-19 22:47:32 . 2012-01-19 23:10:34	--------	d-----w-	C:\Users\Dennis\AppData\Roaming\Gelbe Liste Pharmindex
2012-01-19 18:14:13 . 2012-01-19 18:15:13	--------	d-----w-	C:\med7net
2012-01-19 18:13:51 . 2004-12-13 20:16:44	53248	----a-w-	C:\Windows\SysWow64\foxtools.fll
2012-01-16 14:30:36 . 2012-01-16 14:30:36	--------	d-----w-	C:\ProgramData\PassMark
.


((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-02-09 12:59:29 . 2009-07-14 02:36:51	175616	----a-w-	C:\Windows\system32\msclmd.dll
2012-02-09 12:59:29 . 2009-07-14 02:36:51	152576	----a-w-	C:\Windows\SysWow64\msclmd.dll
2012-01-26 23:52:58 . 2011-02-24 15:18:26	279656	------w-	C:\Windows\system32\MpSigStub.exe
2012-01-15 15:26:47 . 2011-01-03 00:34:46	280736	----a-w-	C:\Windows\SysWow64\PnkBstrB.xtr
2012-01-15 15:26:47 . 2011-01-03 00:10:37	280736	----a-w-	C:\Windows\SysWow64\PnkBstrB.exe
2012-01-15 15:25:33 . 2011-01-03 00:10:37	215128	----a-w-	C:\Windows\SysWow64\PnkBstrB.ex0
2011-12-10 14:24:08 . 2011-08-22 21:18:46	23152	----a-w-	C:\Windows\system32\drivers\mbam.sys
2011-12-06 03:45:40 . 2011-12-06 03:45:40	10720256	----a-w-	C:\Windows\system32\drivers\atikmdag.sys
2011-12-06 03:18:38 . 2011-12-06 03:18:38	25371136	----a-w-	C:\Windows\system32\atio6axx.dll
2011-12-06 03:17:50 . 2011-12-06 03:17:50	159744	----a-w-	C:\Windows\system32\atiapfxx.exe
2011-12-06 03:17:36 . 2011-12-06 03:17:36	778752	----a-w-	C:\Windows\SysWow64\aticfx32.dll
2011-12-06 03:16:00 . 2011-12-06 03:16:00	933888	----a-w-	C:\Windows\system32\aticfx64.dll
2011-12-06 03:12:52 . 2011-12-06 03:12:52	466944	----a-w-	C:\Windows\system32\ATIDEMGX.dll
2011-12-06 03:12:36 . 2011-12-06 03:12:36	494080	----a-w-	C:\Windows\system32\atieclxx.exe
2011-12-06 03:11:56 . 2011-12-06 03:11:56	235520	----a-w-	C:\Windows\system32\atiesrxx.exe
2011-12-06 03:10:38 . 2011-12-06 03:10:38	120320	----a-w-	C:\Windows\system32\atitmm64.dll
2011-12-06 03:10:20 . 2011-12-06 03:10:20	423424	----a-w-	C:\Windows\system32\atipdl64.dll
2011-12-06 03:10:12 . 2011-12-06 03:10:12	360448	----a-w-	C:\Windows\SysWow64\atipdlxx.dll
2011-12-06 03:10:00 . 2011-12-06 03:10:00	278528	----a-w-	C:\Windows\SysWow64\Oemdspif.dll
2011-12-06 03:09:56 . 2011-12-06 03:09:56	21504	----a-w-	C:\Windows\system32\atimuixx.dll
2011-12-06 03:09:50 . 2011-12-06 03:09:50	59392	----a-w-	C:\Windows\system32\atiedu64.dll
2011-12-06 03:09:44 . 2011-12-06 03:09:44	43520	----a-w-	C:\Windows\SysWow64\ati2edxx.dll
2011-12-06 03:06:38 . 2011-12-06 03:06:38	6159872	----a-w-	C:\Windows\SysWow64\atidxx32.dll
2011-12-06 02:56:40 . 2011-12-06 02:56:40	19125760	----a-w-	C:\Windows\SysWow64\atioglxx.dll
2011-12-06 02:51:22 . 2011-12-06 02:51:22	7520768	----a-w-	C:\Windows\system32\atidxx64.dll
2011-12-06 02:39:58 . 2011-12-06 02:39:58	1113088	----a-w-	C:\Windows\system32\atiumd6v.dll
2011-12-06 02:39:24 . 2011-12-06 02:39:24	1828864	----a-w-	C:\Windows\SysWow64\atiumdmv.dll
2011-12-06 02:39:12 . 2011-12-06 02:39:12	4072960	----a-w-	C:\Windows\system32\atiumd6a.dll
2011-12-06 02:34:28 . 2011-12-06 02:34:28	51200	----a-w-	C:\Windows\system32\aticalrt64.dll
2011-12-06 02:34:24 . 2011-12-06 02:34:24	46080	----a-w-	C:\Windows\SysWow64\aticalrt.dll
2011-12-06 02:34:16 . 2011-12-06 02:34:16	44544	----a-w-	C:\Windows\system32\aticalcl64.dll
2011-12-06 02:34:14 . 2011-12-06 02:34:14	44032	----a-w-	C:\Windows\SysWow64\aticalcl.dll
2011-12-06 02:34:00 . 2011-12-06 02:34:00	13738496	----a-w-	C:\Windows\system32\aticaldd64.dll
2011-12-06 02:33:36 . 2011-12-06 02:33:36	5919232	----a-w-	C:\Windows\SysWow64\atiumdag.dll
2011-12-06 02:29:30 . 2011-12-06 02:29:30	11484672	----a-w-	C:\Windows\SysWow64\aticaldd.dll
2011-12-06 02:28:50 . 2011-12-06 02:28:50	4206592	----a-w-	C:\Windows\SysWow64\atiumdva.dll
2011-12-06 02:24:02 . 2011-12-06 02:24:02	7511040	----a-w-	C:\Windows\system32\atiumd64.dll
2011-12-06 02:18:46 . 2011-12-06 02:18:46	58880	----a-w-	C:\Windows\system32\coinst.dll
2011-12-06 02:13:02 . 2010-09-16 10:55:56	509952	----a-w-	C:\Windows\system32\atiadlxx.dll
2011-12-06 02:12:52 . 2011-12-06 02:12:52	356352	----a-w-	C:\Windows\SysWow64\atiadlxy.dll
2011-12-06 02:12:38 . 2011-12-06 02:12:38	17408	----a-w-	C:\Windows\system32\atig6pxx.dll
2011-12-06 02:12:34 . 2011-12-06 02:12:34	14336	----a-w-	C:\Windows\SysWow64\atiglpxx.dll
2011-12-06 02:12:34 . 2011-12-06 02:12:34	14336	----a-w-	C:\Windows\system32\atiglpxx.dll
2011-12-06 02:12:30 . 2011-12-06 02:12:30	39936	----a-w-	C:\Windows\system32\atig6txx.dll
2011-12-06 02:12:22 . 2011-12-06 02:12:22	33280	----a-w-	C:\Windows\SysWow64\atigktxx.dll
2011-12-06 02:12:14 . 2011-12-06 02:12:14	327168	----a-w-	C:\Windows\system32\drivers\atikmpag.sys
2011-12-06 02:11:24 . 2010-11-26 02:16:04	42496	----a-w-	C:\Windows\system32\atiuxp64.dll
2011-12-06 02:11:16 . 2011-12-06 02:11:16	33280	----a-w-	C:\Windows\SysWow64\atiuxpag.dll
2011-12-06 02:11:10 . 2011-12-06 02:11:10	39936	----a-w-	C:\Windows\system32\atiu9p64.dll
2011-12-06 02:11:02 . 2011-12-06 02:11:02	29696	----a-w-	C:\Windows\SysWow64\atiu9pag.dll
2011-12-06 02:10:48 . 2011-12-06 02:10:48	54784	----a-w-	C:\Windows\system32\atimpc64.dll
2011-12-06 02:10:48 . 2011-12-06 02:10:48	54784	----a-w-	C:\Windows\system32\amdpcom64.dll
2011-12-06 02:10:42 . 2011-12-06 02:10:42	53760	----a-w-	C:\Windows\SysWow64\atimpc32.dll
2011-12-06 02:10:42 . 2011-12-06 02:10:42	53760	----a-w-	C:\Windows\SysWow64\amdpcom32.dll
2011-12-06 02:10:24 . 2011-12-06 02:10:24	53248	----a-w-	C:\Windows\system32\drivers\ati2erec.dll
2011-12-05 21:04:06 . 2011-12-05 21:04:06	69632	----a-w-	C:\Windows\system32\OpenVideo64.dll
2011-12-05 21:04:00 . 2011-12-05 21:04:00	59904	----a-w-	C:\Windows\SysWow64\OpenVideo.dll
2011-12-05 21:03:54 . 2011-12-05 21:03:54	61952	----a-w-	C:\Windows\system32\OVDecode64.dll
2011-12-05 21:03:52 . 2011-12-05 21:03:52	54784	----a-w-	C:\Windows\SysWow64\OVDecode.dll
2011-12-05 21:03:42 . 2011-12-05 21:03:42	17580544	----a-w-	C:\Windows\system32\amdocl64.dll
2011-12-05 21:03:04 . 2011-12-05 21:03:04	14499328	----a-w-	C:\Windows\SysWow64\amdocl.dll
2011-12-05 21:02:20 . 2011-12-05 21:02:20	51200	----a-w-	C:\Windows\system32\OpenCL.dll
2011-12-05 21:02:16 . 2011-12-05 21:02:16	44032	----a-w-	C:\Windows\SysWow64\OpenCL.dll
2011-12-05 19:47:30 . 2011-12-05 19:47:30	95248	----a-w-	C:\Windows\system32\drivers\AtihdW76.sys
2011-11-24 04:52:09 . 2011-12-14 13:48:44	3145216	----a-w-	C:\Windows\system32\win32k.sys
2011-11-19 14:58:00 . 2012-01-11 13:51:23	77312	----a-w-	C:\Windows\system32\packager.dll
2011-11-19 14:01:00 . 2012-01-11 13:51:23	67072	----a-w-	C:\Windows\SysWow64\packager.dll
2011-11-17 06:41:18 . 2012-01-11 13:51:24	1731920	----a-w-	C:\Windows\system32\ntdll.dll
2011-11-17 05:38:39 . 2012-01-11 13:51:24	1292080	----a-w-	C:\Windows\SysWow64\ntdll.dll
2011-11-15 16:58:56 . 2011-11-15 16:58:56	146432	----a-w-	C:\Windows\system32\SlotMaximizerAg.dll
2011-11-15 16:58:54 . 2011-11-15 16:58:54	3507712	----a-w-	C:\Windows\system32\SlotMaximizerBe.dll
2011-11-15 16:57:06 . 2011-11-15 16:57:06	2463744	----a-w-	C:\Windows\SysWow64\SlotMaximizerBe.dll
2011-11-15 16:57:02 . 2011-11-15 16:57:02	122880	----a-w-	C:\Windows\SysWow64\SlotMaximizerAg.dll
2006-05-03 09:06:54	163328	--sha-r-	C:\Windows\SysWOW64\flvDX.dll
2007-02-21 10:47:16	31232	--sha-r-	C:\Windows\SysWOW64\msfDX.dll
2008-03-16 12:30:52	216064	--sha-r-	C:\Windows\SysWOW64\nbDX.dll
         

Alt 12.02.2012, 20:50   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" - Standard

Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus"



Log ist leider unvollständig
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.02.2012, 20:53   #13
ch0ka
 
Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" - Standard

Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus"



Mehr ist in der Datei leider nicht zu finden...
Soll ich ComboFix noch einmal neu durchlaufen lassen, oder hätte dies negative Auswirkungen ?

Alt 13.02.2012, 10:13   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" - Standard

Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus"



Ich brauch den Quarantäneordner von Combofix. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner Quarantine in C:\Qoobox in eine Datei zippen
3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.02.2012, 17:54   #15
ch0ka
 
Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" - Standard

Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus"



Erfolgreich hochgeladen

Antwort

Themen zu Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus"
andere, anderen, anhang, befinden, bekannte, benutzte, dienst, erneut, erstell, erstellt, hijack, hijackthis, konto, minute, minuten, mitglieder, nicht sicher, personen, problem, ratlos, schei, sicherer, starte, systems, systemstart, troja, unsicherer




Ähnliche Themen: Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus"


  1. Nach Photo Transfer mit "MPE" nach"D", auf "C" ca. 5GB verloren? Rest: 5,6GB auf "C"!
    Alles rund um Windows - 17.04.2016 (21)
  2. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  3. "Fehler: Server nicht gefunden" immer noch nach "WAJAM.A.1"-Befall
    Plagegeister aller Art und deren Bekämpfung - 05.11.2014 (15)
  4. Win7 nach AntiVir Funden "TR/Crypt.zpack.Gen7" und "Adspy.Gen2" stark verlangsamt
    Log-Analyse und Auswertung - 13.04.2014 (28)
  5. "Server ist ausgelastet" - "Dieser Vorgang kann nicht ausgeführt werden,da die andere Anwendung aktiv ist.
    Log-Analyse und Auswertung - 29.11.2013 (23)
  6. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  7. "Server ist ausgelastet" - "Dieser Vorgang kann nicht ausgeführt werden,da die andere Anwendung aktiv ist.
    Diskussionsforum - 30.07.2013 (7)
  8. Dateityp von "Anwendung" in "4g" geändert
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (2)
  9. Diverse Fehlermeldungen bei Start des Systems nach "Entfernen" des "Polizei-Virus"
    Log-Analyse und Auswertung - 27.10.2012 (10)
  10. "BKA-Trojaner": Nach AntiVir-Rescue-Anwendung Rechner immer noch gesperrt
    Plagegeister aller Art und deren Bekämpfung - 15.05.2012 (25)
  11. Vermehrtes Virenvrkommen nach "50€-Virus" unteranderem "TR/injetor569344.5"
    Plagegeister aller Art und deren Bekämpfung - 04.02.2012 (1)
  12. Bundespolizei Trojaner mit option "früheren Zustand wiederherstellen" wirklich alles weg?
    Log-Analyse und Auswertung - 24.12.2011 (2)
  13. hohe load durch prozess "system" und "explorer.exe" verbindet alleine nach russland
    Plagegeister aller Art und deren Bekämpfung - 08.12.2010 (10)
  14. Mac OS X: "geringeres Risiko, aber letztlich unsicherer"
    Nachrichten - 18.03.2010 (0)
  15. Nach Virus keine "ausführen"befehl im startmenü und keine "ordneroptionen"!
    Plagegeister aller Art und deren Bekämpfung - 27.08.2009 (2)
  16. Nach Neuinstallation: "Resycled\boot.com ist keine zulässige Win32-Anwendung"
    Log-Analyse und Auswertung - 21.12.2008 (1)
  17. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)

Zum Thema Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" - Hallo liebe Mitglieder des Trojaner-Boards! Wie vielen Personen in jüngster Vergangenheit erging es vor ein paar Minuten auch mir so, dass mich der bekannte "50€-Virus" befiel und nach dem Systemstart - Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus"...
Archiv
Du betrachtest: Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.