100€ Virus (mor.exe)

Pegasuz · 30.03.2012, 01:19

Hallo,

habe mir die bereits öfter erwähnte mor.exe eingefangen, welche sich nur durch rechnerneustart schließen lies. Die datei selber im temp ordner ließ sich problemlos löschen, bin aber eben nicht sicher ob wirklich schon alles entfernt ist.

Danke für eure Hilfe

cosinus · 30.03.2012, 17:38

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Pegasuz · 02.04.2012, 02:08

Hallo,
und danke für die Antowort

Hier die beiden Logs:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.01.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Pegasuz :: PEGASUZ2 [Administrator]

Schutz: Aktiviert

01.04.2012 23:01:39
mbam-log-2012-04-01 (23-01-39).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 350022
Laufzeit: 1 Stunde(n), 28 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

 ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6f2403a0271b4a46a9c3643e6ad7c946
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-02 12:57:31
# local_time=2012-04-02 02:57:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 9095413 9095413 0 0
# compatibility_mode=5893 16776574 100 85 3254193 84951666 0 0
# compatibility_mode=8192 67108863 100 0 887 887 0 0
# compatibility_mode=9217 16777214 75 66 38714257 55594105 0 0
# scanned=171314
# found=22
# cleaned=0
# scan_time=7776
C:\Program Files\Acer Arcade Deluxe\PlayMovie\VideoFilter\cl264dec.ax	probably a variant of Win32/Hupigon.DCPCEC trojan (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Acer Arcade Deluxe\PlayMovie\VideoFilter\cldabc.dll	probably a variant of Win32/Hupigon.EFSSZFA trojan (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Acer Arcade Deluxe\PlayMovie\VideoFilter\cldorz.dll	probably a variant of Win32/Hupigon.KQQLKZT trojan (unable to clean)	00000000000000000000000000000000	I
C:\Toolz\CRC-Killer.exe	Win32/Packed.Autoit.C.Gen application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\4b39be8b-267b01df	a variant of Java/TrojanDownloader.Agent.AD trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6d76550c-4881728a	Java/Agent.EI trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\78e2444c-59ce3de8	Java/Exploit.CVE-2011-3544.L trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\30c08a91-77cb5d99	a variant of Java/TrojanDownloader.Agent.AD trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\67c69e11-7adf2233	a variant of Java/Exploit.CVE-2012-0507.D trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\165f57c2-108daa08	probably a variant of Java/Exploit.CVE-2012-0507.C trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\728a1d82-4717ad02	a variant of Java/TrojanDownloader.OpenConnection.AQ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\193cd055-660da22e	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\1c7ed395-4141cfcb	a variant of Java/Exploit.CVE-2011-3544.B trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\5bf70e57-1e4bd70b	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\78c10d1b-48081999	a variant of Java/Exploit.CVE-2011-3544.AA trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7679fe61-16288d62	a variant of Java/Exploit.CVE-2012-0507.B trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7135ddab-5f99353e	Java/TrojanDownloader.Agent.AD trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\6dfaef34-1d014d7b	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\280b3877-105c4176	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\66f3c038-6ed573db	a variant of Win32/Kryptik.WLG trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\7517c83a-458a24d5	a variant of Java/TrojanDownloader.OpenConnection.AQ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\7b781448-3747c428	Java/Exploit.CVE-2011-3544.BB trojan (unable to clean)	00000000000000000000000000000000	I

cosinus · 02.04.2012, 11:31

Zitat:

C:\Toolz\CRC-Killer.exe

Was soll denn das sein?

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Pegasuz · 04.04.2012, 20:28

Crc-Killer ist ein kleines Tool um Archive auch entpacken zu können wenn diese CRC Fehler haben, also zum beispiel beim download was schiefgegangen ist.

siehe auch hxxp://www.perfectsoft.tk/Programme.php?n=CRC-Killer

Bei Malwarebytes gibt es nur neuere Logs die scheinbar automatisch erstellt werden:

Code:

ATTFilter

 2012/04/01 22:59:57 +0200	PEGASUZ2	Pegasuz	MESSAGE	Executing scheduled update:  Daily
2012/04/01 22:59:57 +0200	PEGASUZ2	Pegasuz	MESSAGE	Starting protection
2012/04/01 23:00:00 +0200	PEGASUZ2	Pegasuz	MESSAGE	Protection started successfully
2012/04/01 23:00:03 +0200	PEGASUZ2	Pegasuz	MESSAGE	Starting IP protection
2012/04/01 23:00:07 +0200	PEGASUZ2	Pegasuz	MESSAGE	IP Protection started successfully
2012/04/01 23:00:13 +0200	PEGASUZ2	Pegasuz	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.03.31.02 to version v2012.04.01.04
2012/04/01 23:00:13 +0200	PEGASUZ2	Pegasuz	MESSAGE	Starting database refresh
2012/04/01 23:00:13 +0200	PEGASUZ2	Pegasuz	MESSAGE	Stopping IP protection
2012/04/01 23:02:56 +0200	PEGASUZ2	Pegasuz	MESSAGE	IP Protection stopped
2012/04/01 23:02:58 +0200	PEGASUZ2	Pegasuz	MESSAGE	Database refreshed successfully
2012/04/01 23:02:58 +0200	PEGASUZ2	Pegasuz	MESSAGE	Starting IP protection
2012/04/01 23:03:00 +0200	PEGASUZ2	Pegasuz	MESSAGE	IP Protection started successfully

Code:

ATTFilter

 2012/04/02 00:45:04 +0200	PEGASUZ2	Pegasuz	MESSAGE	Stopping IP protection
2012/04/02 00:47:55 +0200	PEGASUZ2	Pegasuz	MESSAGE	IP Protection stopped
2012/04/02 02:18:35 +0200	PEGASUZ2	Pegasuz	MESSAGE	Executing scheduled update:  Daily
2012/04/02 02:18:47 +0200	PEGASUZ2	Pegasuz	MESSAGE	Starting database refresh
2012/04/02 02:18:47 +0200	PEGASUZ2	Pegasuz	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.04.01.04 to version v2012.04.01.05
2012/04/02 02:19:10 +0200	PEGASUZ2	Pegasuz	MESSAGE	Database refreshed successfully
2012/04/02 23:45:11 +0200	PEGASUZ2	Pegasuz	MESSAGE	Starting protection
2012/04/02 23:45:14 +0200	PEGASUZ2	Pegasuz	MESSAGE	Protection started successfully
2012/04/02 23:45:17 +0200	PEGASUZ2	Pegasuz	MESSAGE	Starting IP protection
2012/04/02 23:45:19 +0200	PEGASUZ2	Pegasuz	MESSAGE	IP Protection started successfully

usw.

MfG

cosinus · 04.04.2012, 22:48

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus wieder uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Pegasuz · 04.04.2012, 22:54

hi,

1. Ja Windows läßt sich normal starten

2. Im Startmenü ist auch alles ok

3. Was mir aufgefallen ist, der "AppData" Ordner unter meinem Benutzernamen war versteckt, ließ sich aber durch ändern der Ordneroptionen wieder sichtbar machen. (habe normaleweise nie ordner versteckt/unsichtbar)

MfG

cosinus · 04.04.2012, 23:33

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Pegasuz · 05.04.2012, 00:02

Hier das Logfile:

Code:

ATTFilter

OTL logfile created on: 05.04.2012 00:46:38 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = D:\New Folder\Incoming
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 62,92% Memory free
5,99 Gb Paging File | 4,77 Gb Available in Paging File | 79,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,16 Gb Total Space | 24,89 Gb Free Space | 17,51% Space Free | Partition Type: NTFS
Drive D: | 142,18 Gb Total Space | 113,58 Gb Free Space | 79,88% Space Free | Partition Type: NTFS
 
Computer Name: PEGASUZ2 | User Name: Pegasuz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\New Folder\Incoming\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Secure Banking\v1.4\sbservice.exe ()
PRC - C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Acer\Mobility Center\MobilityService.exe (Acer Incorporated)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated)
PRC - C:\Programme\RocketDock\RocketDock.exe ()
PRC - C:\Programme\DTProTS\DTProTS.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Programme\Secure Banking\v1.4\SecureBanking.dll ()
MOD - C:\Programme\Secure Banking\v1.4\funcs.dll ()
MOD - C:\Programme\Secure Banking\v1.4\sbservice.exe ()
MOD - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll ()
MOD - C:\Programme\RocketDock\RocketDock.exe ()
MOD - C:\Programme\RocketDock\RocketDock.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SamsungAllShareV2.0) -- C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
SRV - (SimpleSlideShowServer) -- C:\Programme\Samsung\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (odserv) -- C:\Programme\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe (Acer Incorporated)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (eDataSecurity Service) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (ose) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (DTProTS) -- C:\Programme\DTProTS\DTProTS.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva391) -- C:\Windows\system32\XDva391.sys File not found
DRV - (VMnetAdapter) -- system32\DRIVERS\vmnetadapter.sys File not found
DRV - (USBModem) -- system32\DRIVERS\lgusbmodem.sys File not found
DRV - (UsbDiag) -- system32\DRIVERS\lgusbdiag.sys File not found
DRV - (usbbus) -- system32\DRIVERS\lgusbbus.sys File not found
DRV - (RSUSBSTOR) -- System32\Drivers\RtsUStor.sys File not found
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- system32\drivers\RTKVHDA.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (dgderdrv) -- System32\drivers\dgderdrv.sys File not found
DRV - (cmnsusbser) -- system32\DRIVERS\cmnsusbser.sys File not found
DRV - (apv6mmuc) --  File not found
DRV - (avipbb) -- C:\Windows\System32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\Windows\System32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\DRIVERS\avkmgr.sys (Avira GmbH)
DRV - (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\System32\DRIVERS\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\System32\DRIVERS\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\tsusbflt.sys (Microsoft Corporation)
DRV - (RMCAST) -- C:\Windows\System32\DRIVERS\RMCAST.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\DRIVERS\WinUsb.sys (Microsoft Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.SYS ()
DRV - (ssmdrv) -- C:\Windows\System32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (Vsdatant) -- C:\Windows\System32\DRIVERS\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (sscemdm) -- C:\Windows\System32\DRIVERS\sscemdm.sys (MCCI Corporation)
DRV - (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) -- C:\Windows\System32\DRIVERS\ssceserd.sys (MCCI Corporation)
DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\DRIVERS\sscebus.sys (MCCI Corporation)
DRV - (sscemdfl) -- C:\Windows\System32\DRIVERS\sscemdfl.sys (MCCI Corporation)
DRV - (ss_bmdm) -- C:\Windows\System32\DRIVERS\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\DRIVERS\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\DRIVERS\ss_bmdfl.sys (MCCI Corporation)
DRV - (atikmdag) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\DRIVERS\NETw5s32.sys (Intel Corporation)
DRV - (hidshim) -- C:\Windows\System32\DRIVERS\hidshim.sys (Windows (R) Win 7 DDK provider)
DRV - (nuvotonhidgeneric) -- C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys (Nuvoton Technology Corporation)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\DRIVERS\netw5v32.sys (Intel Corporation)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (XAudio) -- C:\Windows\System32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)
DRV - (AVMUNET) -- C:\Windows\System32\DRIVERS\avmunet.sys (AVM GmbH)
DRV - (AFPAnsi) -- C:\Windows\System32\Drivers\AFPAnsi.sys (Alfa Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_8730
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_8730
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_8730
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1;127.0.0.1
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.12startseite.de/index.php"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Pegasuz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.19 23:06:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.02.24 09:22:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pegasuz\AppData\Roaming\mozilla\Extensions
[2010.05.30 14:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pegasuz\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.13 18:40:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pegasuz\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2012.04.04 22:51:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pegasuz\AppData\Roaming\mozilla\Firefox\Profiles\2xmvettj.default\extensions
[2012.04.04 22:51:35 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Pegasuz\AppData\Roaming\mozilla\Firefox\Profiles\2xmvettj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.03.22 08:51:43 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Pegasuz\AppData\Roaming\mozilla\Firefox\Profiles\2xmvettj.default\extensions\support@lastpass.com
[2012.04.04 22:51:44 | 000,002,112 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Mozilla\Firefox\Profiles\2xmvettj.default\searchplugins\wot-safe-search.xml
[2012.02.24 09:23:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\mozilla firefox\extensions
() (No name found) -- C:\USERS\PEGASUZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2XMVETTJ.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\PEGASUZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2XMVETTJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.03.19 23:06:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2000.01.01 01:00:00 | 000,000,794 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 secure.disc-soft.com 
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [AllShareAgent] C:\Programme\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000..\Run: [SecureBanking] C:\Programme\Secure Banking\v1.4\SecureBanking.exe (Secure Banking)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\MICROS~4\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C5F150D-4CA5-4E28-A2A7-3BC269E2EFAD}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A96DDCA-6073-439C-BDCE-DC4BF86E933D}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{02fd1b56-584d-11df-a5f4-001f16be9587}\Shell - "" = AutoRun
O33 - MountPoints2\{02fd1b56-584d-11df-a5f4-001f16be9587}\Shell\AutoRun\command - "" = J:\preinst.exe
O33 - MountPoints2\{12f03283-0571-11e1-9179-001f16be9587}\Shell - "" = AutoRun
O33 - MountPoints2\{12f03283-0571-11e1-9179-001f16be9587}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{12f0328d-0571-11e1-9179-001f16be9587}\Shell - "" = AutoRun
O33 - MountPoints2\{12f0328d-0571-11e1-9179-001f16be9587}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{12f03298-0571-11e1-9179-001f16be9587}\Shell - "" = AutoRun
O33 - MountPoints2\{12f03298-0571-11e1-9179-001f16be9587}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{37dd83cc-57f5-11df-a13d-001f16be9587}\Shell - "" = AutoRun
O33 - MountPoints2\{37dd83cc-57f5-11df-a13d-001f16be9587}\Shell\AutoRun\command - "" = I:\preinst.exe
O33 - MountPoints2\{614d254d-8f85-11df-804a-001e657ece4c}\Shell - "" = AutoRun
O33 - MountPoints2\{614d254d-8f85-11df-804a-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{63b23e4d-8267-11df-8c5f-001e657ece4c}\Shell - "" = AutoRun
O33 - MountPoints2\{63b23e4d-8267-11df-8c5f-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{63b23e55-8267-11df-8c5f-001e657ece4c}\Shell - "" = AutoRun
O33 - MountPoints2\{63b23e55-8267-11df-8c5f-001e657ece4c}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{7e4a52cd-8752-11df-b642-001e657ece4c}\Shell - "" = AutoRun
O33 - MountPoints2\{7e4a52cd-8752-11df-b642-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8ac17976-b854-11de-88c9-001e657ece4c}\Shell - "" = AutoRun
O33 - MountPoints2\{8ac17976-b854-11de-88c9-001e657ece4c}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{8b58dfcd-97ee-11df-a5ae-001e657ece4c}\Shell - "" = AutoRun
O33 - MountPoints2\{8b58dfcd-97ee-11df-a5ae-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8b58dfd0-97ee-11df-a5ae-001e657ece4c}\Shell - "" = AutoRun
O33 - MountPoints2\{8b58dfd0-97ee-11df-a5ae-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a54171c8-022d-11e0-aed3-001f16be9587}\Shell - "" = AutoRun
O33 - MountPoints2\{a54171c8-022d-11e0-aed3-001f16be9587}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{ab371969-d057-11de-9019-001f16be9587}\Shell - "" = AutoRun
O33 - MountPoints2\{ab371969-d057-11de-9019-001f16be9587}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe
O33 - MountPoints2\{ac721ece-8442-11df-800a-001e657ece4c}\Shell - "" = AutoRun
O33 - MountPoints2\{ac721ece-8442-11df-800a-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ac721ed0-8442-11df-800a-001e657ece4c}\Shell - "" = AutoRun
O33 - MountPoints2\{ac721ed0-8442-11df-800a-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ca98c62e-4a6e-11df-8aa0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ca98c62e-4a6e-11df-8aa0-806e6f6e6963}\Shell\AutoRun\command - "" = H:\SETUP95.EXE
O33 - MountPoints2\{e57b67c4-b1db-11df-9e23-001f16be9587}\Shell - "" = AutoRun
O33 - MountPoints2\{e57b67c4-b1db-11df-9e23-001f16be9587}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e57b67c7-b1db-11df-9e23-001f16be9587}\Shell - "" = AutoRun
O33 - MountPoints2\{e57b67c7-b1db-11df-9e23-001f16be9587}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Pegasuz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.713674863367620167f76.exe.lnk -  - File not found
MsConfig - StartUpFolder: C:^Users^Pegasuz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Akamai NetSession Interface - hkey= - key= -  File not found
MsConfig - StartUpReg: AllShareAgent - hkey= - key= - C:\Programme\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: APSDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
MsConfig - StartUpReg: Google Update - hkey= - key= -  File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig - StartUpReg: KiesPDLR - hkey= - key= - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: vsmon - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: WinDefend - C:\Programme\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.VSPX - C:\Windows\System32\vspxvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.05 00:00:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.04.04 22:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.04.04 22:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\Skype
[2012.04.04 22:24:02 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Pegasuz\Desktop\aswMBR.exe
[2012.04.04 21:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\Secure Banking
[2012.04.02 00:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.31 06:30:48 | 000,000,000 | ---D | C] -- C:\Users\Pegasuz\AppData\Roaming\Malwarebytes
[2012.03.31 06:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.31 06:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.31 06:30:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.31 06:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.23 19:43:11 | 000,000,000 | ---D | C] -- C:\Users\Pegasuz\AppData\Roaming\WindSolutions
[2012.03.23 19:43:11 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2012.03.12 14:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\ShadowBladeTN3ENG
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.04 23:09:24 | 000,016,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.04 23:09:24 | 000,016,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.04 22:59:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.04 22:55:05 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.04 22:55:05 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.04 22:55:05 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.04 22:55:05 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.04 22:51:21 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.04 22:36:30 | 000,000,536 | ---- | M] () -- C:\Windows\tasks\{BA37C855-184C-4BDB-95D3-9588C533021B}.job
[2012.04.04 22:23:50 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Pegasuz\Desktop\aswMBR.exe
[2012.03.23 18:38:59 | 000,378,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.04 22:51:21 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.04 22:36:30 | 000,000,536 | ---- | C] () -- C:\Windows\tasks\{BA37C855-184C-4BDB-95D3-9588C533021B}.job
[2011.09.12 16:10:00 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2011.09.12 16:09:59 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.09.12 16:09:59 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.06.07 16:52:29 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.20 19:31:20 | 000,000,502 | ---- | C] () -- C:\Windows\wiso.ini
[2011.01.29 18:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.09.19 18:04:35 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat
[2010.07.11 17:32:52 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.07.11 17:32:52 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.05.25 01:00:30 | 000,007,601 | ---- | C] () -- C:\Users\Pegasuz\AppData\Local\Resmon.ResmonCfg
[2010.05.21 21:34:06 | 000,002,023 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.05.16 14:23:44 | 000,019,456 | ---- | C] () -- C:\Users\Pegasuz\AppData\Local\WebpageIcons.db
[2010.05.07 15:37:21 | 000,065,536 | ---- | C] () -- C:\Windows\TADSUINS.EXE
 
========== LOP Check ==========
 
[2009.10.19 11:21:58 | 000,000,000 | -HSD | M] -- C:\Users\Pegasuz\AppData\Roaming\.#
[2009.12.23 15:14:00 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Acer GameZone Console
[2011.03.20 19:31:29 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Buhl Data Service
[2009.12.27 06:31:00 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\CheckPoint
[2011.11.29 15:12:13 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\DAEMON Tools Pro
[2011.11.14 08:18:09 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\IMVU
[2011.09.26 15:17:43 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient
[2009.12.23 15:14:01 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\LG Electronics
[2012.01.13 08:46:08 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\LolClient
[2012.01.24 09:25:32 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Metaversum
[2011.06.08 20:57:56 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\PopCapv1003
[2009.12.23 15:14:09 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\PowerCinema
[2012.02.22 16:41:54 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\QuickScan
[2011.07.21 20:29:33 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\RenPy
[2010.05.21 14:02:58 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\SAD
[2011.12.16 22:50:15 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Samsung
[2011.10.14 14:42:23 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\SecondLife
[2010.05.17 17:26:28 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Senosoft
[2009.12.23 15:14:09 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\SoftDMA
[2010.03.20 18:37:20 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Thunderbird
[2011.04.01 17:48:08 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\TS3Client
[2010.05.09 17:08:07 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011.02.12 13:23:59 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Unity
[2012.02.07 23:43:45 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\uTorrent
[2012.01.14 19:06:57 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\VenusHostage
[2011.12.24 17:55:57 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Vista Start Menu
[2012.03.23 19:47:05 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\WindSolutions
[2009.07.14 06:53:46 | 000,030,112 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.01.13 10:52:50 | 000,000,186 | ---- | M] () -- C:\Windows\Tasks\{2547A0A8-7423-4C11-8E25-12E177C73BCC}.job
[2012.04.04 22:36:30 | 000,000,536 | ---- | M] () -- C:\Windows\Tasks\{BA37C855-184C-4BDB-95D3-9588C533021B}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.10.19 11:21:58 | 000,000,000 | -HSD | M] -- C:\Users\Pegasuz\AppData\Roaming\.#
[2009.12.23 15:14:00 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Acer GameZone Console
[2011.04.01 17:36:22 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Adobe
[2012.01.02 06:07:18 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Apple Computer
[2010.05.24 22:45:30 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\ATI
[2011.12.18 19:23:41 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Avira
[2011.03.20 19:31:29 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Buhl Data Service
[2009.12.27 06:31:00 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\CheckPoint
[2010.04.04 13:11:30 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\CyberLink
[2011.11.29 15:12:13 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\DAEMON Tools Pro
[2011.10.19 23:04:48 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\dvdcss
[2009.12.23 15:14:01 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Identities
[2011.11.14 08:18:09 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\IMVU
[2011.09.26 15:17:43 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient
[2011.09.12 16:07:32 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\InstallShield
[2009.12.23 15:14:01 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\LG Electronics
[2012.01.13 08:46:08 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\LolClient
[2009.12.23 15:14:02 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Macromedia
[2012.03.31 06:30:48 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Media Center Programs
[2011.11.29 15:12:11 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Media Player Classic
[2012.01.24 09:25:32 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Metaversum
[2011.08.05 08:28:34 | 000,000,000 | --SD | M] -- C:\Users\Pegasuz\AppData\Roaming\Microsoft
[2012.02.24 09:23:50 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Mozilla
[2011.06.08 20:57:56 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\PopCapv1003
[2009.12.23 15:14:09 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\PowerCinema
[2012.02.22 16:41:54 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\QuickScan
[2011.07.21 20:29:33 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\RenPy
[2010.05.21 14:02:58 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\SAD
[2011.12.16 22:50:15 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Samsung
[2011.10.14 14:42:23 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\SecondLife
[2010.04.21 23:51:17 | 000,000,000 | RH-D | M] -- C:\Users\Pegasuz\AppData\Roaming\SecuROM
[2010.05.17 17:26:28 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Senosoft
[2012.04.04 22:36:27 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Skype
[2009.12.23 15:14:09 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\SoftDMA
[2010.03.20 18:37:20 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Thunderbird
[2011.04.01 17:48:08 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\TS3Client
[2010.05.09 17:08:07 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011.02.12 13:23:59 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Unity
[2012.02.07 23:43:45 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\uTorrent
[2012.01.14 19:06:57 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\VenusHostage
[2011.12.24 17:55:57 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Vista Start Menu
[2012.03.12 14:52:44 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\vlc
[2012.03.23 19:47:05 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\WindSolutions
[2009.12.23 15:14:10 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.02.08 00:11:20 | 007,509,008 | ---- | M] (Vivox, Inc.) -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\1VivoxVoice.exe
[2011.08.17 03:13:16 | 000,012,288 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\devicefingerprint.exe
[2011.08.17 03:13:16 | 000,158,208 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\devicefingerprint_old.exe
[2011.07.27 18:28:54 | 000,009,216 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\devicefingerprint_v94.exe
[2011.08.30 23:06:02 | 000,053,504 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\IMVUClient.exe
[2011.08.30 23:06:04 | 000,022,784 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
[2011.08.30 23:06:04 | 000,097,200 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\IMVUupdater.exe
[2011.07.30 01:55:56 | 000,009,728 | ---- | M] (Mozilla Corporation) -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\plugin-container.exe
[2011.09.26 15:17:50 | 000,077,973 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\Uninstall.exe
[2011.04.28 20:51:30 | 000,049,664 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\w9xpopen.exe
[2011.08.16 23:34:00 | 000,134,144 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\WriteMiniDump.exe
[2011.09.26 15:17:02 | 022,758,128 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\installer\SetupImvu_update.exe
[2011.06.12 12:16:53 | 000,010,134 | R--- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\Foren.exe
[2011.06.12 12:16:53 | 000,000,766 | R--- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\htmledit.exe
[2011.08.05 10:03:39 | 000,017,542 | R--- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Installer\{F343FA04-CFC0-487C-A617-A5E8CF4D7B10}\_640ECEF665E5906E76DC9D.exe
[2011.08.05 10:03:39 | 000,017,542 | R--- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Installer\{F343FA04-CFC0-487C-A617-A5E8CF4D7B10}\_96E62DE38A7F692104A23B.exe
[2011.01.31 03:01:42 | 087,340,080 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
[2009.06.04 13:51:24 | 001,413,256 | RH-- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows\Templates\F\USBAutoRun.exe
[2009.05.12 08:46:36 | 000,212,992 | RH-- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows\Templates\F\tools\LGSetCDROMAutoRun.exe
[2009.06.04 13:51:24 | 001,413,256 | RH-- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows\Templates\G\USBAutoRun.exe
[2009.05.12 08:46:36 | 000,212,992 | RH-- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows\Templates\G\tools\LGSetCDROMAutoRun.exe
[2012.02.21 20:22:05 | 037,411,800 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\AllShare\AllShare_2.1.0.12013_8.exe
[2011.05.24 19:30:10 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x86.exe
[2011.01.30 00:17:04 | 000,075,112 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\DriverChecker.exe
[2011.05.11 18:41:08 | 000,934,800 | ---- | M] (Samsung) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2011.05.11 18:41:12 | 000,278,928 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2011.01.30 00:17:10 | 000,040,312 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesMobileDeviceService.exe
[2011.05.11 18:41:10 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2011.01.30 00:17:12 | 000,207,696 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\lame.exe
[2011.01.30 00:17:18 | 000,195,416 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\oggenc.exe
[2011.04.27 07:19:58 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe
[2011.04.27 07:19:58 | 000,283,136 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe
[2011.04.27 07:19:58 | 000,659,456 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe
[2011.01.30 00:17:28 | 000,025,960 | ---- | M] (Teruten Inc) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\FsExService64.exe
[2011.01.30 00:17:32 | 000,222,568 | ---- | M] (Teruten) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\FsUsbExService.exe
[2011.01.30 00:17:36 | 000,142,696 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\FUSBCommander.exe
[2011.04.27 07:19:58 | 000,107,008 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\HSPConnection.exe
[2011.05.11 18:41:16 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2011.05.11 18:41:18 | 000,131,984 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2011.05.11 18:41:20 | 000,019,856 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2011.05.11 18:41:22 | 004,661,464 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2011.01.30 00:17:44 | 000,226,648 | ---- | M] (ENJsoft corp.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\TransModules\SelfMV.exe
[2011.01.30 00:17:48 | 000,066,904 | ---- | M] (ENJsoft corp.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\TransModules\SelfMV2.exe
[2011.01.30 00:17:52 | 000,079,192 | ---- | M] (ENJsoft corp.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\TransModules\TG_CAM.exe
[2011.05.02 16:31:28 | 020,636,968 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2011.06.24 08:54:50 | 000,358,800 | ---- | M] (ml) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\temp\Kies.Update.exe
[2011.08.01 05:32:24 | 000,362,384 | ---- | M] (ml) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
[2012.03.23 19:43:14 | 003,712,432 | ---- | M] (WindSolutions) -- C:\Users\Pegasuz\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
[2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_10aa509d6843c6fc\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.02.28 20:19:54 | 000,431,672 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
[2010.05.15 17:30:50 | 000,461,400 | ---- | M] (Check Point Software Technologies LTD) Unable to obtain MD5 -- C:\Windows\system32\drivers\vsdatant.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:364682BC

< End of report >

cosinus · 05.04.2012, 10:04

Zitat:

O1 - Hosts: 127.0.0.1 secure.disc-soft.com

Warum sperrst du secure.disc-soft.com auf dienem Rechner?

Zitat:

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

ZoneAlarm ist kontraproduktiver Müll, bitte umgehend deinstallieren und die Windows-Firewall einschalten!

Pegasuz · 05.04.2012, 16:46

Zitat:

Zitat von cosinus

Warum sperrst du secure.disc-soft.com auf dienem Rechner?

Gute Frage, kann mich nicht erinnern das selbst gesperrt zu haben.

Zitat:

ZoneAlarm ist kontraproduktiver Müll, bitte umgehend deinstallieren und die Windows-Firewall einschalten!

Was macht denn die Firewall so schlecht? Hab sie deinstalliert, allerdings gibt es Probleme mit der Windows Firewall.

cosinus · 05.04.2012, 18:11

Sowas wie ZA ist völlig unnötiger Ballast und hat nichts mit Sicherheit zu tun, du kannst das System besser mit der Windows-Firewall einrichten. Ok, man müsste sie bei dir wieder zum Laufen kriegen. Wenn du aber nur hinter einem (DSL-)Router bist bräuchtest du im Grunde nichtmal die Windows-Firewall.

Lies auch mal hier, ich denke dann sollte es etwas klarer werden:

Die Vertrauensbrecher c't Editorial über Internet Security Suites und warum sie idR nichts taugen
Oberthal online: Personal Firewalls: Sinnvoll oder sinnfrei?
personal firewalls ? Wiki ? ubuntuusers.de

Dann wirst Du feststellen, dass es einfach nur unnötig ist, sich das System mit einer weiteren "Schutzkomponente" zu verhunzen...

Malwarebefall vermeiden kannst Du sowieso nur, wenn Du selbst Dein verhalten in den Griff bekommst => Kompromittierung unvermeidbar?

Pegasuz · 05.04.2012, 19:57

ok, firewall läuft wieder. Der entsprechende Dienst war noch deaktiviert

Hab mir grad auch deine links durchgelesen, danke für die Informationen. Ich geh eigentlich immer über einen DSL-Router online und bin mit der Windows eigenen Firewall dann wohl gut versorgt.

Was hälst du von Avira als Virenscanner? Taugt das Programm etwas oder kannst du mir da eventuell noch nen Tipp geben?
Malwarebytes werde ich gleich installiert lassen, kann ja nich schaden.

Um zum Thema zurückzukommen, kann ich meinen Rechner wieder als sauber betrachten?

Danke für die Zeit die du dir nimmst und Frohe Ostern!

Hab Avira nochmal durchlaufen lassen

Code:

ATTFilter

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 5. April 2012  01:14

Es wird nach 3584129 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : Pegasuz
Computername   : PEGASUZ2

Versionsinformationen:
BUILD.DAT      : 12.0.0.898     41963 Bytes  31.01.2012 13:51:00
AVSCAN.EXE     : 12.1.0.20     492496 Bytes  16.02.2012 05:29:28
AVSCAN.DLL     : 12.1.0.18      65744 Bytes  16.02.2012 05:29:27
LUKE.DLL       : 12.1.0.19      68304 Bytes  16.02.2012 05:29:28
AVSCPLR.DLL    : 12.1.0.22     100048 Bytes  16.02.2012 05:29:28
AVREG.DLL      : 12.1.0.33     228104 Bytes  04.04.2012 21:13:52
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 00:26:46
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 21:27:16
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 22:39:39
VBASE005.VDF   : 7.11.26.45      2048 Bytes  28.03.2012 22:39:39
VBASE006.VDF   : 7.11.26.46      2048 Bytes  28.03.2012 22:39:39
VBASE007.VDF   : 7.11.26.47      2048 Bytes  28.03.2012 22:39:39
VBASE008.VDF   : 7.11.26.48      2048 Bytes  28.03.2012 22:39:39
VBASE009.VDF   : 7.11.26.49      2048 Bytes  28.03.2012 22:39:39
VBASE010.VDF   : 7.11.26.50      2048 Bytes  28.03.2012 22:39:39
VBASE011.VDF   : 7.11.26.51      2048 Bytes  28.03.2012 22:39:39
VBASE012.VDF   : 7.11.26.52      2048 Bytes  28.03.2012 22:39:39
VBASE013.VDF   : 7.11.26.53      2048 Bytes  28.03.2012 22:39:39
VBASE014.VDF   : 7.11.26.107   221696 Bytes  30.03.2012 04:23:58
VBASE015.VDF   : 7.11.26.179   224768 Bytes  02.04.2012 21:13:32
VBASE016.VDF   : 7.11.26.241   142336 Bytes  04.04.2012 21:13:33
VBASE017.VDF   : 7.11.26.242     2048 Bytes  04.04.2012 21:13:33
VBASE018.VDF   : 7.11.26.243     2048 Bytes  04.04.2012 21:13:33
VBASE019.VDF   : 7.11.26.244     2048 Bytes  04.04.2012 21:13:33
VBASE020.VDF   : 7.11.26.245     2048 Bytes  04.04.2012 21:13:33
VBASE021.VDF   : 7.11.26.246     2048 Bytes  04.04.2012 21:13:34
VBASE022.VDF   : 7.11.26.247     2048 Bytes  04.04.2012 21:13:34
VBASE023.VDF   : 7.11.26.248     2048 Bytes  04.04.2012 21:13:34
VBASE024.VDF   : 7.11.26.249     2048 Bytes  04.04.2012 21:13:34
VBASE025.VDF   : 7.11.26.250     2048 Bytes  04.04.2012 21:13:34
VBASE026.VDF   : 7.11.26.251     2048 Bytes  04.04.2012 21:13:34
VBASE027.VDF   : 7.11.26.252     2048 Bytes  04.04.2012 21:13:34
VBASE028.VDF   : 7.11.26.253     2048 Bytes  04.04.2012 21:13:34
VBASE029.VDF   : 7.11.26.254     2048 Bytes  04.04.2012 21:13:34
VBASE030.VDF   : 7.11.26.255     2048 Bytes  04.04.2012 21:13:34
VBASE031.VDF   : 7.11.27.14     14336 Bytes  04.04.2012 21:13:34
Engineversion  : 8.2.10.38 
AEVDF.DLL      : 8.1.2.2       106868 Bytes  09.12.2011 11:39:53
AESCRIPT.DLL   : 8.1.4.16      446842 Bytes  04.04.2012 21:13:51
AESCN.DLL      : 8.1.8.2       131444 Bytes  28.01.2012 15:37:31
AESBX.DLL      : 8.2.5.5       606579 Bytes  12.03.2012 14:54:30
AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 21:16:06
AEPACK.DLL     : 8.2.16.9      807287 Bytes  31.03.2012 04:24:03
AEOFFICE.DLL   : 8.1.2.27      201082 Bytes  04.04.2012 21:13:50
AEHEUR.DLL     : 8.1.4.12     4604278 Bytes  04.04.2012 21:13:49
AEHELP.DLL     : 8.1.19.1      254327 Bytes  04.04.2012 21:13:35
AEGEN.DLL      : 8.1.5.23      409973 Bytes  07.03.2012 21:05:41
AEEXP.DLL      : 8.1.0.28       82292 Bytes  04.04.2012 21:13:51
AEEMU.DLL      : 8.1.3.0       393589 Bytes  01.09.2011 21:46:01
AECORE.DLL     : 8.1.25.6      201078 Bytes  15.03.2012 17:39:22
AEBB.DLL       : 8.1.1.0        53618 Bytes  01.09.2011 21:46:01
AVWINLL.DLL    : 12.1.0.17      27344 Bytes  09.12.2011 11:39:57
AVPREF.DLL     : 12.1.0.17      51920 Bytes  09.12.2011 11:39:55
AVREP.DLL      : 12.1.0.17     179408 Bytes  09.12.2011 11:39:55
AVARKT.DLL     : 12.1.0.23     209360 Bytes  16.02.2012 05:29:27
AVEVTLOG.DLL   : 12.1.0.17     169168 Bytes  09.12.2011 11:39:54
SQLITE3.DLL    : 3.7.0.0       398288 Bytes  09.12.2011 11:40:07
AVSMTP.DLL     : 12.1.0.17      62928 Bytes  09.12.2011 11:39:56
NETNT.DLL      : 12.1.0.17      17104 Bytes  09.12.2011 11:40:03
RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  09.12.2011 11:40:18
RCTEXT.DLL     : 12.1.0.16      98512 Bytes  09.12.2011 11:40:19

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Donnerstag, 5. April 2012  01:14

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
  [HINWEIS]   Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'sbservice.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'AllShareDMS.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'RocketDock.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'eDSloader.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'eAudio.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'xaudio.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '177' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'MobilityService.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'FsUsbExService.Exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'brss01a.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETService.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'eDSService.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTProTS.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLHNService.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'brsvc01a.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '141' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1235' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <ACER>
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\6257154a-40364c28
  [0] Archivtyp: ZIP
  --> bax.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\4b39be8b-267b01df
  [0] Archivtyp: ZIP
  --> Photo.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6d76550c-4881728a
  [0] Archivtyp: ZIP
  --> cr.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.ET
  --> G.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.EU
  --> ua.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.EV
  --> ub.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.ES
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\78e2444c-59ce3de8
  [0] Archivtyp: ZIP
  --> Translate.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\30c08a91-77cb5d99
  [0] Archivtyp: ZIP
  --> Photo.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\67c69e11-7adf2233
  [0] Archivtyp: ZIP
  --> ta/tb.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.CZ
  --> ta/ta.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Loader.Gen
  --> ta/L.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\165f57c2-108daa08
  [0] Archivtyp: ZIP
  --> a/Test.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507
  --> a/Msgs.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Loader.Gen
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\728a1d82-4717ad02
  [0] Archivtyp: ZIP
  --> Market.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\193cd055-660da22e
  [0] Archivtyp: ZIP
  --> photo/Crop.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/2010-0840.Q
  --> photo/Zoom.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\1c7ed395-4141cfcb
  [0] Archivtyp: ZIP
  --> Applet.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-4452
  --> z.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.J
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\5bf70e57-1e4bd70b
  [0] Archivtyp: ZIP
  --> a/Test.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507
  --> a/Help.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Loader.Gen
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\78c10d1b-48081999
  [0] Archivtyp: ZIP
  --> Update.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\19928adf-22843fb4
  [0] Archivtyp: ZIP
  --> cc.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.DP.1
  --> Dot.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.DQ.1
  --> ll.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.DR.1
  --> lz.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.DS.1
  --> cd.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.DT.1
  --> cb.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.DU.1
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7679fe61-16288d62
  [0] Archivtyp: ZIP
  --> ta/ta.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Loader.Gen
  --> ta/L.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7135ddab-5f99353e
  [0] Archivtyp: ZIP
  --> Photo.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\6dfaef34-1d014d7b
  [0] Archivtyp: ZIP
  --> json/Search.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
  --> json/ThreadParser.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/Java.Blacole.H
  --> json/XSLT.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/Java.Blacole.P
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\280b3877-105c4176
  [0] Archivtyp: ZIP
  --> photo/MultiZoom.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/ClassLoader.AY
  --> photo/Zoom.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\66f3c038-6ed573db
  [FUND]      Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Sinowal.6553621
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\7517c83a-458a24d5
  [0] Archivtyp: ZIP
  --> v1.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.AG
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\7b781448-3747c428
  [0] Archivtyp: ZIP
  --> Inc.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0094.CA
  --> fa.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.BY
  --> fb.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
  --> t.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.CF
Beginne mit der Suche in 'D:\' <DATA>

Beginne mit der Desinfektion:
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\7b781448-3747c428
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.CF
  [WARNUNG]   Die Datei wurde ignoriert.
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\7517c83a-458a24d5
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.AG
  [WARNUNG]   Die Datei wurde ignoriert.
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\66f3c038-6ed573db
  [FUND]      Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Sinowal.6553621
  [WARNUNG]   Die Datei wurde ignoriert.
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\280b3877-105c4176
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
  [WARNUNG]   Die Datei wurde ignoriert.
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\6dfaef34-1d014d7b
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/Java.Blacole.P
  [WARNUNG]   Die Datei wurde ignoriert.
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7135ddab-5f99353e
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
  [WARNUNG]   Die Datei wurde ignoriert.
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7679fe61-16288d62
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507
  [WARNUNG]   Die Datei wurde ignoriert.
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\19928adf-22843fb4
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.DU.1
  [WARNUNG]   Die Datei wurde ignoriert.
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\78c10d1b-48081999
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
  [WARNUNG]   Die Datei wurde ignoriert.
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\5bf70e57-1e4bd70b
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-0507.D.1
  [WARNUNG]   Die Datei wurde ignoriert.
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\1c7ed395-4141cfcb
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.J
  [WARNUNG]   Die Datei wurde ignoriert.
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\193cd055-660da22e
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
  [WARNUNG]   Die Datei wurde ignoriert.
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\728a1d82-4717ad02
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544
  [WARNUNG]   Die Datei wurde ignoriert.
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\165f57c2-108daa08
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Loader.Gen
  [WARNUNG]   Die Datei wurde ignoriert.
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\67c69e11-7adf2233
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507
  [WARNUNG]   Die Datei wurde ignoriert.
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\30c08a91-77cb5d99
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
  [WARNUNG]   Die Datei wurde ignoriert.
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\78e2444c-59ce3de8
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
  [WARNUNG]   Die Datei wurde ignoriert.
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6d76550c-4881728a
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.ES
  [WARNUNG]   Die Datei wurde ignoriert.
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\4b39be8b-267b01df
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
  [WARNUNG]   Die Datei wurde ignoriert.
C:\Users\Pegasuz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\6257154a-40364c28
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544
  [WARNUNG]   Die Datei wurde ignoriert.


Ende des Suchlaufs: Donnerstag, 5. April 2012  02:24
Benötigte Zeit:  1:09:40 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  24424 Verzeichnisse wurden überprüft
 546480 Dateien wurden geprüft
     42 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 546438 Dateien ohne Befall
   3317 Archive wurden durchsucht
     20 Warnungen
      1 Hinweise
 808301 Objekte wurden beim Rootkitscan durchsucht
      1 Versteckte Objekte wurden gefunden

cosinus · 05.04.2012, 20:30

Also die Fragen will ich dir gern später beantworten, sonst unterbricht man immer die Analyse.
Du hast jetzt SauAlarm deinstalliert? Wenn ja

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Pegasuz · 05.04.2012, 23:38

Jepp ZoneAlarm ist weg und die Windows Firewall wieder aktiv.

Hier das OTL Log:

Code:

ATTFilter

OTL logfile created on: 05.04.2012 22:37:48 - Run 3
OTL by OldTimer - Version 3.2.39.2     Folder = D:\New Folder\Incoming
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 54,41% Memory free
5,99 Gb Paging File | 4,40 Gb Available in Paging File | 73,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,16 Gb Total Space | 24,21 Gb Free Space | 17,03% Space Free | Partition Type: NTFS
Drive D: | 142,18 Gb Total Space | 113,58 Gb Free Space | 79,88% Space Free | Partition Type: NTFS
Drive E: | 5,13 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: PEGASUZ2 | User Name: Pegasuz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\New Folder\Incoming\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Secure Banking\v1.4\SecureBanking.exe (Secure Banking)
PRC - C:\Programme\Secure Banking\v1.4\sbservice.exe ()
PRC - C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\VideoLAN\VLC\vlc.exe ()
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Acer\Mobility Center\MobilityService.exe (Acer Incorporated)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated)
PRC - C:\Programme\RocketDock\RocketDock.exe ()
PRC - C:\Programme\DTProTS\DTProTS.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\80aba431ed15e3d3cd88e0a6ebd7f749\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b8f323bbcb35543dd68e9dbdd1abe69b\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\389da1e0e62a532f956f05709447e8aa\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\6b80af748bbb01fead3aefa778d2a30a\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\ae40bbaf5a559e09ab86abb4a0e3b82a\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\32f4b9aa5accef0f0b9634f612045b69\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\b09b3c662a1d39ed782f8c54c62a4067\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\da0fc8ce9b2fb592b7d8065481ef5d42\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\26430b84dfd15f788b0e39dce71ef5d1\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\fe6b346d83857a3f02bda63332e66642\mscorlib.ni.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Secure Banking\v1.4\SecureBanking.dll ()
MOD - C:\Users\Pegasuz\AppData\Roaming\Mozilla\Firefox\Profiles\2xmvettj.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll ()
MOD - C:\Programme\Secure Banking\v1.4\funcs.dll ()
MOD - C:\Programme\Secure Banking\v1.4\sbservice.exe ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libzvbi_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libskins2_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libvorbis_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libtaglib_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libxml_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libtheora_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libswscale_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libspeex_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libzip_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libwaveout_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libyuy2_i420_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libvout_wrapper_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libspudec_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libyuy2_i422_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libsvcdsub_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libtrivial_channel_mixer_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libyuvp_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libqt4_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libschroedinger_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libsdl_image_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libscaletempo_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\librawvideo_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libscale_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libpng_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libplaylist_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libpacketizer_vc1_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libpacketizer_mpegvideo_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libmono_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\liblibass_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libfreetype_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\liblua_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libfaad_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libflac_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libfluidsynth_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\liblibmpeg2_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libi420_rgb_sse2_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libi420_rgb_mmx_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libi420_rgb_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libi420_yuy2_sse2_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libhotkeys_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libi422_yuy2_sse2_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libi420_yuy2_mmx_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libfilesystem_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libi420_yuy2_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libi422_yuy2_mmx_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libfake_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libi422_yuy2_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\liblpcm_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libinvmem_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libi422_i420_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libgrey_yuv_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libavcodec_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libdvdnav_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libdshow_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libdvbsub_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libdirectx_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libdirect3d_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libblend_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libbandlimited_resampler_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libaraw_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libaudio_format_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libdts_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libcvdsub_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libcdg_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libdrawable_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\libvlccore.dll ()
MOD - C:\Programme\VideoLAN\VLC\vlc.exe ()
MOD - C:\Programme\VideoLAN\VLC\libvlc.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libaout_directx_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libadpcm_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\liba52_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\libaes3_plugin.dll ()
MOD - C:\Programme\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll ()
MOD - C:\Programme\WinRAR\rarext.dll ()
MOD - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll ()
MOD - C:\Programme\RocketDock\RocketDock.exe ()
MOD - C:\Programme\RocketDock\RocketDock.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SamsungAllShareV2.0) -- C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
SRV - (SimpleSlideShowServer) -- C:\Programme\Samsung\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (odserv) -- C:\Programme\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe (Acer Incorporated)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (eDataSecurity Service) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (ose) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (DTProTS) -- C:\Programme\DTProTS\DTProTS.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva391) -- C:\Windows\system32\XDva391.sys File not found
DRV - (VMnetAdapter) -- system32\DRIVERS\vmnetadapter.sys File not found
DRV - (USBModem) -- system32\DRIVERS\lgusbmodem.sys File not found
DRV - (UsbDiag) -- system32\DRIVERS\lgusbdiag.sys File not found
DRV - (usbbus) -- system32\DRIVERS\lgusbbus.sys File not found
DRV - (RSUSBSTOR) -- System32\Drivers\RtsUStor.sys File not found
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- system32\drivers\RTKVHDA.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (dgderdrv) -- System32\drivers\dgderdrv.sys File not found
DRV - (cmnsusbser) -- system32\DRIVERS\cmnsusbser.sys File not found
DRV - (atqxz1ce) --  File not found
DRV - (avipbb) -- C:\Windows\System32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\Windows\System32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\DRIVERS\avkmgr.sys (Avira GmbH)
DRV - (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\System32\DRIVERS\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\System32\DRIVERS\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\tsusbflt.sys (Microsoft Corporation)
DRV - (RMCAST) -- C:\Windows\System32\DRIVERS\RMCAST.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\DRIVERS\WinUsb.sys (Microsoft Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.SYS ()
DRV - (ssmdrv) -- C:\Windows\System32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (sscemdm) -- C:\Windows\System32\DRIVERS\sscemdm.sys (MCCI Corporation)
DRV - (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) -- C:\Windows\System32\DRIVERS\ssceserd.sys (MCCI Corporation)
DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\DRIVERS\sscebus.sys (MCCI Corporation)
DRV - (sscemdfl) -- C:\Windows\System32\DRIVERS\sscemdfl.sys (MCCI Corporation)
DRV - (ss_bmdm) -- C:\Windows\System32\DRIVERS\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\DRIVERS\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\DRIVERS\ss_bmdfl.sys (MCCI Corporation)
DRV - (atikmdag) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\DRIVERS\NETw5s32.sys (Intel Corporation)
DRV - (hidshim) -- C:\Windows\System32\DRIVERS\hidshim.sys (Windows (R) Win 7 DDK provider)
DRV - (nuvotonhidgeneric) -- C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys (Nuvoton Technology Corporation)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\DRIVERS\netw5v32.sys (Intel Corporation)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (XAudio) -- C:\Windows\System32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)
DRV - (AVMUNET) -- C:\Windows\System32\DRIVERS\avmunet.sys (AVM GmbH)
DRV - (AFPAnsi) -- C:\Windows\System32\Drivers\AFPAnsi.sys (Alfa Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_8730
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_8730
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_8730
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1;127.0.0.1
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.12startseite.de/index.php"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Pegasuz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.19 23:06:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.02.24 09:22:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pegasuz\AppData\Roaming\mozilla\Extensions
[2010.05.30 14:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pegasuz\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.13 18:40:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pegasuz\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2012.04.04 22:51:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pegasuz\AppData\Roaming\mozilla\Firefox\Profiles\2xmvettj.default\extensions
[2012.04.04 22:51:35 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Pegasuz\AppData\Roaming\mozilla\Firefox\Profiles\2xmvettj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.03.22 08:51:43 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Pegasuz\AppData\Roaming\mozilla\Firefox\Profiles\2xmvettj.default\extensions\support@lastpass.com
[2012.04.04 22:51:44 | 000,002,112 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Mozilla\Firefox\Profiles\2xmvettj.default\searchplugins\wot-safe-search.xml
[2012.04.05 20:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\mozilla firefox\extensions
[2012.04.05 20:17:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\PEGASUZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2XMVETTJ.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\PEGASUZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2XMVETTJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.03.19 23:06:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2000.01.01 01:00:00 | 000,000,794 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 secure.disc-soft.com 
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [AllShareAgent] C:\Programme\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CheckPoint Cleanup] C:\Users\Pegasuz\AppData\Local\Temp\cpes_clean_launcher.exe ()
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000..\Run: [SecureBanking] C:\Programme\Secure Banking\v1.4\SecureBanking.exe (Secure Banking)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\MICROS~4\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-3659569405-2327324472-3049137322-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C5F150D-4CA5-4E28-A2A7-3BC269E2EFAD}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A96DDCA-6073-439C-BDCE-DC4BF86E933D}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{02fd1b56-584d-11df-a5f4-001f16be9587}\Shell - "" = AutoRun
O33 - MountPoints2\{02fd1b56-584d-11df-a5f4-001f16be9587}\Shell\AutoRun\command - "" = J:\preinst.exe
O33 - MountPoints2\{12f03283-0571-11e1-9179-001f16be9587}\Shell - "" = AutoRun
O33 - MountPoints2\{12f03283-0571-11e1-9179-001f16be9587}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{12f0328d-0571-11e1-9179-001f16be9587}\Shell - "" = AutoRun
O33 - MountPoints2\{12f0328d-0571-11e1-9179-001f16be9587}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{12f03298-0571-11e1-9179-001f16be9587}\Shell - "" = AutoRun
O33 - MountPoints2\{12f03298-0571-11e1-9179-001f16be9587}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{37dd83cc-57f5-11df-a13d-001f16be9587}\Shell - "" = AutoRun
O33 - MountPoints2\{37dd83cc-57f5-11df-a13d-001f16be9587}\Shell\AutoRun\command - "" = I:\preinst.exe
O33 - MountPoints2\{614d254d-8f85-11df-804a-001e657ece4c}\Shell - "" = AutoRun
O33 - MountPoints2\{614d254d-8f85-11df-804a-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{63b23e4d-8267-11df-8c5f-001e657ece4c}\Shell - "" = AutoRun
O33 - MountPoints2\{63b23e4d-8267-11df-8c5f-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{63b23e55-8267-11df-8c5f-001e657ece4c}\Shell - "" = AutoRun
O33 - MountPoints2\{63b23e55-8267-11df-8c5f-001e657ece4c}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{7e4a52cd-8752-11df-b642-001e657ece4c}\Shell - "" = AutoRun
O33 - MountPoints2\{7e4a52cd-8752-11df-b642-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8ac17976-b854-11de-88c9-001e657ece4c}\Shell - "" = AutoRun
O33 - MountPoints2\{8ac17976-b854-11de-88c9-001e657ece4c}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{8b58dfcd-97ee-11df-a5ae-001e657ece4c}\Shell - "" = AutoRun
O33 - MountPoints2\{8b58dfcd-97ee-11df-a5ae-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8b58dfd0-97ee-11df-a5ae-001e657ece4c}\Shell - "" = AutoRun
O33 - MountPoints2\{8b58dfd0-97ee-11df-a5ae-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a54171c8-022d-11e0-aed3-001f16be9587}\Shell - "" = AutoRun
O33 - MountPoints2\{a54171c8-022d-11e0-aed3-001f16be9587}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{ab371969-d057-11de-9019-001f16be9587}\Shell - "" = AutoRun
O33 - MountPoints2\{ab371969-d057-11de-9019-001f16be9587}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe
O33 - MountPoints2\{ac721ece-8442-11df-800a-001e657ece4c}\Shell - "" = AutoRun
O33 - MountPoints2\{ac721ece-8442-11df-800a-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ac721ed0-8442-11df-800a-001e657ece4c}\Shell - "" = AutoRun
O33 - MountPoints2\{ac721ed0-8442-11df-800a-001e657ece4c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ca98c62e-4a6e-11df-8aa0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ca98c62e-4a6e-11df-8aa0-806e6f6e6963}\Shell\AutoRun\command - "" = H:\SETUP95.EXE
O33 - MountPoints2\{e57b67c4-b1db-11df-9e23-001f16be9587}\Shell - "" = AutoRun
O33 - MountPoints2\{e57b67c4-b1db-11df-9e23-001f16be9587}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e57b67c7-b1db-11df-9e23-001f16be9587}\Shell - "" = AutoRun
O33 - MountPoints2\{e57b67c7-b1db-11df-9e23-001f16be9587}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Pegasuz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.713674863367620167f76.exe.lnk -  - File not found
MsConfig - StartUpFolder: C:^Users^Pegasuz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.lnk - C:\Users\Pegasuz\AppData\Local\vghd\bin\vghd.exe - (Totem Entertainment)
MsConfig - StartUpFolder: C:^Users^Pegasuz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Akamai NetSession Interface - hkey= - key= -  File not found
MsConfig - StartUpReg: AllShareAgent - hkey= - key= - C:\Programme\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: APSDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
MsConfig - StartUpReg: Google Update - hkey= - key= -  File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig - StartUpReg: KiesPDLR - hkey= - key= - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: vsmon - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.VSPX - C:\Windows\System32\vspxvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.05 17:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ZA_PreservedFiles
[2012.04.05 00:00:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.04.04 22:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.04.04 22:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\Skype
[2012.04.04 22:24:02 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Pegasuz\Desktop\aswMBR.exe
[2012.04.04 21:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\Secure Banking
[2012.04.02 00:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.31 06:30:48 | 000,000,000 | ---D | C] -- C:\Users\Pegasuz\AppData\Roaming\Malwarebytes
[2012.03.31 06:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.31 06:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.31 06:30:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.31 06:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.23 19:43:11 | 000,000,000 | ---D | C] -- C:\Users\Pegasuz\AppData\Roaming\WindSolutions
[2012.03.23 19:43:11 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2012.03.12 14:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\ShadowBladeTN3ENG
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.05 21:14:06 | 000,016,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.05 21:14:06 | 000,016,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.05 17:34:57 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.05 17:34:57 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.05 17:34:57 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.05 17:34:57 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.05 17:30:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.05 17:22:04 | 000,066,537 | ---- | M] () -- C:\Users\Pegasuz\Desktop\Rechnung März.pdf
[2012.04.05 16:24:24 | 000,000,502 | ---- | M] () -- C:\Windows\wiso.ini
[2012.04.05 16:23:10 | 000,034,680 | ---- | M] () -- C:\Users\Pegasuz\Desktop\Stunden März.pdf
[2012.04.04 22:51:21 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.04 22:36:30 | 000,000,536 | ---- | M] () -- C:\Windows\tasks\{BA37C855-184C-4BDB-95D3-9588C533021B}.job
[2012.04.04 22:23:50 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Pegasuz\Desktop\aswMBR.exe
[2012.03.23 18:38:59 | 000,378,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.05 17:22:03 | 000,066,537 | ---- | C] () -- C:\Users\Pegasuz\Desktop\Rechnung März.pdf
[2012.04.05 16:23:10 | 000,034,680 | ---- | C] () -- C:\Users\Pegasuz\Desktop\Stunden März.pdf
[2012.04.04 22:51:21 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.04 22:36:30 | 000,000,536 | ---- | C] () -- C:\Windows\tasks\{BA37C855-184C-4BDB-95D3-9588C533021B}.job
[2011.09.12 16:10:00 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2011.09.12 16:09:59 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.09.12 16:09:59 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.06.07 16:52:29 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.20 19:31:20 | 000,000,502 | ---- | C] () -- C:\Windows\wiso.ini
[2011.01.29 18:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.09.19 18:04:35 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat
[2010.07.11 17:32:52 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.07.11 17:32:52 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.05.25 01:00:30 | 000,007,601 | ---- | C] () -- C:\Users\Pegasuz\AppData\Local\Resmon.ResmonCfg
[2010.05.21 21:34:06 | 000,002,023 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.05.16 14:23:44 | 000,019,456 | ---- | C] () -- C:\Users\Pegasuz\AppData\Local\WebpageIcons.db
[2010.05.07 15:37:21 | 000,065,536 | ---- | C] () -- C:\Windows\TADSUINS.EXE
 
========== LOP Check ==========
 
[2009.10.19 11:21:58 | 000,000,000 | -HSD | M] -- C:\Users\Pegasuz\AppData\Roaming\.#
[2009.12.23 15:14:00 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Acer GameZone Console
[2011.03.20 19:31:29 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Buhl Data Service
[2009.12.27 06:31:00 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\CheckPoint
[2011.11.29 15:12:13 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\DAEMON Tools Pro
[2011.11.14 08:18:09 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\IMVU
[2011.09.26 15:17:43 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient
[2009.12.23 15:14:01 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\LG Electronics
[2012.01.13 08:46:08 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\LolClient
[2012.01.24 09:25:32 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Metaversum
[2011.06.08 20:57:56 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\PopCapv1003
[2009.12.23 15:14:09 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\PowerCinema
[2012.02.22 16:41:54 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\QuickScan
[2011.07.21 20:29:33 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\RenPy
[2010.05.21 14:02:58 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\SAD
[2011.12.16 22:50:15 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Samsung
[2011.10.14 14:42:23 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\SecondLife
[2010.05.17 17:26:28 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Senosoft
[2009.12.23 15:14:09 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\SoftDMA
[2010.03.20 18:37:20 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Thunderbird
[2011.04.01 17:48:08 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\TS3Client
[2010.05.09 17:08:07 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011.02.12 13:23:59 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Unity
[2012.02.07 23:43:45 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\uTorrent
[2012.01.14 19:06:57 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\VenusHostage
[2011.12.24 17:55:57 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Vista Start Menu
[2012.03.23 19:47:05 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\WindSolutions
[2009.07.14 06:53:46 | 000,030,112 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.01.13 10:52:50 | 000,000,186 | ---- | M] () -- C:\Windows\Tasks\{2547A0A8-7423-4C11-8E25-12E177C73BCC}.job
[2012.04.04 22:36:30 | 000,000,536 | ---- | M] () -- C:\Windows\Tasks\{BA37C855-184C-4BDB-95D3-9588C533021B}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.10.19 11:21:58 | 000,000,000 | -HSD | M] -- C:\Users\Pegasuz\AppData\Roaming\.#
[2009.12.23 15:14:00 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Acer GameZone Console
[2011.04.01 17:36:22 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Adobe
[2012.01.02 06:07:18 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Apple Computer
[2010.05.24 22:45:30 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\ATI
[2011.12.18 19:23:41 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Avira
[2011.03.20 19:31:29 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Buhl Data Service
[2009.12.27 06:31:00 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\CheckPoint
[2010.04.04 13:11:30 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\CyberLink
[2011.11.29 15:12:13 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\DAEMON Tools Pro
[2011.10.19 23:04:48 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\dvdcss
[2009.12.23 15:14:01 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Identities
[2011.11.14 08:18:09 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\IMVU
[2011.09.26 15:17:43 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient
[2011.09.12 16:07:32 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\InstallShield
[2009.12.23 15:14:01 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\LG Electronics
[2012.01.13 08:46:08 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\LolClient
[2009.12.23 15:14:02 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Macromedia
[2012.03.31 06:30:48 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Media Center Programs
[2011.11.29 15:12:11 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Media Player Classic
[2012.01.24 09:25:32 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Metaversum
[2011.08.05 08:28:34 | 000,000,000 | --SD | M] -- C:\Users\Pegasuz\AppData\Roaming\Microsoft
[2012.02.24 09:23:50 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Mozilla
[2011.06.08 20:57:56 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\PopCapv1003
[2009.12.23 15:14:09 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\PowerCinema
[2012.02.22 16:41:54 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\QuickScan
[2011.07.21 20:29:33 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\RenPy
[2010.05.21 14:02:58 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\SAD
[2011.12.16 22:50:15 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Samsung
[2011.10.14 14:42:23 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\SecondLife
[2010.04.21 23:51:17 | 000,000,000 | RH-D | M] -- C:\Users\Pegasuz\AppData\Roaming\SecuROM
[2010.05.17 17:26:28 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Senosoft
[2012.04.04 22:36:27 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Skype
[2009.12.23 15:14:09 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\SoftDMA
[2010.03.20 18:37:20 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\Thunderbird
[2011.04.01 17:48:08 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\TS3Client
[2010.05.09 17:08:07 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011.02.12 13:23:59 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Unity
[2012.02.07 23:43:45 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\uTorrent
[2012.01.14 19:06:57 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\VenusHostage
[2011.12.24 17:55:57 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\Vista Start Menu
[2012.03.12 14:52:44 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\vlc
[2012.03.23 19:47:05 | 000,000,000 | ---D | M] -- C:\Users\Pegasuz\AppData\Roaming\WindSolutions
[2009.12.23 15:14:10 | 000,000,000 | -H-D | M] -- C:\Users\Pegasuz\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.02.08 00:11:20 | 007,509,008 | ---- | M] (Vivox, Inc.) -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\1VivoxVoice.exe
[2011.08.17 03:13:16 | 000,012,288 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\devicefingerprint.exe
[2011.08.17 03:13:16 | 000,158,208 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\devicefingerprint_old.exe
[2011.07.27 18:28:54 | 000,009,216 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\devicefingerprint_v94.exe
[2011.08.30 23:06:02 | 000,053,504 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\IMVUClient.exe
[2011.08.30 23:06:04 | 000,022,784 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
[2011.08.30 23:06:04 | 000,097,200 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\IMVUupdater.exe
[2011.07.30 01:55:56 | 000,009,728 | ---- | M] (Mozilla Corporation) -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\plugin-container.exe
[2011.09.26 15:17:50 | 000,077,973 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\Uninstall.exe
[2011.04.28 20:51:30 | 000,049,664 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\w9xpopen.exe
[2011.08.16 23:34:00 | 000,134,144 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\WriteMiniDump.exe
[2011.09.26 15:17:02 | 022,758,128 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\IMVUClient\installer\SetupImvu_update.exe
[2011.06.12 12:16:53 | 000,010,134 | R--- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\Foren.exe
[2011.06.12 12:16:53 | 000,000,766 | R--- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\htmledit.exe
[2011.08.05 10:03:39 | 000,017,542 | R--- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Installer\{F343FA04-CFC0-487C-A617-A5E8CF4D7B10}\_640ECEF665E5906E76DC9D.exe
[2011.08.05 10:03:39 | 000,017,542 | R--- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Installer\{F343FA04-CFC0-487C-A617-A5E8CF4D7B10}\_96E62DE38A7F692104A23B.exe
[2011.01.31 03:01:42 | 087,340,080 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
[2009.06.04 13:51:24 | 001,413,256 | RH-- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows\Templates\F\USBAutoRun.exe
[2009.05.12 08:46:36 | 000,212,992 | RH-- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows\Templates\F\tools\LGSetCDROMAutoRun.exe
[2009.06.04 13:51:24 | 001,413,256 | RH-- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows\Templates\G\USBAutoRun.exe
[2009.05.12 08:46:36 | 000,212,992 | RH-- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Microsoft\Windows\Templates\G\tools\LGSetCDROMAutoRun.exe
[2012.02.21 20:22:05 | 037,411,800 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\AllShare\AllShare_2.1.0.12013_8.exe
[2011.05.24 19:30:10 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x86.exe
[2011.01.30 00:17:04 | 000,075,112 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\DriverChecker.exe
[2011.05.11 18:41:08 | 000,934,800 | ---- | M] (Samsung) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2011.05.11 18:41:12 | 000,278,928 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2011.01.30 00:17:10 | 000,040,312 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesMobileDeviceService.exe
[2011.05.11 18:41:10 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2011.01.30 00:17:12 | 000,207,696 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\lame.exe
[2011.01.30 00:17:18 | 000,195,416 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\oggenc.exe
[2011.04.27 07:19:58 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe
[2011.04.27 07:19:58 | 000,283,136 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe
[2011.04.27 07:19:58 | 000,659,456 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe
[2011.01.30 00:17:28 | 000,025,960 | ---- | M] (Teruten Inc) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\FsExService64.exe
[2011.01.30 00:17:32 | 000,222,568 | ---- | M] (Teruten) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\FsUsbExService.exe
[2011.01.30 00:17:36 | 000,142,696 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\FUSBCommander.exe
[2011.04.27 07:19:58 | 000,107,008 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\HSPConnection.exe
[2011.05.11 18:41:16 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2011.05.11 18:41:18 | 000,131,984 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2011.05.11 18:41:20 | 000,019,856 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2011.05.11 18:41:22 | 004,661,464 | ---- | M] () -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2011.01.30 00:17:44 | 000,226,648 | ---- | M] (ENJsoft corp.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\TransModules\SelfMV.exe
[2011.01.30 00:17:48 | 000,066,904 | ---- | M] (ENJsoft corp.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\TransModules\SelfMV2.exe
[2011.01.30 00:17:52 | 000,079,192 | ---- | M] (ENJsoft corp.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\TransModules\TG_CAM.exe
[2011.05.02 16:31:28 | 020,636,968 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2011.06.24 08:54:50 | 000,358,800 | ---- | M] (ml) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\temp\Kies.Update.exe
[2011.08.01 05:32:24 | 000,362,384 | ---- | M] (ml) -- C:\Users\Pegasuz\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
[2012.03.23 19:43:14 | 003,712,432 | ---- | M] (WindSolutions) -- C:\Users\Pegasuz\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
[2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_10aa509d6843c6fc\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.02.28 20:19:54 | 000,431,672 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:364682BC

< End of report >

04.04.2012, 22:48	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	100€ Virus (mor.exe) Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus wieder uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ --> 100€ Virus (mor.exe)

100€ Virus (mor.exe)

Plagegeister aller Art und deren Bekämpfung: 100€ Virus (mor.exe)

100€ Virus (mor.exe)

100€ Virus (mor.exe)

100€ Virus (mor.exe)

100€ Virus (mor.exe)

100€ Virus (mor.exe)

100€ Virus (mor.exe)

100€ Virus (mor.exe)

100€ Virus (mor.exe)

100€ Virus (mor.exe)

100€ Virus (mor.exe)

100€ Virus (mor.exe)

100€ Virus (mor.exe)

100€ Virus (mor.exe)

100€ Virus (mor.exe)

100€ Virus (mor.exe)

Ähnliche Themen: 100€ Virus (mor.exe)

30.03.2012, 01:19	#1
Pegasuz	100€ Virus (mor.exe) Hallo, habe mir die bereits öfter erwähnte mor.exe eingefangen, welche sich nur durch rechnerneustart schließen lies. Die datei selber im temp ordner ließ sich problemlos löschen, bin aber eben nicht sicher ob wirklich schon alles entfernt ist. Danke für eure Hilfe

04.04.2012, 22:54	#7
Pegasuz	100€ Virus (mor.exe) hi, 1. Ja Windows läßt sich normal starten 2. Im Startmenü ist auch alles ok 3. Was mir aufgefallen ist, der "AppData" Ordner unter meinem Benutzernamen war versteckt, ließ sich aber durch ändern der Ordneroptionen wieder sichtbar machen. (habe normaleweise nie ordner versteckt/unsichtbar) MfG