Panda Cloud AntiVirus PRo findet zwei Exploit CVE-2011-3544 Trojaner

Dwarf36 · 14.05.2012, 10:07

Guten Morgen liebes Trojaner-Board-Team,

am Freitag abend hat mein Anitvirenprogramm Panda Cloud Pro bei einem Komplett-scan offensichtlich zwei Exploit-Trojaner CVE-2011-3544 gefunden.

Ich bin nun nicht ganz sicher, wie schädlich diese Trojaner nun wirklich sind bzw. ob es vielleicht ein Fehlalarm war.

Hier die Panda-Meldung:

Trojaner erkannt Exploit/CVE-2011-3544 11.05.2012 21:34:53 Gelöscht
Speicherort: C:\Documents and Settings\Admin\Local Settings\Temp\jar_cache83257024404009451.tmp

Trojaner erkannt Exploit/CVE-2011-3544 11.05.2012 21:34:53 Gelöscht
Speicherort: C:\Documents and Settings\Admin\Local Settings\Temp\jar_cache7245202067117167114.tmp

Nachdem ich dann einen MbAM bzw ESET Komplettscan gemacht habe, erhielt ich folgenden log:

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.12.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Admin :: XXX-02 [Administrator]

12.05.2012 10:03:31
mbam-log-2012-05-12 (10-03-31).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 348978
Laufzeit: 1 Stunde(n), 44 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\System Volume Information\_restore{91F269A0-A726-47C4-96C4-2E139E1AEA1C}\RP944\A0163335.rbf (PUP.Dealio.TB) -> Keine Aktion durchgeführt.

(Ende)

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

ESET

C:\Documents and Settings\Admin\Local Settings\Temp\_ir_sf_temp_0\flvinstaller.exe Win32/DownloadAdmin.A.Gen application

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Danach habe ich einen OTL-log erstellt:

OTL logfile created on: 12.05.2012 16:02:41 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 74,56% Memory free
4,84 Gb Paging File | 4,23 Gb Available in Paging File | 87,42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 161,81 Gb Free Space | 69,48% Space Free | Partition Type: NTFS
Drive D: | 6,74 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: xxx-02 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Documents and Settings\Admin\Application Data\T-Mobile Internet Manager\ouc.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Documents and Settings\Admin\Local Settings\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
PRC - C:\WINDOWS\PLFSetI.exe ()
PRC - C:\Program Files\Common Files\Marmiko Shared\MZCCntrl.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
PRC - C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\PLFSetI.exe ()
MOD - C:\Program Files\Panda Security\Panda Cloud Antivirus\MiniCrypto.dll ()
MOD - C:\Program Files\Panda Security\Panda Cloud Antivirus\APIcr.dll ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater10.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NanoServiceMain) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (Kaspersky Lab)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AgereModemAudio) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
SRV - (MZCCntrl) -- C:\Program Files\Common Files\Marmiko Shared\MZCCntrl.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mbr) -- C:\DOCUME~1\Admin\LOCALS~1\Temp\mbr.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (kxddqpow) -- C:\DOCUME~1\Admin\LOCALS~1\Temp\kxddqpow.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (PSINAflt) -- C:\WINDOWS\system32\drivers\PSINAflt.sys (Panda Security, S.L.)
DRV - (PSINProt) -- C:\WINDOWS\system32\drivers\PSINProt.sys (Panda Security, S.L.)
DRV - (PSINKNC) -- C:\WINDOWS\system32\drivers\PSINKNC.sys (Panda Security, S.L.)
DRV - (PSINProc) -- C:\WINDOWS\system32\drivers\PSINProc.sys (Panda Security, S.L.)
DRV - (PSINFile) -- C:\WINDOWS\system32\drivers\PSINFile.sys (Panda Security, S.L.)
DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (NETwLx32) Intel(R) -- C:\WINDOWS\system32\drivers\NETwLx32.sys (Intel Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (klif) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (filtertdidriver) -- C:\WINDOWS\system32\drivers\ewfiltertdidriver.sys (Huawei Technologies Co., Ltd.)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (hwusbfake) -- C:\WINDOWS\system32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (BMLoad) -- C:\WINDOWS\system32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (tcpipBM) -- C:\WINDOWS\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (JMCR) -- C:\WINDOWS\system32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (itecir) -- C:\WINDOWS\system32\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (MACNDIS5) -- C:\Program Files\Common Files\Marmiko Shared\MAcNdis5.sys (Marmiko IT-Solutions GmbH)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (jatmlano) -- C:\Documents and Settings\klst\Local Settings\Temp\jatmlano.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {D2BA9B10-C970-4068-A295-B849275C5E9F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" =
IE - HKCU\..\SearchScopes\{4EE3A5CE-E0B5-4D61-8F8E-9F661FB98BDB}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{D2BA9B10-C970-4068-A295-B849275C5E9F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{D5E322B5-5DCE-4DEC-931A-F5A6CFEAEF25}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{F571603B-B18B-446D-908D-6D938175A474}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Admin\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.08.22 19:20:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.03 09:40:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\widgetruntime@surfsecret.com: C:\Program Files\Panda Security\Panda ID Protect\Firefox [2011.02.21 09:28:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012.04.30 18:56:17 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (no name) - {F4D76F01-7896-458a-890F-E1F05C46069F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-8087-36EE87E26986} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe ()
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [1und1Dispatcher] C:\Program Files\1und1Softwareaktualisierung\SchedDispatcher.exe (1&1 Mail & Media GmbH)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download with mvc-ipad-software-suite-pro - C:\Program Files\mediAvatar\iPad Software Suite Pro\upod_link.HTM File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} hxxp://versionone/projectserver/objects/pjclient.cab (PjAdoInfo3 Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} hxxp://versionone/projectserver/objects/1033/pjcintl.cab (Pj11enuC Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAC90F98-68D5-46BE-9D0C-4D977498C6BB}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.11 15:58:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{61de39e2-dbf0-11de-a034-001de0d68661}\Shell - "" = AutoRun
O33 - MountPoints2\{61de39e2-dbf0-11de-a034-001de0d68661}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{61de39e2-dbf0-11de-a034-001de0d68661}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8ff2bbce-db86-11de-a032-001de0d68661}\Shell - "" = AutoRun
O33 - MountPoints2\{8ff2bbce-db86-11de-a032-001de0d68661}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8ff2bbce-db86-11de-a032-001de0d68661}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8ff2bcf0-db86-11de-a032-001de0d68661}\Shell - "" = AutoRun
O33 - MountPoints2\{8ff2bcf0-db86-11de-a032-001de0d68661}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8ff2bcf0-db86-11de-a032-001de0d68661}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a8336df5-db7d-11de-a030-001de0d68661}\Shell - "" = AutoRun
O33 - MountPoints2\{a8336df5-db7d-11de-a030-001de0d68661}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a8336df5-db7d-11de-a030-001de0d68661}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a83375da-db7d-11de-a030-001de0d68661}\Shell - "" = AutoRun
O33 - MountPoints2\{a83375da-db7d-11de-a030-001de0d68661}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a83375da-db7d-11de-a030-001de0d68661}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.05.12 16:00:55 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2012.05.12 13:37:47 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin\Desktop\dds.com
[2012.05.12 13:16:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2012.05.12 13:05:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012.05.12 13:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.11 23:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.11 22:52:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\Administrative Tools
[2012.05.08 12:23:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012.05.05 10:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Search Settings
[2012.05.05 10:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.05.05 10:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.05.05 10:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2012.04.30 18:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Miro
[2012.04.30 18:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Participatory Culture Foundation
[2012.04.30 18:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\Participatory Culture Foundation
[2012.04.30 18:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\AVG Secure Search
[2012.04.30 18:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012.04.30 18:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012.04.30 18:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012.04.30 18:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\mediAvatar
[2012.04.30 18:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\mediAvatar
[2012.04.18 13:02:35 | 000,000,000 | ---D | C] -- C:\temp
[2011.12.06 16:12:30 | 000,050,176 | ---- | C] (Gunnar Blumert Softwareentwicklung) -- C:\Program Files\WinRail 7.0WR3D.enu
[2011.01.16 13:34:48 | 070,984,344 | ---- | C] (Macrovision Corporation) -- C:\Program Files\Samsung_PC_Studio_322_HF1.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.05.12 16:03:01 | 000,000,980 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.12 16:02:21 | 431,730,464 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2012.05.12 16:01:06 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2012.05.12 16:01:00 | 011,424,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2012.05.12 15:53:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.05.12 13:37:48 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin\Desktop\dds.com
[2012.05.12 13:36:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Admin\defogger_reenable
[2012.05.12 13:35:49 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Defogger.exe
[2012.05.12 13:32:59 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\7jfpcnp7.exe
[2012.05.12 13:29:48 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.05.12 13:05:42 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012.05.12 10:03:04 | 000,484,752 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.05.12 10:03:04 | 000,080,982 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.05.12 09:58:51 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.12 09:58:51 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-115176313-839522115-1003.job
[2012.05.12 09:58:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.05.12 09:57:30 | 005,787,344 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2012.05.12 09:57:30 | 001,075,892 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2012.05.12 08:46:26 | 000,033,628 | ---- | M] () -- C:\WINDOWS\TempCloudAV0512064520_652.csv
[2012.05.11 22:51:12 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Secure Eraser.lnk
[2012.05.11 22:48:44 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012.05.11 22:11:27 | 000,008,910 | ---- | M] () -- C:\WINDOWS\TempCloudAV0511201000_652.csv
[2012.05.11 22:07:18 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.11 22:02:16 | 000,147,990 | ---- | M] () -- C:\WINDOWS\TempCloudAV0511052415_1092.csv
[2012.05.11 20:45:13 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012.05.11 19:18:00 | 1199,882,154 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Se7en (1995).ipad.mp4
[2012.05.11 18:20:36 | 000,001,742 | -H-- | M] () -- C:\Documents and Settings\Admin\My Documents\Default.rdp
[2012.05.11 17:43:58 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.11 17:30:10 | 988,551,973 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Street Fighter (1994).ipad.mp4
[2012.05.11 16:00:00 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\{ABFD01D0-37BD-4458-B384-7596EC0661D7}_KLST-02_Admin.job
[2012.05.11 16:00:00 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\{1D61C1B1-17FD-49B6-948A-6E1DC5CA11C8}_KLST-02_Admin.job
[2012.05.11 13:56:12 | 925,346,837 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\The Shepherd - Border Patrol[2008].ipad.mp4
[2012.05.11 10:00:38 | 916,693,417 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Resident Evil 3 - Extinction.ipad.mp4
[2012.05.11 09:00:00 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\{C7BF4CC6-D3E5-490D-BE80-E2E8FF8581A2}_KLST-02_Admin.job
[2012.05.11 08:26:07 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012.05.11 07:23:55 | 000,224,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.05.08 22:02:36 | 004,518,228 | ---- | M] () -- C:\WINDOWS\TempCloudAV0508061533_740.csv
[2012.05.08 12:23:11 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012.05.06 17:59:15 | 000,061,565 | ---- | M] () -- C:\WINDOWS\TempCloudAV0506154640_688.csv
[2012.05.04 21:53:27 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.05.04 21:53:27 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.05.04 21:10:18 | 000,003,872 | ---- | M] () -- C:\WINDOWS\TempCloudAV0504191002_664.csv
[2012.05.04 10:35:59 | 000,008,199 | ---- | M] () -- C:\WINDOWS\TempCloudAV0504083514_1880.csv
[2012.05.03 20:02:33 | 000,474,503 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\FLT_USQKST27533_0.pdf
[2012.05.02 13:08:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.05.01 20:35:14 | 003,778,897 | ---- | M] () -- C:\WINDOWS\TempCloudAV0501084950_648.csv
[2012.04.30 17:14:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-115176313-839522115-1003.job
[2012.04.27 08:24:56 | 000,025,075 | ---- | M] () -- C:\WINDOWS\TempCloudAV0427062432_1120.csv
[2012.04.24 19:10:54 | 006,070,962 | ---- | M] () -- C:\WINDOWS\TempCloudAV0424065012_628.csv
[2012.04.24 08:04:38 | 000,080,071 | ---- | M] () -- C:\WINDOWS\TempCloudAV0424060219_632.csv
[2012.04.23 19:33:03 | 006,868,959 | ---- | M] () -- C:\WINDOWS\TempCloudAV0423055646_808.csv
[2012.04.22 19:10:18 | 000,098,137 | ---- | M] () -- C:\WINDOWS\TempCloudAV0422163416_1188.csv
[2012.04.21 15:54:42 | 001,237,424 | ---- | M] () -- C:\WINDOWS\TempCloudAV0421071622_1012.csv
[2012.04.20 21:58:45 | 006,907,068 | ---- | M] () -- C:\WINDOWS\TempCloudAV0420053257_1312.csv
[2012.04.20 07:25:01 | 000,000,116 | ---- | M] () -- C:\WINDOWS\TempCloudAV0420052245_740.csv
[2012.04.19 10:28:59 | 000,015,830 | ---- | M] () -- C:\WINDOWS\TempCloudAV0419082606_792.csv
[2012.04.17 10:40:16 | 000,057,283 | ---- | M] () -- C:\WINDOWS\TempCloudAV0417083911_1900.csv
[2012.04.13 15:02:35 | 007,687,429 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\TextureSamples.zip
[2012.04.13 08:42:56 | 000,282,631 | ---- | M] () -- C:\WINDOWS\TempCloudAV0413062346_1248.csv
[2012.04.12 22:27:51 | 005,412,997 | ---- | M] () -- C:\WINDOWS\TempCloudAV0412060519_1164.csv
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.05.12 13:36:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\defogger_reenable
[2012.05.12 13:35:48 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Defogger.exe
[2012.05.12 13:32:57 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\7jfpcnp7.exe
[2012.05.12 13:05:42 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012.05.12 08:45:56 | 000,033,628 | ---- | C] () -- C:\WINDOWS\TempCloudAV0512064520_652.csv
[2012.05.11 22:51:12 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Secure Eraser.lnk
[2012.05.11 22:10:16 | 000,008,910 | ---- | C] () -- C:\WINDOWS\TempCloudAV0511201000_652.csv
[2012.05.11 22:07:18 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.11 17:44:16 | 1199,882,154 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Se7en (1995).ipad.mp4
[2012.05.11 17:39:52 | 1416,542,208 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Se7en (1995).avi
[2012.05.11 16:26:31 | 988,551,973 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Street Fighter (1994).ipad.mp4
[2012.05.11 12:48:47 | 925,346,837 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\The Shepherd - Border Patrol[2008].ipad.mp4
[2012.05.11 09:06:56 | 916,693,417 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Resident Evil 3 - Extinction.ipad.mp4
[2012.05.11 07:25:46 | 000,147,990 | ---- | C] () -- C:\WINDOWS\TempCloudAV0511052415_1092.csv
[2012.05.08 12:23:11 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012.05.08 08:16:26 | 004,518,228 | ---- | C] () -- C:\WINDOWS\TempCloudAV0508061533_740.csv
[2012.05.06 17:47:32 | 000,061,565 | ---- | C] () -- C:\WINDOWS\TempCloudAV0506154640_688.csv
[2012.05.04 21:10:17 | 000,003,872 | ---- | C] () -- C:\WINDOWS\TempCloudAV0504191002_664.csv
[2012.05.04 10:35:29 | 000,008,199 | ---- | C] () -- C:\WINDOWS\TempCloudAV0504083514_1880.csv
[2012.05.03 20:02:33 | 000,474,503 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\FLT_USQKST27533_0.pdf
[2012.05.01 10:50:15 | 003,778,897 | ---- | C] () -- C:\WINDOWS\TempCloudAV0501084950_648.csv
[2012.04.27 08:24:49 | 000,025,075 | ---- | C] () -- C:\WINDOWS\TempCloudAV0427062432_1120.csv
[2012.04.24 08:53:33 | 006,070,962 | ---- | C] () -- C:\WINDOWS\TempCloudAV0424065012_628.csv
[2012.04.24 08:03:01 | 000,080,071 | ---- | C] () -- C:\WINDOWS\TempCloudAV0424060219_632.csv
[2012.04.23 07:57:06 | 006,868,959 | ---- | C] () -- C:\WINDOWS\TempCloudAV0423055646_808.csv
[2012.04.22 18:34:47 | 000,098,137 | ---- | C] () -- C:\WINDOWS\TempCloudAV0422163416_1188.csv
[2012.04.21 09:18:50 | 001,237,424 | ---- | C] () -- C:\WINDOWS\TempCloudAV0421071622_1012.csv
[2012.04.20 08:02:53 | 006,907,068 | ---- | C] () -- C:\WINDOWS\TempCloudAV0420053257_1312.csv
[2012.04.20 07:25:01 | 000,000,116 | ---- | C] () -- C:\WINDOWS\TempCloudAV0420052245_740.csv
[2012.04.19 10:26:14 | 000,015,830 | ---- | C] () -- C:\WINDOWS\TempCloudAV0419082606_792.csv
[2012.04.17 10:40:00 | 000,057,283 | ---- | C] () -- C:\WINDOWS\TempCloudAV0417083911_1900.csv
[2012.04.13 15:02:34 | 007,687,429 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\TextureSamples.zip
[2012.04.13 08:23:54 | 000,282,631 | ---- | C] () -- C:\WINDOWS\TempCloudAV0413062346_1248.csv
[2012.02.15 09:13:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.26 13:09:18 | 000,000,021 | ---- | C] () -- C:\WINDOWS\progman.ini
[2011.11.08 11:22:41 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011.11.08 11:22:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2011.09.20 10:27:35 | 000,000,010 | ---- | C] () -- C:\WINDOWS\Albatros.ini
[2011.03.18 12:19:22 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011.02.21 09:27:22 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2011.01.03 09:44:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.06.23 23:16:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\AVSMediaPlayer.m3u
[2010.05.19 22:20:23 | 000,049,248 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DA3BBF2

< End of report >

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Zwischendurch hatte ich bereits eine "Defogger"- bzw CCleaner Durchlauf. Auch DDS/Attach bzw. Gmer-Logs wären zum Posten bereit (sollte es gewünscht sein)

Herzlichen Dank für Eure Hilfe im Voraus.

Viele Gruesse
Dwarf36

cosinus · 14.05.2012, 11:04

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Dwarf36 · 14.05.2012, 11:40

Hallo Arne,

ja, hatte ich schon mal. Allerdings in der Regel immer Quick-Scans.
Möchtest Du auch diese logs?

Der letzte Quick_Scan (vor dem bereits geposteten war am 22.11.11). Insgesamt wären es 12 logs die ich anzubieten hätte, von denen aber alle ohne Funde verblieben sind. Der letzte vollständige Scan ist vom 11.12.10.

Soll ich sie trotzdem alle posten?

Viele Gruesse
Klaus

cosinus · 14.05.2012, 12:37

Nee, wenn die wirklich alle ohne Funde sind brauch ich die jetzt nicht
ESET lief wie lange bei dir? Es hat nur eine Datei gefunden?

Dwarf36 · 14.05.2012, 12:53

Wenn ich mich recht erinnere, lief ESET etwas über eine Stunde. Bin mir jetzt aber nicht mehr hundertprozentig sicher da ich beim Start rausgegangen und irgendwann später zurückgekommen bin.

Die gepostete Datei ist die einzige von ESET als auffällig gefundene Datei bzw. in der TXT gespeichert, genau.

Viele Gruesse
Klaus

cosinus · 14.05.2012, 13:00

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Dwarf36 · 14.05.2012, 14:44

here we go...

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 14.05.2012 15:07:38 - Run 4
OTL by OldTimer - Version 3.2.42.3     Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 72,64% Memory free
4,84 Gb Paging File | 4,23 Gb Available in Paging File | 87,45% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 161,92 Gb Free Space | 69,53% Space Free | Partition Type: NTFS
Drive D: | 6,74 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: XXXX-02 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Documents and Settings\Admin\Application Data\T-Mobile Internet Manager\ouc.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Documents and Settings\Admin\Local Settings\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
PRC - C:\WINDOWS\PLFSetI.exe ()
PRC - C:\Program Files\Common Files\Marmiko Shared\MZCCntrl.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
PRC - C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\PLFSetI.exe ()
MOD - C:\Program Files\Panda Security\Panda Cloud Antivirus\MiniCrypto.dll ()
MOD - C:\Program Files\Panda Security\Panda Cloud Antivirus\APIcr.dll ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater10.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NanoServiceMain) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (Kaspersky Lab)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AgereModemAudio) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
SRV - (MZCCntrl) -- C:\Program Files\Common Files\Marmiko Shared\MZCCntrl.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (PSINAflt) -- C:\WINDOWS\system32\drivers\PSINAflt.sys (Panda Security, S.L.)
DRV - (PSINProt) -- C:\WINDOWS\system32\drivers\PSINProt.sys (Panda Security, S.L.)
DRV - (PSINKNC) -- C:\WINDOWS\system32\drivers\PSINKNC.sys (Panda Security, S.L.)
DRV - (PSINProc) -- C:\WINDOWS\system32\drivers\PSINProc.sys (Panda Security, S.L.)
DRV - (PSINFile) -- C:\WINDOWS\system32\drivers\PSINFile.sys (Panda Security, S.L.)
DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (NETwLx32)     Intel(R) -- C:\WINDOWS\system32\drivers\NETwLx32.sys (Intel Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (klif) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (filtertdidriver) -- C:\WINDOWS\system32\drivers\ewfiltertdidriver.sys (Huawei Technologies Co., Ltd.)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (hwusbfake) -- C:\WINDOWS\system32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (BMLoad) -- C:\WINDOWS\system32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (tcpipBM) -- C:\WINDOWS\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (JMCR) -- C:\WINDOWS\system32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (itecir) -- C:\WINDOWS\system32\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (MACNDIS5) -- C:\Program Files\Common Files\Marmiko Shared\MAcNdis5.sys (Marmiko IT-Solutions GmbH)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (jatmlano) -- C:\Documents and Settings\klst\Local Settings\Temp\jatmlano.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-329068152-115176313-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKU\S-1-5-21-329068152-115176313-839522115-1003\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-329068152-115176313-839522115-1003\..\SearchScopes,DefaultScope = {D2BA9B10-C970-4068-A295-B849275C5E9F}
IE - HKU\S-1-5-21-329068152-115176313-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-329068152-115176313-839522115-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = 
IE - HKU\S-1-5-21-329068152-115176313-839522115-1003\..\SearchScopes\{4EE3A5CE-E0B5-4D61-8F8E-9F661FB98BDB}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-329068152-115176313-839522115-1003\..\SearchScopes\{D2BA9B10-C970-4068-A295-B849275C5E9F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-329068152-115176313-839522115-1003\..\SearchScopes\{D5E322B5-5DCE-4DEC-931A-F5A6CFEAEF25}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-329068152-115176313-839522115-1003\..\SearchScopes\{F571603B-B18B-446D-908D-6D938175A474}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-329068152-115176313-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-329068152-115176313-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Admin\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.08.22 19:20:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.03 09:40:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\widgetruntime@surfsecret.com: C:\Program Files\Panda Security\Panda ID Protect\Firefox [2011.02.21 09:28:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012.04.30 18:56:17 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (no name) - {F4D76F01-7896-458a-890F-E1F05C46069F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - No CLSID value found.
O3 - HKU\S-1-5-21-329068152-115176313-839522115-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-329068152-115176313-839522115-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-8087-36EE87E26986} - No CLSID value found.
O3 - HKU\S-1-5-21-329068152-115176313-839522115-1003\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe ()
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-329068152-115176313-839522115-1003..\Run: [1und1Dispatcher] C:\Program Files\1und1Softwareaktualisierung\SchedDispatcher.exe (1&1 Mail & Media GmbH)
O4 - HKU\S-1-5-21-329068152-115176313-839522115-1003..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-115176313-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download with mvc-ipad-software-suite-pro - C:\Program Files\mediAvatar\iPad Software Suite Pro\upod_link.HTM File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-329068152-115176313-839522115-1003\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-329068152-115176313-839522115-1003\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} hxxp://versionone/projectserver/objects/pjclient.cab (PjAdoInfo3 Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} hxxp://versionone/projectserver/objects/1033/pjcintl.cab (Pj11enuC Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.11 15:58:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{61de39e2-dbf0-11de-a034-001de0d68661}\Shell - "" = AutoRun
O33 - MountPoints2\{61de39e2-dbf0-11de-a034-001de0d68661}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{61de39e2-dbf0-11de-a034-001de0d68661}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8ff2bbce-db86-11de-a032-001de0d68661}\Shell - "" = AutoRun
O33 - MountPoints2\{8ff2bbce-db86-11de-a032-001de0d68661}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8ff2bbce-db86-11de-a032-001de0d68661}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8ff2bcf0-db86-11de-a032-001de0d68661}\Shell - "" = AutoRun
O33 - MountPoints2\{8ff2bcf0-db86-11de-a032-001de0d68661}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8ff2bcf0-db86-11de-a032-001de0d68661}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a8336df5-db7d-11de-a030-001de0d68661}\Shell - "" = AutoRun
O33 - MountPoints2\{a8336df5-db7d-11de-a030-001de0d68661}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a8336df5-db7d-11de-a030-001de0d68661}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a83375da-db7d-11de-a030-001de0d68661}\Shell - "" = AutoRun
O33 - MountPoints2\{a83375da-db7d-11de-a030-001de0d68661}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a83375da-db7d-11de-a030-001de0d68661}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig - StartUpReg: pdfw - hkey= - key= - C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe (Bastea, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: MSACM.CEGSM - C:\WINDOWS\System32\mobileV.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1056
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.12 16:00:55 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2012.05.12 13:37:47 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin\Desktop\dds.com
[2012.05.12 13:16:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2012.05.12 13:05:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012.05.12 13:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.11 23:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.11 22:52:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\Administrative Tools
[2012.05.08 12:23:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012.05.05 10:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Search Settings
[2012.05.05 10:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.05.05 10:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.05.05 10:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2012.04.30 18:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Miro
[2012.04.30 18:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Participatory Culture Foundation
[2012.04.30 18:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\Participatory Culture Foundation
[2012.04.30 18:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\AVG Secure Search
[2012.04.30 18:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012.04.30 18:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012.04.30 18:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012.04.30 18:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\mediAvatar
[2012.04.30 18:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\mediAvatar
[2012.04.18 13:02:35 | 000,000,000 | ---D | C] -- C:\temp
[2011.12.06 16:12:30 | 000,050,176 | ---- | C] (Gunnar Blumert Softwareentwicklung) -- C:\Program Files\WinRail 7.0WR3D.enu
[2011.01.16 13:34:48 | 070,984,344 | ---- | C] (Macrovision Corporation) -- C:\Program Files\Samsung_PC_Studio_322_HF1.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.14 15:03:00 | 000,000,980 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.14 14:53:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.05.14 14:50:00 | 011,428,640 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2012.05.14 14:34:14 | 431,929,376 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2012.05.14 14:12:59 | 000,001,742 | -H-- | M] () -- C:\Documents and Settings\Admin\My Documents\Default.rdp
[2012.05.14 10:31:46 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012.05.14 10:20:27 | 000,484,752 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.05.14 10:20:27 | 000,080,982 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.05.14 10:17:52 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.14 10:17:48 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.05.14 10:17:48 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-115176313-839522115-1003.job
[2012.05.14 10:07:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.05.12 22:45:17 | 005,791,040 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2012.05.12 22:45:17 | 001,076,372 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2012.05.12 22:44:56 | 000,908,249 | ---- | M] () -- C:\WINDOWS\TempCloudAV0512160811_520.csv
[2012.05.12 16:01:06 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2012.05.12 13:37:48 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin\Desktop\dds.com
[2012.05.12 13:36:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Admin\defogger_reenable
[2012.05.12 13:35:49 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Defogger.exe
[2012.05.12 13:32:59 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\7jfpcnp7.exe
[2012.05.12 13:05:42 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012.05.12 08:46:26 | 000,033,628 | ---- | M] () -- C:\WINDOWS\TempCloudAV0512064520_652.csv
[2012.05.11 22:51:12 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Secure Eraser.lnk
[2012.05.11 22:11:27 | 000,008,910 | ---- | M] () -- C:\WINDOWS\TempCloudAV0511201000_652.csv
[2012.05.11 22:07:18 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.11 22:02:16 | 000,147,990 | ---- | M] () -- C:\WINDOWS\TempCloudAV0511052415_1092.csv
[2012.05.11 20:45:13 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012.05.11 19:18:00 | 1199,882,154 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Se7en (1995).ipad.mp4
[2012.05.11 17:43:58 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.11 17:30:10 | 988,551,973 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Street Fighter (1994).ipad.mp4
[2012.05.11 16:00:00 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\{ABFD01D0-37BD-4458-B384-7596EC0661D7}_xxxx02_Admin.job
[2012.05.11 16:00:00 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\{1D61C1B1-17FD-49B6-948A-6E1DC5CA11C8}_xxxx-02_Admin.job
[2012.05.11 13:56:12 | 925,346,837 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\The Shepherd - Border Patrol[2008].ipad.mp4
[2012.05.11 10:00:38 | 916,693,417 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Resident Evil 3 - Extinction.ipad.mp4
[2012.05.11 09:00:00 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\{C7BF4CC6-D3E5-490D-BE80-E2E8FF8581A2}_KLST-02_Admin.job
[2012.05.11 08:26:07 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012.05.11 07:23:55 | 000,224,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.05.08 22:02:36 | 004,518,228 | ---- | M] () -- C:\WINDOWS\TempCloudAV0508061533_740.csv
[2012.05.08 12:23:11 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012.05.06 17:59:15 | 000,061,565 | ---- | M] () -- C:\WINDOWS\TempCloudAV0506154640_688.csv
[2012.05.04 21:10:18 | 000,003,872 | ---- | M] () -- C:\WINDOWS\TempCloudAV0504191002_664.csv
[2012.05.04 10:35:59 | 000,008,199 | ---- | M] () -- C:\WINDOWS\TempCloudAV0504083514_1880.csv
[2012.05.03 20:02:33 | 000,474,503 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\FLT_USQKST27533_0.pdf
[2012.05.02 13:08:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.05.01 20:35:14 | 003,778,897 | ---- | M] () -- C:\WINDOWS\TempCloudAV0501084950_648.csv
[2012.04.30 17:14:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-115176313-839522115-1003.job
[2012.04.27 08:24:56 | 000,025,075 | ---- | M] () -- C:\WINDOWS\TempCloudAV0427062432_1120.csv
[2012.04.24 19:10:54 | 006,070,962 | ---- | M] () -- C:\WINDOWS\TempCloudAV0424065012_628.csv
[2012.04.24 08:04:38 | 000,080,071 | ---- | M] () -- C:\WINDOWS\TempCloudAV0424060219_632.csv
[2012.04.23 19:33:03 | 006,868,959 | ---- | M] () -- C:\WINDOWS\TempCloudAV0423055646_808.csv
[2012.04.22 19:10:18 | 000,098,137 | ---- | M] () -- C:\WINDOWS\TempCloudAV0422163416_1188.csv
[2012.04.21 15:54:42 | 001,237,424 | ---- | M] () -- C:\WINDOWS\TempCloudAV0421071622_1012.csv
[2012.04.20 21:58:45 | 006,907,068 | ---- | M] () -- C:\WINDOWS\TempCloudAV0420053257_1312.csv
[2012.04.20 07:25:01 | 000,000,116 | ---- | M] () -- C:\WINDOWS\TempCloudAV0420052245_740.csv
[2012.04.19 10:28:59 | 000,015,830 | ---- | M] () -- C:\WINDOWS\TempCloudAV0419082606_792.csv
[2012.04.17 10:40:16 | 000,057,283 | ---- | M] () -- C:\WINDOWS\TempCloudAV0417083911_1900.csv
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.12 18:08:33 | 000,908,249 | ---- | C] () -- C:\WINDOWS\TempCloudAV0512160811_520.csv
[2012.05.12 13:36:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\defogger_reenable
[2012.05.12 13:35:48 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Defogger.exe
[2012.05.12 13:32:57 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\7jfpcnp7.exe
[2012.05.12 13:05:42 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012.05.12 08:45:56 | 000,033,628 | ---- | C] () -- C:\WINDOWS\TempCloudAV0512064520_652.csv
[2012.05.11 22:51:12 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Secure Eraser.lnk
[2012.05.11 22:10:16 | 000,008,910 | ---- | C] () -- C:\WINDOWS\TempCloudAV0511201000_652.csv
[2012.05.11 22:07:18 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.11 17:44:16 | 1199,882,154 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Se7en (1995).ipad.mp4
[2012.05.11 17:39:52 | 1416,542,208 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Se7en (1995).avi
[2012.05.11 16:26:31 | 988,551,973 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Street Fighter (1994).ipad.mp4
[2012.05.11 12:48:47 | 925,346,837 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\The Shepherd - Border Patrol[2008].ipad.mp4
[2012.05.11 09:06:56 | 916,693,417 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Resident Evil 3 - Extinction.ipad.mp4
[2012.05.11 07:25:46 | 000,147,990 | ---- | C] () -- C:\WINDOWS\TempCloudAV0511052415_1092.csv
[2012.05.08 12:23:11 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012.05.08 08:16:26 | 004,518,228 | ---- | C] () -- C:\WINDOWS\TempCloudAV0508061533_740.csv
[2012.05.06 17:47:32 | 000,061,565 | ---- | C] () -- C:\WINDOWS\TempCloudAV0506154640_688.csv
[2012.05.04 21:10:17 | 000,003,872 | ---- | C] () -- C:\WINDOWS\TempCloudAV0504191002_664.csv
[2012.05.04 10:35:29 | 000,008,199 | ---- | C] () -- C:\WINDOWS\TempCloudAV0504083514_1880.csv
[2012.05.03 20:02:33 | 000,474,503 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\FLT_USQKST27533_0.pdf
[2012.05.01 10:50:15 | 003,778,897 | ---- | C] () -- C:\WINDOWS\TempCloudAV0501084950_648.csv
[2012.04.27 08:24:49 | 000,025,075 | ---- | C] () -- C:\WINDOWS\TempCloudAV0427062432_1120.csv
[2012.04.24 08:53:33 | 006,070,962 | ---- | C] () -- C:\WINDOWS\TempCloudAV0424065012_628.csv
[2012.04.24 08:03:01 | 000,080,071 | ---- | C] () -- C:\WINDOWS\TempCloudAV0424060219_632.csv
[2012.04.23 07:57:06 | 006,868,959 | ---- | C] () -- C:\WINDOWS\TempCloudAV0423055646_808.csv
[2012.04.22 18:34:47 | 000,098,137 | ---- | C] () -- C:\WINDOWS\TempCloudAV0422163416_1188.csv
[2012.04.21 09:18:50 | 001,237,424 | ---- | C] () -- C:\WINDOWS\TempCloudAV0421071622_1012.csv
[2012.04.20 08:02:53 | 006,907,068 | ---- | C] () -- C:\WINDOWS\TempCloudAV0420053257_1312.csv
[2012.04.20 07:25:01 | 000,000,116 | ---- | C] () -- C:\WINDOWS\TempCloudAV0420052245_740.csv
[2012.04.19 10:26:14 | 000,015,830 | ---- | C] () -- C:\WINDOWS\TempCloudAV0419082606_792.csv
[2012.04.17 10:40:00 | 000,057,283 | ---- | C] () -- C:\WINDOWS\TempCloudAV0417083911_1900.csv
[2012.02.15 09:13:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.26 13:09:18 | 000,000,021 | ---- | C] () -- C:\WINDOWS\progman.ini
[2011.11.08 11:22:41 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011.11.08 11:22:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2011.09.20 10:27:35 | 000,000,010 | ---- | C] () -- C:\WINDOWS\Albatros.ini
[2011.03.18 12:19:22 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011.02.21 09:27:22 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2011.01.03 09:44:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.06.23 23:16:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\AVSMediaPlayer.m3u
[2010.05.19 22:20:23 | 000,049,248 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
 
========== LOP Check ==========
 
[2012.01.05 17:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\1&1 Mail & Media GmbH
[2009.08.17 00:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ASCOMP Software
[2012.04.30 18:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\AVG Secure Search
[2009.06.01 12:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\BonkEnc
[2009.08.04 21:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Canneverbe_Limited
[2009.09.28 20:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.05.12 13:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\DAEMON Tools Lite
[2012.05.02 14:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Dropbox
[2012.03.07 09:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\elsterformular
[2012.01.26 13:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\HaCon
[2012.04.30 18:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\mediAvatar
[2009.10.01 14:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\MuldeR
[2009.08.22 19:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Nokia
[2009.05.20 15:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ooVoo Details
[2011.02.21 09:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Panda Security
[2011.02.21 09:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\pandasecuritytb
[2010.08.03 19:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\PC Suite
[2011.03.18 12:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\pdfforge
[2009.12.03 23:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\PlayFirst
[2009.05.26 14:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Samsung
[2012.05.05 10:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Search Settings
[2011.01.18 16:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\SnejkyFruits
[2011.11.07 10:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\SurfSecret Privacy Suite
[2009.11.27 19:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\T-Mobile
[2010.09.08 08:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\T-Mobile Internet Manager
[2009.09.01 14:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\T-Online
[2011.03.08 11:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Unity
[2011.08.22 15:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\yWorks
[2009.05.18 17:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OOVOOTOOLBAR
[2011.03.22 08:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2012.04.30 18:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011.09.05 15:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011.03.04 15:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010.04.11 12:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\elsterformular
[2012.01.26 13:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HaCon
[2009.08.22 19:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011.09.05 15:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010.08.07 15:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2011.02.21 09:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2012.05.14 10:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering
[2008.11.11 19:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010.08.03 19:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009.12.03 23:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011.08.04 09:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2009.09.01 13:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\T-Online
[2011.12.29 12:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012.01.05 17:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UUdb
[2010.04.26 08:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008.12.16 08:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\klst\Application Data\BonkEnc
[2008.12.07 12:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\klst\Application Data\Canneverbe_Limited
[2009.04.24 09:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\klst\Application Data\dBpoweramp
[2009.01.09 15:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\klst\Application Data\MPEG Streamclip
[2009.03.12 12:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\klst\Application Data\MSNInstaller
[2008.11.14 13:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\klst\Application Data\OfficeUpdate12
[2008.12.17 17:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\klst\Application Data\ooVoo Details
[2008.12.18 19:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\klst\Application Data\oovooToolbar
[2012.05.11 16:00:00 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\Tasks\{1D61C1B1-17FD-49B6-948A-6E1DC5CA11C8}_xxxx-02_Admin.job
[2012.05.11 16:00:00 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\Tasks\{ABFD01D0-37BD-4458-B384-7596EC0661D7}_xxxx-02_Admin.job
[2012.05.11 09:00:00 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\Tasks\{C7BF4CC6-D3E5-490D-BE80-E2E8FF8581A2}_KLST-02_Admin.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2012.02.14 17:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010.04.26 08:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009.01.09 16:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011.03.22 08:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2012.04.30 18:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2010.06.23 23:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2011.09.05 15:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011.09.05 15:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2011.03.04 15:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010.04.11 12:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\elsterformular
[2011.09.20 10:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2012.01.26 13:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HaCon
[2009.08.22 19:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2008.12.17 17:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2011.09.09 18:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2011.03.05 10:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2010.08.03 09:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.08.03 19:54:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011.09.05 15:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010.08.07 15:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2008.11.14 12:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2011.02.21 09:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2012.05.14 10:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering
[2008.11.11 19:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010.08.03 19:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009.12.03 23:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011.08.04 09:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2010.12.03 09:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real
[2012.03.26 08:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011.02.09 21:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2009.09.01 13:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\T-Online
[2011.12.29 12:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012.01.05 17:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UUdb
[2008.11.11 16:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010.04.26 08:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009.02.04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\19398\AcrobatUpdater.exe
[2012.01.03 09:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\19398\AdobeARM.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\19398\AdobeARMHelper.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\19398\ReaderUpdater.exe
[2012.01.03 19:46:15 | 000,345,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-A95000000001}\Setup.exe
[2012.04.12 07:53:17 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.6.1.7\SetupAdmin.exe
[2011.08.19 06:31:14 | 015,548,856 | ---- | M] (Big Fish Games) -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache\Upgrade\clientinstaller\bfgsetup_s2_l2.exe
[2011.11.17 02:50:44 | 000,147,632 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\chuzzleeu_s2_l2_gF518T1L2_d1533634835[1].exe
[2011.08.19 06:31:20 | 000,144,504 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\luxor-3_s2_l2_gF2197T1L2_d1445700322[1].exe
[2011.09.05 15:00:23 | 015,608,136 | ---- | M] (Big Fish Games) -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s2_l2.exe
[2011.06.07 06:51:23 | 018,377,256 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Documents and Settings\All Users\Application Data\elsterformular\pica\update\ElsterFormular_update-12_2_0_6412k.exe
[2011.08.11 11:51:34 | 018,844,168 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Documents and Settings\All Users\Application Data\elsterformular\pica\update\ElsterFormular_update-12_2_1_6570k.exe
[2011.09.05 12:32:26 | 000,527,024 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
[2009.08.22 19:18:56 | 033,727,544 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_ger_web[2].exe
[2009.08.22 19:19:18 | 000,095,232 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
[2009.08.22 19:19:18 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
[2009.08.22 19:19:18 | 000,010,240 | ---- | M] (Nokia) -- C:\Documents and Settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
[2009.08.22 19:19:18 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
[2008.11.14 14:29:37 | 000,211,568 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.2.678\avp.exe
[2012.05.11 22:07:09 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2012.03.19 10:51:36 | 000,217,256 | ---- | M] (Panda Security) -- C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe
[2010.12.19 16:19:12 | 000,119,336 | ---- | M] (Panda Security) -- C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\uninstall.exe
 
< %APPDATA%\*. >
[2012.01.05 17:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\1&1 Mail & Media GmbH
[2010.12.09 17:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Adobe
[2012.04.12 08:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Apple Computer
[2009.08.17 00:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ASCOMP Software
[2012.04.30 18:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\AVG Secure Search
[2009.06.01 12:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\BonkEnc
[2009.08.04 21:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Canneverbe_Limited
[2009.09.28 20:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.05.12 13:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\DAEMON Tools Lite
[2012.05.02 14:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Dropbox
[2012.05.11 16:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\dvdcss
[2012.03.07 09:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\elsterformular
[2012.01.26 13:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\HaCon
[2009.09.29 08:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Help
[2008.11.11 16:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Identities
[2008.11.11 19:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\InstallShield
[2011.09.09 18:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Intel
[2008.11.11 18:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Macromedia
[2010.08.03 09:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2012.04.30 18:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\mediAvatar
[2012.03.22 17:40:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Admin\Application Data\Microsoft
[2009.10.01 14:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\MuldeR
[2009.08.22 19:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Nokia
[2009.05.20 15:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ooVoo Details
[2011.02.21 09:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Panda Security
[2011.02.21 09:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\pandasecuritytb
[2010.08.03 19:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\PC Suite
[2011.03.18 12:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\pdfforge
[2009.12.03 23:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\PlayFirst
[2010.12.28 22:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Real
[2009.05.26 14:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Samsung
[2012.05.05 10:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Search Settings
[2010.09.19 17:34:56 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Admin\Application Data\SecuROM
[2012.05.14 14:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Skype
[2011.06.21 16:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\skypePM
[2011.01.18 16:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\SnejkyFruits
[2011.02.09 21:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Sun
[2011.11.07 10:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\SurfSecret Privacy Suite
[2009.11.27 19:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\T-Mobile
[2010.09.08 08:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\T-Mobile Internet Manager
[2009.09.01 14:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\T-Online
[2011.03.08 11:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Unity
[2012.05.11 17:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\vlc
[2012.05.12 13:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Winamp
[2009.05.20 17:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\WinRAR
[2011.08.22 15:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\yWorks
 
< %APPDATA%\*.exe /s >
[2012.05.11 22:50:37 | 004,145,328 | ---- | M] (ASCOMP Software GmbH                                        ) -- C:\Documents and Settings\Admin\Application Data\ASCOMP Software\Secure Eraser\seraser.exe
[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Dropbox.exe
[2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Admin\Application Data\Dropbox\bin\Uninstall.exe
[2012.05.11 20:43:41 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.11.28 14:51:24 | 002,827,728 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Admin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2010.07.03 08:37:19 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Admin\Application Data\Real\Update\setup3.10\setup.exe
[2009.06.30 12:52:18 | 000,983,040 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Documents and Settings\Admin\Application Data\T-Mobile Internet Manager\LiveUpdate.exe
[2009.06.23 17:43:40 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Documents and Settings\Admin\Application Data\T-Mobile Internet Manager\ouc.exe
 
< %SYSTEMDRIVE%\*.exe >
[2011.08.19 16:21:33 | 021,073,936 | ---- | M] () -- C:\vlc-1.1.11-win32.exe
 
< MD5 for: AGP440.SYS  >
[2004.08.04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.11.11 16:37:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.11.11 16:37:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.11.11 16:37:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.11.11 16:37:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys
[2004.08.04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2008.09.12 14:48:26 | 000,406,040 | ---- | M] (Intel Corporation) MD5=756879FA65978DF948437CE3FD1EACCD -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008.09.12 14:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.09.12 14:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2008.09.12 14:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\system32\DRVSTORE\iaAHCI_12F992444F02D21A4173C3B857C3F80FAE1728A6\iaStor.sys
[2008.11.11 14:03:44 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\NLDRV\001\iastor.sys
[2008.11.11 14:05:38 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\NLDRV\002\iastor.sys
[2008.11.11 14:07:00 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\NLDRV\003\iastor.sys
[2008.11.11 14:24:10 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\NLDRV\004\iastor.sys
[2008.11.11 14:24:10 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\system32\ReinstallBackups\0019\DriverFiles\iaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2004.08.04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 02:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 02:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[2004.08.04 13:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2004.08.04 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.11.11 16:46:25 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.11.11 16:46:25 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.11.11 16:46:25 | 000,913,408 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DA3BBF2

< End of report >

--- --- ---

[/code]

cosinus · 14.05.2012, 18:24

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-329068152-115176313-839522115-1003\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-329068152-115176313-839522115-1003\..\SearchScopes,DefaultScope = {D2BA9B10-C970-4068-A295-B849275C5E9F}
IE - HKU\S-1-5-21-329068152-115176313-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-329068152-115176313-839522115-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = 
IE - HKU\S-1-5-21-329068152-115176313-839522115-1003\..\SearchScopes\{4EE3A5CE-E0B5-4D61-8F8E-9F661FB98BDB}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-329068152-115176313-839522115-1003\..\SearchScopes\{D2BA9B10-C970-4068-A295-B849275C5E9F}: "URL" = http://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-329068152-115176313-839522115-1003\..\SearchScopes\{D5E322B5-5DCE-4DEC-931A-F5A6CFEAEF25}: "URL" = http://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-329068152-115176313-839522115-1003\..\SearchScopes\{F571603B-B18B-446D-908D-6D938175A474}: "URL" = http://go.web.de/tb/ie_searchplugin/?su={searchTerms}
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (no name) - {F4D76F01-7896-458a-890F-E1F05C46069F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - No CLSID value found.
O3 - HKU\S-1-5-21-329068152-115176313-839522115-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-329068152-115176313-839522115-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-8087-36EE87E26986} - No CLSID value found.
O3 - HKU\S-1-5-21-329068152-115176313-839522115-1003\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-115176313-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.11 15:58:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{61de39e2-dbf0-11de-a034-001de0d68661}\Shell - "" = AutoRun
O33 - MountPoints2\{61de39e2-dbf0-11de-a034-001de0d68661}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{61de39e2-dbf0-11de-a034-001de0d68661}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8ff2bbce-db86-11de-a032-001de0d68661}\Shell - "" = AutoRun
O33 - MountPoints2\{8ff2bbce-db86-11de-a032-001de0d68661}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8ff2bbce-db86-11de-a032-001de0d68661}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8ff2bcf0-db86-11de-a032-001de0d68661}\Shell - "" = AutoRun
O33 - MountPoints2\{8ff2bcf0-db86-11de-a032-001de0d68661}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8ff2bcf0-db86-11de-a032-001de0d68661}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a8336df5-db7d-11de-a030-001de0d68661}\Shell - "" = AutoRun
O33 - MountPoints2\{a8336df5-db7d-11de-a030-001de0d68661}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a8336df5-db7d-11de-a030-001de0d68661}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a83375da-db7d-11de-a030-001de0d68661}\Shell - "" = AutoRun
O33 - MountPoints2\{a83375da-db7d-11de-a030-001de0d68661}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a83375da-db7d-11de-a030-001de0d68661}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\WDSetup.exe
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DA3BBF2
:Files
C:\Documents and Settings\Admin\Application Data\Search Settings
C:\Program Files\pdfforge Toolbar
C:\Program Files\Application Updater
C:\Program Files\Common Files\Spigot
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Dwarf36 · 15.05.2012, 13:43

So, Prozess durchgeführt. Anbei das log-file.

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-329068152-115176313-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll moved successfully.
HKEY_USERS\S-1-5-21-329068152-115176313-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-329068152-115176313-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-329068152-115176313-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_USERS\S-1-5-21-329068152-115176313-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{4EE3A5CE-E0B5-4D61-8F8E-9F661FB98BDB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4EE3A5CE-E0B5-4D61-8F8E-9F661FB98BDB}\ not found.
Registry key HKEY_USERS\S-1-5-21-329068152-115176313-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{D2BA9B10-C970-4068-A295-B849275C5E9F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2BA9B10-C970-4068-A295-B849275C5E9F}\ not found.
Registry key HKEY_USERS\S-1-5-21-329068152-115176313-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{D5E322B5-5DCE-4DEC-931A-F5A6CFEAEF25}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5E322B5-5DCE-4DEC-931A-F5A6CFEAEF25}\ not found.
Registry key HKEY_USERS\S-1-5-21-329068152-115176313-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{F571603B-B18B-446D-908D-6D938175A474}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F571603B-B18B-446D-908D-6D938175A474}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\ deleted successfully.
C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ deleted successfully.
C:\Program Files\WEB.DE Toolbar\IE\uitb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4D76F01-7896-458a-890F-E1F05C46069F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4D76F01-7896-458a-890F-E1F05C46069F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\ not found.
File C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C424171E-592A-415a-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415a-9EB1-DFD6D95D3530}\ deleted successfully.
File C:\Program Files\WEB.DE Toolbar\IE\uitb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F4D76F09-7896-458a-890F-E1F05C46069F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4D76F09-7896-458a-890F-E1F05C46069F}\ not found.
Registry value HKEY_USERS\S-1-5-21-329068152-115176313-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-329068152-115176313-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-8087-36EE87E26986} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-8087-36EE87E26986}\ not found.
Registry value HKEY_USERS\S-1-5-21-329068152-115176313-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found.
File C:\Program Files\WEB.DE Toolbar\IE\uitb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-329068152-115176313-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
File C:\Program Files\WEB.DE Toolbar\IE\uitb.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\webde\ deleted successfully.
File C:\Program Files\WEB.DE Toolbar\IE\uitb.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61de39e2-dbf0-11de-a034-001de0d68661}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61de39e2-dbf0-11de-a034-001de0d68661}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61de39e2-dbf0-11de-a034-001de0d68661}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61de39e2-dbf0-11de-a034-001de0d68661}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61de39e2-dbf0-11de-a034-001de0d68661}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61de39e2-dbf0-11de-a034-001de0d68661}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ff2bbce-db86-11de-a032-001de0d68661}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ff2bbce-db86-11de-a032-001de0d68661}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ff2bbce-db86-11de-a032-001de0d68661}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ff2bbce-db86-11de-a032-001de0d68661}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ff2bbce-db86-11de-a032-001de0d68661}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ff2bbce-db86-11de-a032-001de0d68661}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ff2bcf0-db86-11de-a032-001de0d68661}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ff2bcf0-db86-11de-a032-001de0d68661}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ff2bcf0-db86-11de-a032-001de0d68661}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ff2bcf0-db86-11de-a032-001de0d68661}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ff2bcf0-db86-11de-a032-001de0d68661}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ff2bcf0-db86-11de-a032-001de0d68661}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8336df5-db7d-11de-a030-001de0d68661}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a8336df5-db7d-11de-a030-001de0d68661}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8336df5-db7d-11de-a030-001de0d68661}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a8336df5-db7d-11de-a030-001de0d68661}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8336df5-db7d-11de-a030-001de0d68661}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a8336df5-db7d-11de-a030-001de0d68661}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a83375da-db7d-11de-a030-001de0d68661}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a83375da-db7d-11de-a030-001de0d68661}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a83375da-db7d-11de-a030-001de0d68661}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a83375da-db7d-11de-a030-001de0d68661}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a83375da-db7d-11de-a030-001de0d68661}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a83375da-db7d-11de-a030-001de0d68661}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
File I:\WDSetup.exe not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6DA3BBF2 deleted successfully.
========== FILES ==========
C:\Documents and Settings\Admin\Application Data\Search Settings\temp folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Search Settings\res folder moved successfully.
C:\Documents and Settings\Admin\Application Data\Search Settings folder moved successfully.
C:\Program Files\pdfforge Toolbar\Res\Lang folder moved successfully.
C:\Program Files\pdfforge Toolbar\Res folder moved successfully.
C:\Program Files\pdfforge Toolbar\IE\5.6 folder moved successfully.
C:\Program Files\pdfforge Toolbar\IE folder moved successfully.
C:\Program Files\pdfforge Toolbar folder moved successfully.
C:\Program Files\Application Updater folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files\Common Files\Spigot folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 263490840 bytes
->Temporary Internet Files folder emptied: 15380344 bytes
->Java cache emptied: 22892402 bytes
->Flash cache emptied: 2889445 bytes
 
User: Administrator
->Temp folder emptied: 800520 bytes
->Temporary Internet Files folder emptied: 6107524 bytes
->Flash cache emptied: 391 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
User: klst
->Temp folder emptied: 64283214 bytes
->Temporary Internet Files folder emptied: 74654458 bytes
->Flash cache emptied: 15443 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 124946 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1121264 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2675729 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2130076384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 144661686 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.605,00 mb
 
 
[EMPTYFLASH]
 
User: Admin
->Flash cache emptied: 0 bytes
 
User: Administrator
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: klst
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.42.3 log created on 05152012_142148

Files\Folders moved on Reboot...
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Z6QQ3VNI\115104-panda-cloud-antivirus-pro-findet-zwei-exploit-cve-2011-3544-trojaner[1].html moved successfully.
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\Z6QQ3VNI\si[1].htm moved successfully.
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\IDPS7LKD\ads[1].htm moved successfully.
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\DTHAW2N0\ads[2].htm moved successfully.
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\DTHAW2N0\ads[3].htm moved successfully.
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\DTHAW2N0\si[1].htm moved successfully.
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

cosinus · 15.05.2012, 14:04

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Dwarf36 · 15.05.2012, 14:31

Ok, danke. Ausgeführt.

Insgesamt 9 Threats gefunden und "geskippt".

Viele Gruesse
Klaus

Code:

ATTFilter

15:19:07.0437 1644	TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18
15:19:09.0437 1644	============================================
15:19:09.0437 1644	Current date / time: 2012/05/15 15:19:09.0437
15:19:09.0437 1644	SystemInfo:
15:19:09.0437 1644	
15:19:09.0437 1644	OS Version: 5.1.2600 ServicePack: 3.0
15:19:09.0437 1644	Product type: Workstation
15:19:09.0437 1644	ComputerName: XXXX-02
15:19:09.0437 1644	UserName: Admin
15:19:09.0437 1644	Windows directory: C:\WINDOWS
15:19:09.0437 1644	System windows directory: C:\WINDOWS
15:19:09.0437 1644	Processor architecture: Intel x86
15:19:09.0437 1644	Number of processors: 2
15:19:09.0437 1644	Page size: 0x1000
15:19:09.0437 1644	Boot type: Normal boot
15:19:09.0437 1644	============================================================
15:19:10.0031 1644	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:19:10.0031 1644	============================================================
15:19:10.0031 1644	\Device\Harddisk0\DR0:
15:19:10.0031 1644	MBR partitions:
15:19:10.0031 1644	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
15:19:10.0031 1644	============================================================
15:19:10.0062 1644	C: <-> \Device\Harddisk0\DR0\Partition0
15:19:10.0062 1644	============================================================
15:19:10.0062 1644	Initialize success
15:19:10.0062 1644	============================================================
15:19:41.0718 6060	============================================================
15:19:41.0718 6060	Scan started
15:19:41.0718 6060	Mode: Manual; SigCheck; TDLFS; 
15:19:41.0718 6060	============================================================
15:19:42.0140 6060	6to4            (c07d5197410aab28d0d93f943f59656d) C:\WINDOWS\System32\6to4svc.dll
15:19:42.0593 6060	6to4 - ok
15:19:42.0640 6060	Abiosdsk - ok
15:19:42.0656 6060	abp480n5 - ok
15:19:42.0734 6060	ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:19:43.0671 6060	ACPI - ok
15:19:43.0734 6060	ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:19:43.0921 6060	ACPIEC - ok
15:19:44.0062 6060	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:19:44.0078 6060	AdobeFlashPlayerUpdateSvc - ok
15:19:44.0078 6060	adpu160m - ok
15:19:44.0140 6060	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:19:44.0265 6060	aec - ok
15:19:44.0312 6060	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:19:44.0421 6060	AFD - ok
15:19:44.0453 6060	AgereModemAudio (8ed60797908fd394eee0d6949f493224) C:\WINDOWS\system32\agrsmsvc.exe
15:19:44.0531 6060	AgereModemAudio - ok
15:19:44.0687 6060	AgereSoftModem  (38325c6aa8eae011897d61ce48ec6435) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
15:19:44.0796 6060	AgereSoftModem - ok
15:19:44.0812 6060	Aha154x - ok
15:19:44.0843 6060	aic78u2 - ok
15:19:44.0875 6060	aic78xx - ok
15:19:44.0906 6060	Alerter         (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
15:19:45.0109 6060	Alerter - ok
15:19:45.0125 6060	ALG             (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
15:19:45.0171 6060	ALG - ok
15:19:45.0187 6060	AliIde - ok
15:19:45.0203 6060	amsint - ok
15:19:45.0312 6060	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:19:45.0328 6060	Apple Mobile Device - ok
15:19:45.0328 6060	Application Updater - ok
15:19:45.0390 6060	AppMgmt         (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
15:19:45.0453 6060	AppMgmt - ok
15:19:45.0468 6060	asc - ok
15:19:45.0468 6060	asc3350p - ok
15:19:45.0484 6060	asc3550 - ok
15:19:45.0609 6060	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:19:45.0656 6060	aspnet_state - ok
15:19:45.0687 6060	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:19:45.0796 6060	AsyncMac - ok
15:19:45.0843 6060	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:19:45.0968 6060	atapi - ok
15:19:45.0984 6060	Atdisk - ok
15:19:46.0078 6060	Ati HotKey Poller (a8524a8b2d0714749fdf50b9eb6be40e) C:\WINDOWS\system32\Ati2evxx.exe
15:19:46.0171 6060	Ati HotKey Poller - ok
15:19:46.0484 6060	ati2mtag        (7c2f0886765568456b4871b0a3cff571) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:19:46.0640 6060	ati2mtag - ok
15:19:46.0796 6060	AtiHdmiService  (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
15:19:46.0890 6060	AtiHdmiService - ok
15:19:46.0937 6060	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:19:47.0125 6060	Atmarpc - ok
15:19:47.0171 6060	AudioSrv        (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
15:19:47.0281 6060	AudioSrv - ok
15:19:47.0312 6060	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:19:47.0421 6060	audstub - ok
15:19:47.0546 6060	AVP             (9a2f9ec122d7582ce73b339af5621167) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
15:19:47.0578 6060	AVP - ok
15:19:47.0609 6060	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:19:47.0734 6060	Beep - ok
15:19:47.0781 6060	BITS            (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
15:19:47.0984 6060	BITS - ok
15:19:48.0031 6060	BMLoad          (d002033c1a37f6af51b5f0ba6d0211bc) C:\WINDOWS\system32\drivers\BMLoad.sys
15:19:48.0031 6060	BMLoad ( UnsignedFile.Multi.Generic ) - warning
15:19:48.0031 6060	BMLoad - detected UnsignedFile.Multi.Generic (1)
15:19:48.0109 6060	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
15:19:48.0140 6060	Bonjour Service - ok
15:19:48.0171 6060	Browser         (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
15:19:48.0343 6060	Browser - ok
15:19:48.0375 6060	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:19:48.0562 6060	cbidf2k - ok
15:19:48.0578 6060	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:19:48.0687 6060	CCDECODE - ok
15:19:48.0703 6060	cd20xrnt - ok
15:19:48.0734 6060	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:19:48.0859 6060	Cdaudio - ok
15:19:48.0875 6060	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:19:48.0984 6060	Cdfs - ok
15:19:49.0000 6060	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:19:49.0109 6060	Cdrom - ok
15:19:49.0125 6060	Changer - ok
15:19:49.0171 6060	CiSvc           (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
15:19:49.0265 6060	CiSvc - ok
15:19:49.0296 6060	ClipSrv         (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
15:19:49.0406 6060	ClipSrv - ok
15:19:49.0500 6060	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:19:49.0578 6060	clr_optimization_v2.0.50727_32 - ok
15:19:49.0625 6060	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:19:49.0656 6060	clr_optimization_v4.0.30319_32 - ok
15:19:49.0703 6060	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:19:49.0812 6060	CmBatt - ok
15:19:49.0828 6060	CmdIde - ok
15:19:49.0859 6060	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:19:49.0984 6060	Compbatt - ok
15:19:50.0000 6060	COMSysApp - ok
15:19:50.0015 6060	Cpqarray - ok
15:19:50.0062 6060	cpudrv          (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
15:19:50.0078 6060	cpudrv - ok
15:19:50.0109 6060	CryptSvc        (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
15:19:50.0281 6060	CryptSvc - ok
15:19:50.0281 6060	dac2w2k - ok
15:19:50.0312 6060	dac960nt - ok
15:19:50.0390 6060	DcomLaunch      (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:19:50.0500 6060	DcomLaunch - ok
15:19:50.0546 6060	Dhcp            (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
15:19:50.0671 6060	Dhcp - ok
15:19:50.0703 6060	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:19:50.0843 6060	Disk - ok
15:19:50.0843 6060	dmadmin - ok
15:19:50.0953 6060	dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:19:51.0109 6060	dmboot - ok
15:19:51.0125 6060	dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:19:51.0250 6060	dmio - ok
15:19:51.0265 6060	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:19:51.0375 6060	dmload - ok
15:19:51.0421 6060	dmserver        (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
15:19:51.0531 6060	dmserver - ok
15:19:51.0578 6060	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:19:51.0703 6060	DMusic - ok
15:19:51.0734 6060	Dnscache        (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
15:19:51.0875 6060	Dnscache - ok
15:19:51.0937 6060	Dot3svc         (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
15:19:52.0093 6060	Dot3svc - ok
15:19:52.0093 6060	dpti2o - ok
15:19:52.0125 6060	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:19:52.0250 6060	drmkaud - ok
15:19:52.0296 6060	dtsoftbus01     (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
15:19:52.0328 6060	dtsoftbus01 - ok
15:19:52.0375 6060	EapHost         (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
15:19:52.0546 6060	EapHost - ok
15:19:52.0562 6060	ERSvc           (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
15:19:52.0671 6060	ERSvc - ok
15:19:52.0703 6060	Eventlog        (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:19:52.0734 6060	Eventlog - ok
15:19:52.0796 6060	EventSystem     (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
15:19:52.0859 6060	EventSystem - ok
15:19:53.0046 6060	EvtEng          (8759748b9a5fa3c1257a22efed056b83) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:19:53.0093 6060	EvtEng - ok
15:19:53.0171 6060	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:19:53.0359 6060	Fastfat - ok
15:19:53.0406 6060	FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:19:53.0515 6060	FastUserSwitchingCompatibility - ok
15:19:53.0531 6060	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:19:53.0656 6060	Fdc - ok
15:19:53.0687 6060	filtertdidriver (f8946c6d013fc9e6db03fbcf32294799) C:\WINDOWS\system32\drivers\ewfiltertdidriver.sys
15:19:53.0703 6060	filtertdidriver ( UnsignedFile.Multi.Generic ) - warning
15:19:53.0703 6060	filtertdidriver - detected UnsignedFile.Multi.Generic (1)
15:19:53.0718 6060	Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:19:53.0828 6060	Fips - ok
15:19:53.0843 6060	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:19:53.0953 6060	Flpydisk - ok
15:19:54.0000 6060	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:19:54.0125 6060	FltMgr - ok
15:19:54.0218 6060	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:19:54.0234 6060	FontCache3.0.0.0 - ok
15:19:54.0250 6060	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:19:54.0343 6060	Fs_Rec - ok
15:19:54.0359 6060	Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:19:54.0484 6060	Ftdisk - ok
15:19:54.0531 6060	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:19:54.0562 6060	GEARAspiWDM - ok
15:19:54.0593 6060	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:19:54.0765 6060	Gpc - ok
15:19:54.0890 6060	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:19:54.0906 6060	gupdate - ok
15:19:54.0906 6060	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:19:54.0921 6060	gupdatem - ok
15:19:54.0968 6060	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:19:55.0093 6060	HDAudBus - ok
15:19:55.0156 6060	helpsvc         (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:19:55.0265 6060	helpsvc - ok
15:19:55.0265 6060	HidServ - ok
15:19:55.0312 6060	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:19:55.0421 6060	HidUsb - ok
15:19:55.0453 6060	hkmsvc          (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
15:19:55.0562 6060	hkmsvc - ok
15:19:55.0562 6060	hpn - ok
15:19:55.0625 6060	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:19:55.0687 6060	HTTP - ok
15:19:55.0718 6060	HTTPFilter      (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
15:19:55.0843 6060	HTTPFilter - ok
15:19:55.0890 6060	hwdatacard      (8adf5ef39e896a65beded878494ee2b6) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
15:19:55.0953 6060	hwdatacard - ok
15:19:56.0000 6060	hwusbfake       (9be5caeabc6b2eb98b3a4839a55d47a0) C:\WINDOWS\system32\DRIVERS\ewusbfake.sys
15:19:56.0062 6060	hwusbfake - ok
15:19:56.0062 6060	i2omgmt - ok
15:19:56.0078 6060	i2omp - ok
15:19:56.0093 6060	i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:19:56.0250 6060	i8042prt - ok
15:19:56.0328 6060	IAANTMON        (0d16e362b66a0c1d01b015f517129d13) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:19:56.0359 6060	IAANTMON - ok
15:19:56.0406 6060	iaStor          (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\DRIVERS\iaStor.sys
15:19:56.0437 6060	iaStor - ok
15:19:56.0609 6060	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:19:56.0687 6060	idsvc - ok
15:19:56.0703 6060	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:19:56.0890 6060	Imapi - ok
15:19:56.0937 6060	ImapiService    (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
15:19:57.0125 6060	ImapiService - ok
15:19:57.0140 6060	ini910u - ok
15:19:57.0656 6060	IntcAzAudAddService (6708cfa52d71374371f61435845f3c9b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:19:57.0921 6060	IntcAzAudAddService - ok
15:19:58.0046 6060	IntelIde - ok
15:19:58.0093 6060	intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:19:58.0281 6060	intelppm - ok
15:19:58.0296 6060	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:19:58.0406 6060	Ip6Fw - ok
15:19:58.0453 6060	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:19:58.0562 6060	IpFilterDriver - ok
15:19:58.0593 6060	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:19:58.0703 6060	IpInIp - ok
15:19:58.0718 6060	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:19:58.0828 6060	IpNat - ok
15:19:58.0984 6060	iPod Service    (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
15:19:59.0015 6060	iPod Service - ok
15:19:59.0062 6060	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:19:59.0171 6060	IPSec - ok
15:19:59.0234 6060	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:19:59.0296 6060	IRENUM - ok
15:19:59.0328 6060	isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:19:59.0437 6060	isapnp - ok
15:19:59.0468 6060	itecir          (8bcd857c7932ad005d5f9c89329da2e1) C:\WINDOWS\system32\DRIVERS\itecir.sys
15:19:59.0468 6060	itecir ( UnsignedFile.Multi.Generic ) - warning
15:19:59.0468 6060	itecir - detected UnsignedFile.Multi.Generic (1)
15:19:59.0593 6060	jatmlano - ok
15:19:59.0656 6060	JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
15:19:59.0671 6060	JavaQuickStarterService - ok
15:19:59.0718 6060	JMCR            (8123f605779db22ffc67fa84b8381803) C:\WINDOWS\system32\DRIVERS\jmcr.sys
15:19:59.0781 6060	JMCR - ok
15:19:59.0796 6060	Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:19:59.0921 6060	Kbdclass - ok
15:19:59.0953 6060	kl1             (45056287cdd70803bad130bf71fe6890) C:\WINDOWS\system32\drivers\kl1.sys
15:19:59.0968 6060	kl1 - ok
15:20:00.0015 6060	klif            (283609e026c8becc757c8ac21f050a5a) C:\WINDOWS\system32\drivers\klif.sys
15:20:00.0046 6060	klif - ok
15:20:00.0093 6060	klim5           (967e2224217431b21f1d04fbb4c68a4b) C:\WINDOWS\system32\DRIVERS\klim5.sys
15:20:00.0109 6060	klim5 - ok
15:20:00.0171 6060	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:20:00.0390 6060	kmixer - ok
15:20:00.0421 6060	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:20:00.0546 6060	KSecDD - ok
15:20:00.0593 6060	L1e             (93e64bab9dee162ca0ca5258d132a047) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
15:20:00.0625 6060	L1e - ok
15:20:00.0687 6060	lanmanserver    (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
15:20:00.0750 6060	lanmanserver - ok
15:20:00.0796 6060	lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
15:20:00.0843 6060	lanmanworkstation - ok
15:20:00.0859 6060	lbrtfdc - ok
15:20:00.0937 6060	LmHosts         (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
15:20:01.0140 6060	LmHosts - ok
15:20:01.0296 6060	MACNDIS5        (e949d673842858d458f7e6bcd46a2a5d) C:\PROGRA~1\COMMON~1\MARMIK~1\MACNDIS5.SYS
15:20:01.0296 6060	MACNDIS5 ( UnsignedFile.Multi.Generic ) - warning
15:20:01.0296 6060	MACNDIS5 - detected UnsignedFile.Multi.Generic (1)
15:20:01.0359 6060	Messenger       (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
15:20:01.0468 6060	Messenger - ok
15:20:01.0500 6060	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:20:01.0625 6060	mnmdd - ok
15:20:01.0656 6060	mnmsrvc         (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
15:20:01.0765 6060	mnmsrvc - ok
15:20:01.0796 6060	Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:20:01.0906 6060	Modem - ok
15:20:01.0921 6060	Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:20:02.0046 6060	Mouclass - ok
15:20:02.0078 6060	mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:20:02.0171 6060	mouhid - ok
15:20:02.0234 6060	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:20:02.0328 6060	MountMgr - ok
15:20:02.0328 6060	mraid35x - ok
15:20:02.0375 6060	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:20:02.0468 6060	MRxDAV - ok
15:20:02.0515 6060	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:20:02.0578 6060	MRxSmb - ok
15:20:02.0609 6060	MSDTC           (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
15:20:02.0718 6060	MSDTC - ok
15:20:02.0750 6060	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:20:02.0843 6060	Msfs - ok
15:20:02.0859 6060	MSIServer - ok
15:20:02.0890 6060	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:20:03.0000 6060	MSKSSRV - ok
15:20:03.0031 6060	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:20:03.0140 6060	MSPCLOCK - ok
15:20:03.0171 6060	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:20:03.0296 6060	MSPQM - ok
15:20:03.0328 6060	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:20:03.0421 6060	mssmbios - ok
15:20:03.0437 6060	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:20:03.0546 6060	MSTEE - ok
15:20:03.0578 6060	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:20:03.0625 6060	Mup - ok
15:20:03.0656 6060	MZCCntrl        (5f9ba398f88fc8928ea6dbd5d144cfca) C:\Program Files\Common Files\Marmiko Shared\MZCCntrl.exe
15:20:03.0656 6060	MZCCntrl ( UnsignedFile.Multi.Generic ) - warning
15:20:03.0656 6060	MZCCntrl - detected UnsignedFile.Multi.Generic (1)
15:20:03.0687 6060	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:20:03.0781 6060	NABTSFEC - ok
15:20:03.0843 6060	NanoServiceMain (a830e59f98827943686e90bf79fc96fa) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
15:20:03.0859 6060	NanoServiceMain - ok
15:20:03.0906 6060	napagent        (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
15:20:04.0031 6060	napagent - ok
15:20:04.0078 6060	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:20:04.0187 6060	NDIS - ok
15:20:04.0250 6060	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:20:04.0343 6060	NdisIP - ok
15:20:04.0375 6060	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:20:04.0437 6060	NdisTapi - ok
15:20:04.0453 6060	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:20:04.0562 6060	Ndisuio - ok
15:20:04.0578 6060	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:20:04.0687 6060	NdisWan - ok
15:20:04.0734 6060	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:20:04.0781 6060	NDProxy - ok
15:20:04.0828 6060	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:20:04.0937 6060	NetBIOS - ok
15:20:04.0968 6060	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:20:05.0109 6060	NetBT - ok
15:20:05.0156 6060	NetDDE          (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:20:05.0328 6060	NetDDE - ok
15:20:05.0343 6060	NetDDEdsdm      (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:20:05.0453 6060	NetDDEdsdm - ok
15:20:05.0546 6060	Netlogon        (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:20:05.0656 6060	Netlogon - ok
15:20:05.0718 6060	Netman          (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
15:20:05.0828 6060	Netman - ok
15:20:05.0937 6060	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:20:05.0968 6060	NetTcpPortSharing - ok
15:20:06.0328 6060	NETw5x32        (cfe1981a47a2f7650a1ef8917dc4d1c3) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
15:20:06.0656 6060	NETw5x32 - ok
15:20:07.0593 6060	NETwLx32        (72062b53186e4a3f5fcbc41ebb62b905) C:\WINDOWS\system32\DRIVERS\NETwLx32.sys
15:20:08.0062 6060	NETwLx32 - ok
15:20:08.0234 6060	Nla             (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
15:20:08.0296 6060	Nla - ok
15:20:08.0343 6060	nm              (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
15:20:08.0515 6060	nm - ok
15:20:08.0609 6060	NMSAccessU      (fd306fbcce7adb1077b709742e7148e9) C:\Program Files\CDBurnerXP\NMSAccessU.exe
15:20:08.0625 6060	NMSAccessU - ok
15:20:08.0656 6060	nmwcd           (4a8a2aa0706b659175169decf198e9d7) C:\WINDOWS\system32\drivers\ccdcmb.sys
15:20:08.0843 6060	nmwcd - ok
15:20:08.0875 6060	nmwcdc          (fd3e61831095ac62e6840d986b5a2016) C:\WINDOWS\system32\drivers\ccdcmbo.sys
15:20:08.0937 6060	nmwcdc - ok
15:20:08.0953 6060	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:20:09.0046 6060	Npfs - ok
15:20:09.0093 6060	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:20:09.0296 6060	Ntfs - ok
15:20:09.0343 6060	NtLmSsp         (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:20:09.0437 6060	NtLmSsp - ok
15:20:09.0515 6060	NtmsSvc         (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
15:20:09.0640 6060	NtmsSvc - ok
15:20:09.0656 6060	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:20:09.0765 6060	Null - ok
15:20:09.0796 6060	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:20:09.0921 6060	NwlnkFlt - ok
15:20:09.0921 6060	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:20:10.0015 6060	NwlnkFwd - ok
15:20:10.0093 6060	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:20:10.0109 6060	ose - ok
15:20:10.0156 6060	Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
15:20:10.0281 6060	Parport - ok
15:20:10.0281 6060	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:20:10.0375 6060	PartMgr - ok
15:20:10.0390 6060	ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:20:10.0484 6060	ParVdm - ok
15:20:10.0515 6060	pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
15:20:10.0593 6060	pccsmcfd - ok
15:20:10.0625 6060	PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:20:10.0734 6060	PCI - ok
15:20:10.0750 6060	PCIDump - ok
15:20:10.0781 6060	PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:20:10.0875 6060	PCIIde - ok
15:20:10.0921 6060	Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:20:11.0031 6060	Pcmcia - ok
15:20:11.0031 6060	PDCOMP - ok
15:20:11.0062 6060	PDFRAME - ok
15:20:11.0078 6060	PDRELI - ok
15:20:11.0109 6060	PDRFRAME - ok
15:20:11.0109 6060	perc2 - ok
15:20:11.0125 6060	perc2hib - ok
15:20:11.0187 6060	PlugPlay        (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:20:11.0203 6060	PlugPlay - ok
15:20:11.0265 6060	PnkBstrA        (831883b107684301f48ace752c963984) C:\WINDOWS\system32\PnkBstrA.exe
15:20:11.0281 6060	PnkBstrA - ok
15:20:11.0281 6060	PolicyAgent     (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:20:11.0390 6060	PolicyAgent - ok
15:20:11.0421 6060	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:20:11.0515 6060	PptpMiniport - ok
15:20:11.0531 6060	ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:20:11.0625 6060	ProtectedStorage - ok
15:20:11.0640 6060	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:20:11.0734 6060	PSched - ok
15:20:11.0781 6060	PSINAflt        (b66042e21d32fcdf193b3b80516da1b3) C:\WINDOWS\system32\DRIVERS\PSINAflt.sys
15:20:11.0796 6060	PSINAflt - ok
15:20:11.0843 6060	PSINFile        (5bab5fb4cb1963f643a1a8b4d816cf8f) C:\WINDOWS\system32\DRIVERS\PSINFile.sys
15:20:11.0843 6060	PSINFile - ok
15:20:11.0875 6060	PSINKNC         (16066810f5dae092db226c6662feedc9) C:\WINDOWS\system32\DRIVERS\psinknc.sys
15:20:11.0890 6060	PSINKNC - ok
15:20:11.0921 6060	PSINProc        (87b2fe6d7b427947541360f48c302054) C:\WINDOWS\system32\DRIVERS\PSINProc.sys
15:20:11.0937 6060	PSINProc - ok
15:20:11.0953 6060	PSINProt        (72ce5f32ff8260a38127953555e29d66) C:\WINDOWS\system32\DRIVERS\PSINProt.sys
15:20:11.0968 6060	PSINProt - ok
15:20:11.0984 6060	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:20:12.0109 6060	Ptilink - ok
15:20:12.0140 6060	PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:20:12.0156 6060	PxHelp20 - ok
15:20:12.0156 6060	ql1080 - ok
15:20:12.0187 6060	Ql10wnt - ok
15:20:12.0218 6060	ql12160 - ok
15:20:12.0234 6060	ql1240 - ok
15:20:12.0265 6060	ql1280 - ok
15:20:12.0296 6060	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:20:12.0390 6060	RasAcd - ok
15:20:12.0437 6060	RasAuto         (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
15:20:12.0562 6060	RasAuto - ok
15:20:12.0593 6060	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:20:12.0718 6060	Rasl2tp - ok
15:20:12.0765 6060	RasMan          (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
15:20:12.0875 6060	RasMan - ok
15:20:12.0875 6060	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:20:12.0984 6060	RasPppoe - ok
15:20:12.0984 6060	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:20:13.0093 6060	Raspti - ok
15:20:13.0140 6060	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:20:13.0265 6060	Rdbss - ok
15:20:13.0281 6060	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:20:13.0375 6060	RDPCDD - ok
15:20:13.0421 6060	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:20:13.0515 6060	rdpdr - ok
15:20:13.0562 6060	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
15:20:13.0609 6060	RDPWD - ok
15:20:13.0625 6060	RDSessMgr       (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
15:20:13.0734 6060	RDSessMgr - ok
15:20:13.0781 6060	redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:20:13.0890 6060	redbook - ok
15:20:14.0000 6060	RegSrvc         (3a4959ba4774a55199ac4ae7ffd71924) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:20:14.0031 6060	RegSrvc - ok
15:20:14.0062 6060	RemoteAccess    (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
15:20:14.0187 6060	RemoteAccess - ok
15:20:14.0250 6060	RemoteRegistry  (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
15:20:14.0375 6060	RemoteRegistry - ok
15:20:14.0390 6060	RpcLocator      (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
15:20:14.0515 6060	RpcLocator - ok
15:20:14.0578 6060	RpcSs           (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:20:14.0609 6060	RpcSs - ok
15:20:14.0640 6060	RSVP            (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
15:20:14.0765 6060	RSVP - ok
15:20:14.0937 6060	S24EventMonitor (1fd4a7b6087c98bc27344bd3973f2031) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
15:20:14.0984 6060	S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
15:20:14.0984 6060	S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
15:20:15.0031 6060	s24trans        (27fc71da659305e260acbda15a318399) C:\WINDOWS\system32\DRIVERS\s24trans.sys
15:20:15.0093 6060	s24trans - ok
15:20:15.0125 6060	SamSs           (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:20:15.0296 6060	SamSs - ok
15:20:15.0328 6060	SCardSvr        (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
15:20:15.0453 6060	SCardSvr - ok
15:20:15.0515 6060	Schedule        (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
15:20:15.0625 6060	Schedule - ok
15:20:15.0656 6060	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:20:15.0718 6060	Secdrv - ok
15:20:15.0750 6060	seclogon        (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
15:20:15.0859 6060	seclogon - ok
15:20:15.0875 6060	SENS            (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
15:20:15.0984 6060	SENS - ok
15:20:16.0015 6060	Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
15:20:16.0109 6060	Serial - ok
15:20:16.0265 6060	ServiceLayer    (58d5bfdf3adf49fe9cabd78cc61d92f6) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
15:20:16.0312 6060	ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
15:20:16.0312 6060	ServiceLayer - detected UnsignedFile.Multi.Generic (1)
15:20:16.0421 6060	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:20:16.0515 6060	Sfloppy - ok
15:20:16.0578 6060	SharedAccess    (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
15:20:16.0750 6060	SharedAccess - ok
15:20:16.0859 6060	ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:20:16.0890 6060	ShellHWDetection - ok
15:20:16.0890 6060	Simbad - ok
15:20:16.0984 6060	SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
15:20:17.0015 6060	SkypeUpdate - ok
15:20:17.0031 6060	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:20:17.0171 6060	SLIP - ok
15:20:17.0203 6060	Sparrow - ok
15:20:17.0281 6060	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:20:17.0453 6060	splitter - ok
15:20:17.0500 6060	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:20:17.0515 6060	Spooler - ok
15:20:17.0562 6060	sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:20:17.0625 6060	sr - ok
15:20:17.0687 6060	srservice       (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
15:20:17.0734 6060	srservice - ok
15:20:17.0781 6060	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:20:17.0875 6060	Srv - ok
15:20:17.0921 6060	sscdbus         (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
15:20:18.0000 6060	sscdbus - ok
15:20:18.0031 6060	sscdmdfl        (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
15:20:18.0109 6060	sscdmdfl - ok
15:20:18.0140 6060	sscdmdm         (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
15:20:18.0203 6060	sscdmdm - ok
15:20:18.0281 6060	SSDPSRV         (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
15:20:18.0375 6060	SSDPSRV - ok
15:20:18.0406 6060	StarOpen        (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
15:20:18.0421 6060	StarOpen ( UnsignedFile.Multi.Generic ) - warning
15:20:18.0421 6060	StarOpen - detected UnsignedFile.Multi.Generic (1)
15:20:18.0515 6060	stisvc          (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
15:20:18.0750 6060	stisvc - ok
15:20:18.0781 6060	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:20:18.0890 6060	streamip - ok
15:20:18.0921 6060	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:20:19.0031 6060	swenum - ok
15:20:19.0078 6060	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:20:19.0171 6060	swmidi - ok
15:20:19.0187 6060	SwPrv - ok
15:20:19.0218 6060	symc810 - ok
15:20:19.0234 6060	symc8xx - ok
15:20:19.0250 6060	sym_hi - ok
15:20:19.0265 6060	sym_u3 - ok
15:20:19.0296 6060	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:20:19.0406 6060	sysaudio - ok
15:20:19.0437 6060	SysmonLog       (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
15:20:19.0531 6060	SysmonLog - ok
15:20:19.0578 6060	TapiSrv         (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
15:20:19.0687 6060	TapiSrv - ok
15:20:19.0734 6060	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:20:19.0765 6060	Tcpip - ok
15:20:19.0828 6060	Tcpip6          (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
15:20:19.0859 6060	Tcpip6 - ok
15:20:19.0875 6060	tcpipBM         (dcfeb82ca988598ceb8f83148616038e) C:\WINDOWS\system32\drivers\tcpipBM.sys
15:20:19.0875 6060	tcpipBM ( UnsignedFile.Multi.Generic ) - warning
15:20:19.0875 6060	tcpipBM - detected UnsignedFile.Multi.Generic (1)
15:20:19.0906 6060	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:20:20.0000 6060	TDPIPE - ok
15:20:20.0015 6060	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:20:20.0125 6060	TDTCP - ok
15:20:20.0156 6060	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:20:20.0265 6060	TermDD - ok
15:20:20.0312 6060	TermService     (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
15:20:20.0406 6060	TermService - ok
15:20:20.0453 6060	Themes          (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:20:20.0468 6060	Themes - ok
15:20:20.0515 6060	TlntSvr         (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
15:20:20.0562 6060	TlntSvr - ok
15:20:20.0562 6060	TosIde - ok
15:20:20.0609 6060	TrkWks          (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
15:20:20.0703 6060	TrkWks - ok
15:20:20.0750 6060	tunmp           (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
15:20:20.0937 6060	tunmp - ok
15:20:20.0984 6060	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:20:21.0078 6060	Udfs - ok
15:20:21.0078 6060	ultra - ok
15:20:21.0140 6060	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:20:21.0250 6060	Update - ok
15:20:21.0281 6060	upnphost        (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
15:20:21.0343 6060	upnphost - ok
15:20:21.0375 6060	upperdev        (587e643a4e2ffd9a00f114b057ceb773) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
15:20:21.0421 6060	upperdev - ok
15:20:21.0437 6060	UPS             (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
15:20:21.0531 6060	UPS - ok
15:20:21.0578 6060	USBAAPL         (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:20:21.0609 6060	USBAAPL - ok
15:20:21.0640 6060	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
15:20:21.0750 6060	usbaudio - ok
15:20:21.0781 6060	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:20:21.0890 6060	usbccgp - ok
15:20:21.0921 6060	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:20:22.0031 6060	usbehci - ok
15:20:22.0046 6060	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:20:22.0171 6060	usbhub - ok
15:20:22.0187 6060	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:20:22.0296 6060	usbscan - ok
15:20:22.0343 6060	usbser          (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
15:20:22.0468 6060	usbser - ok
15:20:22.0500 6060	UsbserFilt      (fca6a196d47cb972a0e4adc0db9cd17c) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
15:20:22.0562 6060	UsbserFilt - ok
15:20:22.0578 6060	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:20:22.0703 6060	USBSTOR - ok
15:20:22.0718 6060	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:20:22.0828 6060	usbuhci - ok
15:20:22.0843 6060	usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
15:20:22.0937 6060	usbvideo - ok
15:20:22.0953 6060	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:20:23.0046 6060	VgaSave - ok
15:20:23.0062 6060	ViaIde - ok
15:20:23.0078 6060	VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:20:23.0171 6060	VolSnap - ok
15:20:23.0234 6060	VSS             (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
15:20:23.0312 6060	VSS - ok
15:20:23.0500 6060	vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
15:20:23.0562 6060	vToolbarUpdater10.2.0 - ok
15:20:23.0609 6060	W32Time         (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
15:20:23.0703 6060	W32Time - ok
15:20:23.0781 6060	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:20:23.0953 6060	Wanarp - ok
15:20:24.0062 6060	wceusbsh        (dc7f91b2ed24a738c807ea07f298928c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
15:20:24.0125 6060	wceusbsh - ok
15:20:24.0203 6060	Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
15:20:24.0234 6060	Wdf01000 - ok
15:20:24.0234 6060	WDICA - ok
15:20:24.0265 6060	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:20:24.0375 6060	wdmaud - ok
15:20:24.0406 6060	WebClient       (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
15:20:24.0500 6060	WebClient - ok
15:20:24.0562 6060	winmgmt         (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:20:24.0656 6060	winmgmt - ok
15:20:24.0718 6060	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:20:24.0812 6060	WmdmPmSN - ok
15:20:24.0906 6060	Wmi             (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
15:20:24.0968 6060	Wmi - ok
15:20:25.0015 6060	WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:20:25.0109 6060	WmiAcpi - ok
15:20:25.0140 6060	WmiApSrv        (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:20:25.0359 6060	WmiApSrv - ok
15:20:25.0515 6060	WMPNetworkSvc   (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
15:20:25.0687 6060	WMPNetworkSvc - ok
15:20:25.0843 6060	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:20:25.0921 6060	WPFFontCache_v0400 - ok
15:20:26.0046 6060	wscsvc          (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
15:20:26.0234 6060	wscsvc - ok
15:20:26.0265 6060	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:20:26.0359 6060	WSTCODEC - ok
15:20:26.0375 6060	wuauserv        (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
15:20:26.0484 6060	wuauserv - ok
15:20:26.0531 6060	WudfPf          (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:20:26.0625 6060	WudfPf - ok
15:20:26.0656 6060	WudfRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:20:26.0671 6060	WudfRd - ok
15:20:26.0703 6060	WudfSvc         (575a4190d989f64732119e4114045a4f) C:\WINDOWS\System32\WUDFSvc.dll
15:20:26.0718 6060	WudfSvc - ok
15:20:26.0781 6060	WZCSVC          (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
15:20:26.0953 6060	WZCSVC - ok
15:20:27.0000 6060	xmlprov         (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
15:20:27.0187 6060	xmlprov - ok
15:20:27.0281 6060	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:20:27.0609 6060	\Device\Harddisk0\DR0 - ok
15:20:27.0609 6060	Boot (0x1200)   (30ec3aa46c3060a0757c6759299f1383) \Device\Harddisk0\DR0\Partition0
15:20:27.0609 6060	\Device\Harddisk0\DR0\Partition0 - ok
15:20:27.0625 6060	============================================================
15:20:27.0625 6060	Scan finished
15:20:27.0625 6060	============================================================
15:20:27.0734 6056	Detected object count: 9
15:20:27.0734 6056	Actual detected object count: 9
15:21:12.0875 6056	BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
15:21:12.0875 6056	BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:21:12.0875 6056	filtertdidriver ( UnsignedFile.Multi.Generic ) - skipped by user
15:21:12.0875 6056	filtertdidriver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:21:12.0890 6056	itecir ( UnsignedFile.Multi.Generic ) - skipped by user
15:21:12.0890 6056	itecir ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:21:12.0890 6056	MACNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
15:21:12.0890 6056	MACNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:21:12.0890 6056	MZCCntrl ( UnsignedFile.Multi.Generic ) - skipped by user
15:21:12.0890 6056	MZCCntrl ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:21:12.0890 6056	S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
15:21:12.0890 6056	S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:21:12.0890 6056	ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
15:21:12.0890 6056	ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:21:12.0906 6056	StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
15:21:12.0906 6056	StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:21:12.0906 6056	tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
15:21:12.0906 6056	tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 15.05.2012, 14:35

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Dwarf36 · 15.05.2012, 16:07

OK, auch gemacht. Auch hier der Log:

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-05-15.03 - Admin 15.05.2012  15:57:28.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.2400 [GMT 2:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((((   Files Created from 2012-04-15 to 2012-05-15  )))))))))))))))))))))))))))))))
.
.
2012-05-15 12:21 . 2012-05-15 12:21	--------	d-----w-	C:\_OTL
2012-05-12 11:05 . 2012-05-12 11:05	--------	d-----w-	c:\program files\CCleaner
2012-05-11 21:09 . 2012-05-11 21:09	--------	d-----w-	c:\program files\ESET
2012-04-30 16:57 . 2012-04-30 16:57	--------	d-----w-	c:\documents and settings\Admin\Local Settings\Application Data\Miro
2012-04-30 16:56 . 2012-04-30 16:56	--------	d-----w-	c:\program files\Participatory Culture Foundation
2012-04-30 16:56 . 2012-04-30 16:56	--------	d-----w-	c:\documents and settings\Admin\Application Data\AVG Secure Search
2012-04-30 16:55 . 2012-04-30 16:56	--------	d-----w-	c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-04-30 16:55 . 2012-04-30 16:55	--------	d-----w-	c:\program files\Common Files\AVG Secure Search
2012-04-30 16:55 . 2012-04-30 16:56	--------	d-----w-	c:\program files\AVG Secure Search
2012-04-30 16:39 . 2012-04-30 16:39	--------	d-----w-	c:\documents and settings\Admin\Application Data\mediAvatar
2012-04-18 11:02 . 2012-04-18 11:02	--------	d-----w-	C:\temp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 19:53 . 2012-04-10 05:57	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-04 19:53 . 2011-06-09 06:07	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2004-08-04 11:00	2148352	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2004-08-04 11:00	1862272	----a-w-	c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59	2026496	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-04 13:56 . 2010-08-03 07:02	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2004-08-04 11:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 11:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 11:00	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-04 11:00	177664	----a-w-	c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-04 11:00	148480	----a-w-	c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 11:00	385024	----a-w-	c:\windows\system32\html.iec
2011-01-16 11:34 . 2011-01-16 11:34	70984344	----a-w-	c:\program files\Samsung_PC_Studio_322_HF1.exe
2004-06-02 18:08 . 2011-12-06 14:12	50176	----a-w-	c:\program files\WinRail 7.0WR3D.enu
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\documents and settings\Admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2011-05-09 10:45	288584	----a-w-	c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2011-05-09 10:45	288584	----a-w-	c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-04 405583]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [2009-06-23 110592]
"1und1Dispatcher"="c:\program files\1und1Softwareaktualisierung\SchedDispatcher.exe" [2011-07-13 223600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-06 16858112]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
"DataCardMonitor"="c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe" [2009-11-27 253952]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2010-11-29 421888]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"Panda Security URL Filtering"="c:\documents and settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 217256]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2011-01-12 1400832]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-12 1210640]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-03 274608]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2011-12-16 220744]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-04-30 982880]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07	843712	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20	1305408	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12	3872080	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-12-16 11:54	220744	----a-w-	c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfw]
2004-03-24 20:56	32768	----a-w-	c:\program files\Amic Utilities\PDF Writer Pro\pdfwload.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-12-03 07:40	274608	----a-w-	c:\program files\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-04-10 17:29	37888	----a-w-	c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Ubisoft\\Gearbox Software\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\yWorks\\yEd\\yEd.exe"=
"c:\\Documents and Settings\\Admin\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [04.03.2011 15:38 218688]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [23.11.2011 10:59 130312]
R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;c:\program files\Common Files\Marmiko Shared\MZCCntrl.exe [01.09.2009 13:57 61440]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [28.04.2011 13:58 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [05.01.2012 14:10 144008]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [28.04.2011 13:57 97096]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [28.04.2011 13:57 111688]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [30.11.2011 19:37 112648]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [30.04.2012 18:55 918880]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [11.11.2008 22:00 54784]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [04.04.2007 15:58 24344]
R3 NETwLx32;    Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows XP 32-Bit;c:\windows\system32\drivers\NETwLx32.sys [09.09.2011 18:26 6609920]
S2 Application Updater;Application Updater;"c:\program files\Application Updater\ApplicationUpdater.exe" --> c:\program files\Application Updater\ApplicationUpdater.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 14:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [09.12.2010 17:16 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.02.2012 08:50 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10.04.2012 07:57 257696]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18.12.2009 11:58 11336]
S3 filtertdidriver;filtertdidriver;c:\windows\system32\drivers\ewfiltertdidriver.sys [27.11.2009 19:55 7552]
S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [09.12.2010 17:16 136176]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [27.11.2009 19:55 102656]
S3 jatmlano;jatmlano;\??\c:\docume~1\klst\LOCALS~1\Temp\jatmlano.sys --> c:\docume~1\xxxx\LOCALS~1\Temp\jatmlano.sys [?]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [11.11.2008 20:25 80912]
S3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\COMMON~1\MARMIK~1\MACNDIS5.SYS [01.09.2009 13:57 17280]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 14:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 26724806
*Deregistered* - 26724806
*Deregistered* - BMLoad
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 19:53]
.
2012-05-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 11:34]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 15:16]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-09 15:16]
.
2012-05-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-115176313-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2012-05-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-115176313-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2012-05-11 c:\windows\Tasks\{1D61C1B1-17FD-49B6-948A-6E1DC5CA11C8}_xxxx_Admin.job
- c:\windows\system32\mobsync.exe [2004-08-04 00:12]
.
2012-05-14 c:\windows\Tasks\{ABFD01D0-37BD-4458-B384-7596EC0661D7}_xxxx_Admin.job
- c:\windows\system32\mobsync.exe [2004-08-04 00:12]
.
2012-05-15 c:\windows\Tasks\{C7BF4CC6-D3E5-490D-BE80-E2E8FF8581A2}_xxxx_Admin.job
- c:\windows\system32\mobsync.exe [2004-08-04 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.web.de/
uInternet Settings,ProxyOverride = *.local
IE: Download with mvc-ipad-software-suite-pro - c:\program files\mediAvatar\iPad Software Suite Pro\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.178.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - hxxp://versionone/projectserver/objects/pjclient.cab
DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} - hxxp://versionone/projectserver/objects/1033/pjcintl.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-UnityWebPlayer - c:\documents and settings\Admin\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-15 16:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DataCardMonitor = c:\program files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe?in\LOCAL????????????rogram Files\T-Mobile\T-Mobile Internet Manager\?02?USERNAME?????????,??rogram Files\T-Mobile\T-Mobile Internet Manager\?WINDOWS?__P????????????rogram Files\T-Mobil 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-329068152-115176313-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35A724F0-84B3-5A4B-FB15-81365E486069}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iafhadmhbpkbjodbjk"=hex:6b,61,6a,63,68,6d,65,63,6f,62,62,61,66,62,6e,6e,66,6a,
   67,62,6a,65,00,00
"hahggcefffnbnnol"=hex:6b,61,6a,63,68,6d,65,63,6f,62,62,61,65,62,67,6f,69,68,
   6e,6d,6c,64,00,00
.
[HKEY_USERS\S-1-5-21-329068152-115176313-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:cd,91,af,1d,57,c4,15,6f,46,5c,33,85,ee,55,3c,37,b2,e8,6d,c1,59,
   17,03,65,5c,42,cc,f5,7a,0d,01,e3,92,30,8b,d1,a8,30,95,2b,77,75,88,07,d2,f1,\
"rkeysecu"=hex:31,49,d7,e2,10,45,57,43,89,4a,3c,f3,9d,df,44,c6
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1940)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll
.
Completion time: 2012-05-15  16:07:25
ComboFix-quarantined-files.txt  2012-05-15 14:07
.
Pre-Run: 176.161.865.728 bytes free
Post-Run: 176.111.423.488 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 05BB8FF9F10FF56227842B9E779CD290

--- --- ---

cosinus · 15.05.2012, 20:06

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Dwarf36 · 16.05.2012, 11:37

Ok, hat leider ein wenig gedauert. Aber hier sind sie in der Reihenfolge

Zunächste GMER
[code]
GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-05-16 10:24:47
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: 7jfpcnp7.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\kxddqpow.sys


---- System - GMER 1.0.15 ----

SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwClose [0xA33B4CA0]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwCreateKey [0xA33A73E0]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwCreateProcess [0xA33B49D0]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwCreateProcessEx [0xA33B4B40]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwCreateSection [0xA33B55E0]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwCreateSymbolicLinkObject [0xA33B5230]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwCreateThread [0xA33B5EC0]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwDeleteKey [0xA33A74E0]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwDeleteValueKey [0xA33A7560]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwDuplicateObject [0xA33B4E00]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwEnumerateKey [0xA33A7610]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwEnumerateValueKey [0xA33A76C0]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwFlushKey [0xA33A7770]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwInitializeRegistry [0xA33A77F0]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwLoadDriver [0xA33B3340]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwLoadKey [0xA33A8210]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwLoadKey2 [0xA33A7810]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwNotifyChangeKey [0xA33A78F0]
SSDT            kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)                                                                                                                                 ZwOpenFile [0xF70C5030]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwOpenKey [0xA33A79D0]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwOpenProcess [0xA33B47C0]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwOpenSection [0xA33B5410]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwQueryKey [0xA33A7AB0]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwQueryMultipleValueKey [0xA33A7B60]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwQuerySystemInformation [0xA33B5B70]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwQueryValueKey [0xA33A7C10]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwReplaceKey [0xA33A7CF0]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwRestoreKey [0xA33A7D80]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwResumeThread [0xA33B5E70]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwSaveKey [0xA33A7F80]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwSetContextThread [0xA33B61F0]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwSetInformationFile [0xA33B6810]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwSetInformationKey [0xA33A8010]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwSetInformationProcess [0xA33BA200]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwSetSecurityObject [0xA33B1F60]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwSetValueKey [0xA33A80B0]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwSuspendThread [0xA33B5E20]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwSystemDebugControl [0xA33B36A0]
SSDT            \SystemRoot\system32\DRIVERS\PSINProc.sys (PSINProc Filter Driver for XP32/Panda Security, S.L.)                                                                                 ZwTerminateProcess [0x9AA36416]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwUnloadKey [0xA33A81D0]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             ZwWriteVirtualMemory [0xA33B4CC0]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             SSDT[284] [0xA33B0DE0]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             SSDT[285] [0xA33B0DF0]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             SSDT[286] [0xA33B0E00]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             SSDT[287] [0xA33B0E20]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             SSDT[288] [0xA33B0E40]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             SSDT[289] [0xA33B0E70]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             SSDT[290] [0xA33B0E80]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             SSDT[291] [0xA33B0EA0]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             SSDT[292] [0xA33B0EB0]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             SSDT[293] [0xA33B0F70]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             SSDT[294] [0xA33B1040]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             SSDT[295] [0xA33B1080]
SSDT            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             SSDT[296] [0xA33B10C0]

Code            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             FsRtlCheckLockForReadAccess
Code            \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)                                                                                                             IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!FsRtlCheckLockForReadAccess                                                                                                                                         804EAF84 5 Bytes  JMP A33B6C30 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
.text           ntkrnlpa.exe!IoIsOperationSynchronous                                                                                                                                            804EF92C 5 Bytes  JMP A33B71F0 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
.text           ntkrnlpa.exe!KiDispatchInterrupt + 100                                                                                                                                           80545B40 7 Bytes  JMP A33BA320 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
.text           C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                                                                                         section is writeable [0xF5935000, 0x18FF84, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

?               C:\Documents and Settings\Admin\Application Data\T-Mobile Internet Manager\ouc.exe[228] C:\WINDOWS\system32\kernel32.dll                                                         time/date stamp mismatch; 
?               C:\WINDOWS\system32\Ati2evxx.exe[272] C:\WINDOWS\system32\kernel32.dll                                                                                                           time/date stamp mismatch; 
?               C:\WINDOWS\system32\svchost.exe[288] C:\WINDOWS\system32\kernel32.dll                                                                                                            time/date stamp mismatch; 
?               C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[348] C:\WINDOWS\system32\kernel32.dll                                                                           time/date stamp mismatch; 
?               C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[392] C:\WINDOWS\system32\kernel32.dll                                                                                                time/date stamp mismatch; 
?               C:\WINDOWS\system32\svchost.exe[416] C:\WINDOWS\system32\kernel32.dll                                                                                                            time/date stamp mismatch; 
?               C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[468] C:\WINDOWS\system32\kernel32.dll                                                     time/date stamp mismatch; 
?               C:\Program Files\Bonjour\mDNSResponder.exe[500] C:\WINDOWS\system32\kernel32.dll                                                                                                 time/date stamp mismatch; 
?               C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe[508] C:\WINDOWS\system32\kernel32.dll                                  time/date stamp mismatch; 
?               C:\Program Files\Java\jre6\bin\jqs.exe[512] C:\WINDOWS\system32\kernel32.dll                                                                                                     time/date stamp mismatch; 
?               C:\WINDOWS\System32\svchost.exe[696] C:\WINDOWS\system32\kernel32.dll                                                                                                            time/date stamp mismatch; 
?               C:\Program Files\Common Files\Marmiko Shared\MZCCntrl.exe[720] C:\WINDOWS\system32\kernel32.dll                                                                                  time/date stamp mismatch; 
?               C:\WINDOWS\system32\svchost.exe[756] C:\WINDOWS\system32\kernel32.dll                                                                                                            time/date stamp mismatch; 
?               C:\WINDOWS\system32\Ati2evxx.exe[796] C:\WINDOWS\system32\kernel32.dll                                                                                                           time/date stamp mismatch; 
?               C:\DOCUME~1\Admin\LOCALS~1\Temp\RtkBtMnt.exe[880] C:\WINDOWS\system32\kernel32.dll                                                                                               time/date stamp mismatch; 
?               C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe[944] C:\WINDOWS\system32\kernel32.dll                                                                    time/date stamp mismatch; 
?               C:\Program Files\CDBurnerXP\NMSAccessU.exe[1000] C:\WINDOWS\system32\kernel32.dll                                                                                                time/date stamp mismatch; 
?               C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1036] C:\WINDOWS\system32\kernel32.dll                                                                                              time/date stamp mismatch; 
?               C:\WINDOWS\system32\svchost.exe[1076] C:\WINDOWS\system32\kernel32.dll                                                                                                           time/date stamp mismatch; 
?               C:\WINDOWS\system32\PnkBstrA.exe[1132] C:\WINDOWS\system32\kernel32.dll                                                                                                          time/date stamp mismatch; 
?               C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1152] C:\WINDOWS\system32\kernel32.dll                                                                            time/date stamp mismatch; 
?               C:\Program Files\AVG Secure Search\vprot.exe[1160] C:\WINDOWS\system32\kernel32.dll                                                                                              time/date stamp mismatch; 
?               C:\WINDOWS\system32\svchost.exe[1268] C:\WINDOWS\system32\kernel32.dll                                                                                                           time/date stamp mismatch; 
?               C:\Program Files\iTunes\iTunesHelper.exe[1368] C:\WINDOWS\system32\kernel32.dll                                                                                                  time/date stamp mismatch; 
?               C:\Program Files\iPod\bin\iPodService.exe[1408] C:\WINDOWS\system32\kernel32.dll                                                                                                 time/date stamp mismatch; 
?               C:\WINDOWS\system32\wbem\unsecapp.exe[1448] C:\WINDOWS\system32\kernel32.dll                                                                                                     time/date stamp mismatch; 
?               C:\WINDOWS\system32\spoolsv.exe[1512] C:\WINDOWS\system32\kernel32.dll                                                                                                           time/date stamp mismatch; 
?               C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1560] C:\WINDOWS\system32\kernel32.dll                                                                                                time/date stamp mismatch; 
?               C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1804] C:\WINDOWS\system32\kernel32.dll                                                                           time/date stamp mismatch; 
?               C:\WINDOWS\system32\svchost.exe[1808] C:\WINDOWS\system32\kernel32.dll                                                                                                           time/date stamp mismatch; 
?               C:\program files\real\realplayer\update\realsched.exe[1840] C:\WINDOWS\system32\kernel32.dll                                                                                     time/date stamp mismatch; 
.text           C:\program files\real\realplayer\update\realsched.exe[1840] kernel32.dll!SetUnhandledExceptionFilter                                                                             7C84495D 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
?               C:\WINDOWS\system32\svchost.exe[1856] C:\WINDOWS\system32\kernel32.dll                                                                                                           time/date stamp mismatch; 
?               C:\WINDOWS\system32\csrss.exe[1880] C:\WINDOWS\system32\KERNEL32.dll                                                                                                             time/date stamp mismatch; 
?               C:\WINDOWS\system32\winlogon.exe[1912] C:\WINDOWS\system32\kernel32.dll                                                                                                          time/date stamp mismatch; 
?               C:\WINDOWS\system32\services.exe[1956] C:\WINDOWS\system32\kernel32.dll                                                                                                          time/date stamp mismatch; 
?               C:\WINDOWS\system32\lsass.exe[1968] C:\WINDOWS\system32\kernel32.dll                                                                                                             time/date stamp mismatch; 
?               C:\WINDOWS\system32\agrsmsvc.exe[2036] C:\WINDOWS\system32\kernel32.dll                                                                                                          time/date stamp mismatch; 
?               C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE[2080] C:\WINDOWS\system32\kernel32.dll                                                                                        time/date stamp mismatch; 
?               C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe[2112] C:\WINDOWS\system32\kernel32.dll                                                 time/date stamp mismatch; 
?               C:\WINDOWS\system32\ctfmon.exe[2200] C:\WINDOWS\system32\kernel32.dll                                                                                                            time/date stamp mismatch; 
?               C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe[2408] C:\WINDOWS\system32\kernel32.dll                                                                        time/date stamp mismatch; 
?               C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe[2460] C:\WINDOWS\system32\kernel32.dll                                                                        time/date stamp mismatch; 
?               C:\WINDOWS\system32\wbem\unsecapp.exe[2656] C:\WINDOWS\system32\kernel32.dll                                                                                                     time/date stamp mismatch; 
?               C:\WINDOWS\system32\wbem\wmiprvse.exe[2696] C:\WINDOWS\system32\kernel32.dll                                                                                                     time/date stamp mismatch; 
?               C:\Documents and Settings\Admin\Desktop\7jfpcnp7.exe[2856] C:\WINDOWS\system32\kernel32.dll                                                                                      time/date stamp mismatch; 
?               C:\WINDOWS\Explorer.EXE[3000] C:\WINDOWS\system32\kernel32.dll                                                                                                                   time/date stamp mismatch; 
.text           C:\WINDOWS\Explorer.EXE[3000] SHELL32.dll!StrStrW                                                                                                                                7C9C8AD0 4 Bytes  [B0, 02, 4B, 7E]
?               C:\Program Files\Common Files\Java\Java Update\jusched.exe[3140] C:\WINDOWS\system32\kernel32.dll                                                                                time/date stamp mismatch; 
?               C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[3552] C:\WINDOWS\system32\kernel32.dll                                                                          time/date stamp mismatch; 
?               C:\WINDOWS\RTHDCPL.EXE[3628] C:\WINDOWS\system32\kernel32.dll                                                                                                                    time/date stamp mismatch; 
?               C:\WINDOWS\System32\alg.exe[3656] C:\WINDOWS\system32\kernel32.dll                                                                                                               time/date stamp mismatch; 
?               C:\WINDOWS\SOUNDMAN.EXE[3664] C:\WINDOWS\system32\kernel32.dll                                                                                                                   time/date stamp mismatch; 
?               C:\WINDOWS\PLFSetI.exe[4012] C:\WINDOWS\system32\kernel32.dll                                                                                                                    time/date stamp mismatch; 
?               C:\WINDOWS\system32\wscntfy.exe[4052] C:\WINDOWS\system32\kernel32.dll                                                                                                           time/date stamp mismatch; 
?               C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe[4072] C:\WINDOWS\system32\kernel32.dll                                                                      time/date stamp mismatch; 

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject]                                                                                                          881F1820
IAT             \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject]                                                                                                          881F1820
IAT             \SystemRoot\system32\DRIVERS\tcpip6.sys[TDI.SYS!TdiRegisterDeviceObject]                                                                                                         881F1820


---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                                                           klif.sys (spuper-ptor/Kaspersky Lab)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                                                                         kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                                                        tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                                                        kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                                                                        kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                                                                      kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Threads - GMER 1.0.15 ----

Thread          System [4:896]                                                                                                                                                                   88234000
Thread          System [4:900]                                                                                                                                                                   88234000
Thread          System [4:904]                                                                                                                                                                   881FF7E0
Thread          System [4:908]                                                                                                                                                                   881FF7E0
Thread          System [4:916]                                                                                                                                                                   882017D0
Thread          System [4:920]                                                                                                                                                                   882017D0
Thread          System [4:924]                                                                                                                                                                   882017D0
Thread          System [4:928]                                                                                                                                                                   881FF7E0

---- Registry - GMER 1.0.15 ----

Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35A724F0-84B3-5A4B-FB15-81365E486069}                                                                  
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35A724F0-84B3-5A4B-FB15-81365E486069}@iafhadmhbpkbjodbjk                                               0x6B 0x61 0x6A 0x63 ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35A724F0-84B3-5A4B-FB15-81365E486069}@hahggcefffnbnnol                                                 0x6B 0x61 0x6A 0x63 ...

---- EOF - GMER 1.0.15 ----
--- --- ---

OSAM

[code]
OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 10:38:49 on 16.05.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"RealUpgradeLogonTaskS-1-5-21-329068152-115176313-839522115-1003.job" - "RealNetworks, Inc." - C:\Program Files\Real\RealUpgrade\realupgrade.exe
"RealUpgradeScheduledTaskS-1-5-21-329068152-115176313-839522115-1003.job" - "RealNetworks, Inc." - C:\Program Files\Real\RealUpgrade\realupgrade.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\WINDOWS\system32\ISUSPM.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"mbllnk.cpl" - "AvantGo, Inc." - C:\WINDOWS\system32\mbllnk.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl
"PSUNCpl.cpl" - "Panda Security, S.L." - C:\WINDOWS\system32\PSUNCpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL
"PSUNCPL" - ? - C:\WINDOWS\syst  (File not found)
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime Alternative\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Bytemobile Boot Time Load Driver" (BMLoad) - "Bytemobile, Inc." - C:\WINDOWS\System32\drivers\BMLoad.sys
"Bytemobile Kernel Network Provider" (tcpipBM) - "Bytemobile, Inc." - C:\WINDOWS\system32\drivers\tcpipBM.sys
"catchme" (catchme) - ? - C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"cpudrv" (cpudrv) - ? - C:\Program Files\SystemRequirementsLab\cpudrv.sys  (File found, but it contains no detailed information)
"DAEMON Tools Virtual Bus Driver" (dtsoftbus01) - "DT Soft Ltd" - C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys
"filtertdidriver" (filtertdidriver) - "Huawei Technologies Co., Ltd." - C:\WINDOWS\System32\drivers\ewfiltertdidriver.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"ITECIR Infrared Receiver" (itecir) - "ITE Tech. Inc. " - C:\WINDOWS\System32\DRIVERS\itecir.sys
"jatmlano" (jatmlano) - ? - C:\DOCUME~1\klst\LOCALS~1\Temp\jatmlano.sys  (File not found)
"Kl1" (kl1) - "Kaspersky Lab" - C:\WINDOWS\System32\drivers\kl1.sys
"Klif" (klif) - "Kaspersky Lab" - C:\WINDOWS\system32\drivers\klif.sys
"kxddqpow" (kxddqpow) - ? - C:\DOCUME~1\Admin\LOCALS~1\Temp\kxddqpow.sys  (Hidden registry entry, rootkit activity | File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MACNDIS5 NDIS Protocol Driver" (MACNDIS5) - "Marmiko IT-Solutions GmbH" - C:\PROGRA~1\COMMON~1\MARMIK~1\MACNDIS5.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PSINAflt" (PSINAflt) - "Panda Security, S.L." - C:\WINDOWS\System32\DRIVERS\PSINAflt.sys
"PSINFile" (PSINFile) - "Panda Security, S.L." - C:\WINDOWS\System32\DRIVERS\PSINFile.sys
"PSINKNC" (PSINKNC) - "Panda Security, S.L." - C:\WINDOWS\System32\DRIVERS\psinknc.sys
"PSINProc" (PSINProc) - "Panda Security, S.L." - C:\WINDOWS\System32\DRIVERS\PSINProc.sys
"PSINProt" (PSINProt) - "Panda Security, S.L." - C:\WINDOWS\System32\DRIVERS\PSINProt.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - "Illustrate" - C:\Program Files\Illustrate\dBpoweramp\dBShell.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{d7b95390-b1c5-11d0-b111-0080c712fe82} "mctp: Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft ActiveSync\aatp.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{B658800C-F66E-4EF3-AB85-6C0C227862A9} "ViProtocolOLE Class" - ? - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "Display Panning CPL Extension" - ? -   (File not found | COM-object registry key not found)
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dMCIShell Class" - "Illustrate" - C:\Program Files\Illustrate\dBpoweramp\dMCShell.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Encryption Context Menu" - ? -   (File not found | COM-object registry key not found)
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{C080DC3F-9095-4E4B-95E6-D67D077130E8} "IconsHandlerNano Class" - "Panda Security, S.L." - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shell extensions for file compression" - ? -   (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{80AEF606-7FFA-4EF6-86C4-0B86FEF4E0CD} "ShellExt Class" - "Panda Security, S.L." - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{85E0B171-04FA-11D1-B7DA-00A0C90348D6} "Web Anti-Virus statistics" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{F4D76F09-7896-458A-890F-E1F05C46069F}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{02BCC737-B171-4746-94C9-0D8A0B2C0089} "Microsoft Office Template and Media Control" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\IEAWSDC.DLL / hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} "Office Genuine Advantage Validation Tool" - ? - C:\WINDOWS\system32\OGACheckControl.DLL / hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{AF9A1421-E128-4D5F-A37E-039F305867B9} "Pj11enuC Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\Pj11enuC.dll / hxxp://versionone/projectserver/objects/1033/pjcintl.cab
{4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} "PjAdoInfo3 Class" - "Microsoft Corp." - C:\WINDOWS\Downloaded Program Files\pjquery11.ocx / hxxp://versionone/projectserver/objects/pjclient.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash32_11_2_202_235.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{85E0B171-04FA-11D1-B7DA-00A0C90348D6} "Web Anti-Virus statistics" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %AllUsersProfile%\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-----( %UserProfile%\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Documents and Settings\Admin\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"1und1Dispatcher" - "1&1 Mail & Media GmbH" - "C:\Program Files\1und1Softwareaktualisierung\SchedDispatcher.exe" xp
"H/PC Connection Agent" - "Microsoft Corporation" - "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
"HW_OPENEYE_OUC_T-Mobile Internet Manager" - "Huawei Technologies Co., Ltd." - "C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"AzMixerSel" - "Realtek Semiconductor Corp." - C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
"DataCardMonitor" - "Huawei Technologies Co., Ltd." - C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"IntelWireless" - "Intel(R) Corporation" - "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
"IntelZeroConfig" - "Intel(R) Corporation" - "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
"ISUSPM" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"MSPY2002" - ? - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC  (File signed by Microsoft | File found, but it contains no detailed information)
"Panda Security URL Filtering" - "Panda Security" - "C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe"
"PDFPrint" - "Geek Software GmbH" - C:\Program Files\PDF24\pdf24.exe
"PLFSetI" - ? - C:\WINDOWS\PLFSetI.exe
"PSUNMain" - "Panda Security, S.L." - "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\program files\real\realplayer\update\realsched.exe"  -osboot
"vProt" - ? - "C:\Program Files\AVG Secure Search\vprot.exe"

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"IntelNetProvCredMan" - "Intel(R) Corporation" - C:\WINDOWS\system32\netprovcredman.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"avm:" - "AVM Berlin GmbH" - C:\WINDOWS\system32\avmprmon.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"Microsoft Office Live Meeting 2007 Document Writer Monitor" - "Microsoft Corporation." - C:\WINDOWS\system32\lmdimon8.dll
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Application Updater" (Application Updater) - ? - "C:\Program Files\Application Updater\ApplicationUpdater.exe"  (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"Intel(R) PROSet/Wireless WiFi Service" (S24EventMonitor) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jqs.exe
"Kaspersky Anti-Virus 6.0" (AVP) - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NMSAccessU" (NMSAccessU) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Panda Cloud Antivirus Service" (NanoServiceMain) - "Panda Security, S.L." - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
"PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"T-Online WLAN Adapter Steuerungsdienst" (MZCCntrl) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Program Files\Common Files\Marmiko Shared\MZCCntrl.exe
"Tjänsten Google Update (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"vToolbarUpdater10.2.0" (vToolbarUpdater10.2.0) - ? - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"klogon" - "Kaspersky Lab" - C:\WINDOWS\system32\klogon.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

Als letztes dann aswMBR

Code:

ATTFilter

 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-16 10:41:30
-----------------------------
10:41:30.812    OS Version: Windows 5.1.2600 Service Pack 3
10:41:30.812    Number of processors: 2 586 0xF0D
10:41:30.812    ComputerName: xxxx  UserName: Admin
10:41:32.953    Initialize success
10:43:15.656    AVAST engine defs: 12051501
10:45:08.250    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:45:08.250    Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
10:45:08.328    Disk 0 MBR read successfully
10:45:08.328    Disk 0 MBR scan
10:45:08.375    Disk 0 Windows XP default MBR code
10:45:08.390    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       238464 MB offset 63
10:45:08.468    Disk 0 scanning sectors +488376000
10:45:08.687    Disk 0 scanning C:\WINDOWS\system32\drivers
10:45:46.750    Service scanning
10:46:06.875    Modules scanning
10:46:33.609    Disk 0 trace - called modules:
10:46:33.640    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys 
10:46:33.656    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac7eab8]
10:46:34.000    3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\0000008b[0x8acbba10]
10:46:34.031    5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8ac7c028]
10:46:35.671    AVAST engine scan C:\WINDOWS
10:47:57.687    AVAST engine scan C:\WINDOWS\system32
10:55:58.875    AVAST engine scan C:\WINDOWS\system32\drivers
10:57:24.906    AVAST engine scan C:\Documents and Settings\Admin
11:47:41.781    AVAST engine scan C:\Documents and Settings\All Users
11:56:15.250    Scan finished successfully
12:19:13.765    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat"
12:19:13.781    The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"

Viele Gruesse
Klaus

14.05.2012, 11:04	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Panda Cloud AntiVirus PRo findet zwei Exploit CVE-2011-3544 Trojaner Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. __________________ __________________

14.05.2012, 12:37	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Panda Cloud AntiVirus PRo findet zwei Exploit CVE-2011-3544 Trojaner Nee, wenn die wirklich alle ohne Funde sind brauch ich die jetzt nicht ESET lief wie lange bei dir? Es hat nur eine Datei gefunden? __________________ Logfiles bitte immer in CODE-Tags posten

Panda Cloud AntiVirus PRo findet zwei Exploit CVE-2011-3544 Trojaner

Log-Analyse und Auswertung: Panda Cloud AntiVirus PRo findet zwei Exploit CVE-2011-3544 Trojaner