Trojaner-Board - BOO/Whistler gefunden - wie entfernen? bitte kurz helfen

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - BOO/Whistler gefunden - wie entfernen? bitte kurz helfen (https://www.trojaner-board.de/110500-boo-whistler-gefunden-entfernen-bitte-kurz-helfen.html)

BOO/Whistler gefunden - wie entfernen? bitte kurz helfen

Hi Leute,

seit ein paar Tagen findet mein Avira Antivirus den BOO/whistler auf verschiedenen Laufwerken.
Wie kann ich das Teil schnellstmöglichst und sicher löschen.

Bitte um kurze Hilfe - anbei die Log Datein vom Avira.

Danke schonmal u bis gleich

loco-dubai

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Sorry mit dem Code-Tags kam ich nicht zurecht.

Anbei die Logs von den 2 Programmen

Was ist an den CODE-Tags denn nicht zu verstehen?

Code:

 alwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org
 

Database version: v2012.02.26.07
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19190

OWNER :: TOBIASROLLEHOME [administrator]
 

Protection: Enabled
 

27.02.2012 10:10:01

mbam-log-2012-02-27 (10-10-01).txt
 

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 409099

Time elapsed: 1 hour(s), 18 minute(s), 46 second(s)
 

Memory Processes Detected: 0

(No malicious items detected)
 

Memory Modules Detected: 0

(No malicious items detected)
 

Registry Keys Detected: 15

HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
 

Registry Values Detected: 5

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: ;áÃzÊ;XA³0öm»Áµ -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: VShareTB -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data:  -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data:  -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{A97CF973-60D0-6DE1-74C4-FD48DF453075} (Trojan.ZbotR.Gen) -> Data: C:\Users\OWNER\AppData\Roaming\Upsyc\orfer.exe -> Quarantined and deleted successfully.
 

Registry Data Items Detected: 3

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (hxxp://startsear.ch/?aff=1&cf=607cc8c0-439b-11e1-8f3c-00221558181e) Good: (hxxp://www.google.com) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (hxxp://startsear.ch/?aff=1&cf=607cc8c0-439b-11e1-8f3c-00221558181e) Good: (hxxp://www.google.com) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.Userinit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Documents and Settings\svshost.exe) Good: (Userinit.exe) -> Quarantined and repaired successfully.
 

Folders Detected: 0

(No malicious items detected)
 

Files Detected: 1

C:\Program Files\StartSearch plugin\BarLcher.dll (PUP.VShareRedir) -> Quarantined and deleted successfully.
 

(end)

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=34ba86f737bf054a857602a8c1113aa3

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-27 02:50:08

# local_time=2012-02-27 03:50:08 (+0100, W. Europe Standard Time)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=1792 16777215 100 0 621419 621419 0 0

# compatibility_mode=5892 16776573 100 100 62220 167877739 0 0

# compatibility_mode=8192 67108863 100 0 3793 3793 0 0

# scanned=335818

# found=0

# cleaned=0

# scan_time=9170

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Code:

OTL logfile created on: 28.02.2012 10:35:52 - Run 1

OTL by OldTimer - Version 3.2.33.2     Folder = C:\Users\OWNER\Downloads

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19190)

Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 44,21% Memory free

6,23 Gb Paging File | 4,41 Gb Available in Paging File | 70,79% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 458,21 Gb Total Space | 379,97 Gb Free Space | 82,93% Space Free | Partition Type: NTFS

Drive D: | 7,55 Gb Total Space | 0,99 Gb Free Space | 13,12% Space Free | Partition Type: NTFS

 

Computer Name: TOBIASROLLEHOME | User Name: OWNER | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.02.28 10:32:11 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\OWNER\Downloads\OTL.exe

PRC - [2012.02.27 08:03:07 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012.02.20 09:47:31 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011.10.11 15:06:39 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011.10.11 15:06:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011.10.11 15:06:20 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe

PRC - [2011.10.11 15:06:18 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.10.11 15:06:18 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.05.23 16:58:36 | 000,093,696 | ---- | M] (Bloomberg L.P.) -- c:\blp\API\Office Tools\bxlaui.exe

PRC - [2011.05.23 16:25:44 | 000,028,672 | ---- | M] (Bloomberg L.P.) -- c:\blp\API\Office Tools\bxlartd.exe

PRC - [2010.02.11 12:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009.06.15 07:52:08 | 000,068,592 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2008.08.04 15:29:14 | 000,036,864 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\hppusg.exe

PRC - [2008.08.01 08:47:20 | 000,053,248 | ---- | M] (HP) -- C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe

PRC - [2008.01.21 03:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2007.10.09 21:07:58 | 000,914,808 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe

PRC - [2005.09.23 07:58:42 | 000,163,840 | ---- | M] (Matrox Graphics Inc.) -- C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.02.27 08:03:02 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2012.02.20 09:13:55 | 001,801,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\2ddd7acbd58ff39deff6c5cd732e1474\System.Deployment.ni.dll

MOD - [2012.02.20 09:13:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll

MOD - [2012.02.20 09:13:52 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0ac84704dce924c06b1913f7c75e6fde\System.Runtime.Serialization.Formatters.Soap.ni.dll

MOD - [2012.02.20 09:13:35 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll

MOD - [2012.02.20 09:13:33 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll

MOD - [2012.02.20 09:13:19 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll

MOD - [2012.02.20 09:13:12 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll

MOD - [2012.02.20 09:12:23 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll

MOD - [2012.02.20 09:12:16 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll

MOD - [2012.01.03 21:54:02 | 000,053,248 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Weblink.DEU

MOD - [2011.12.09 10:36:40 | 006,276,768 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

MOD - [2011.11.30 10:01:48 | 000,103,424 | ---- | M] () -- C:\Program Files\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll

MOD - [2011.05.23 17:11:16 | 000,050,992 | ---- | M] () -- c:\blp\API\dde\bbloader.dll

MOD - [2011.05.23 17:02:16 | 000,106,496 | ---- | M] () -- c:\blp\API\Office Tools\FieldServiceDesktopSchemaV8.XmlSerializers.dll

MOD - [2011.05.23 17:01:58 | 000,389,120 | ---- | M] () -- c:\blp\API\Office Tools\Bloomberg.OfficeTools.DataModel.Schemas.XmlSerializers.dll

MOD - [2011.05.23 16:46:26 | 000,069,632 | ---- | M] () -- c:\blp\API\Office Tools\BlissAdaptor.XmlSerializers.dll

MOD - [2011.05.23 16:45:06 | 000,196,608 | ---- | M] () -- c:\blp\API\Office Tools\Microsoft.ApplicationBlocks.UIProcess.dll

MOD - [2011.05.23 16:44:02 | 000,065,536 | ---- | M] () -- c:\blp\API\Office Tools\FavoriteFieldsServiceSchema.XmlSerializers.dll

MOD - [2009.10.03 01:48:16 | 000,106,496 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Escript.deu

MOD - [2009.10.03 01:45:02 | 000,012,288 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\updater.DEU

MOD - [2009.06.25 22:30:48 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll

MOD - [2009.03.30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2009.02.27 16:41:26 | 000,011,264 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\pddom.DEU

MOD - [2009.02.27 16:40:12 | 001,712,128 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU

MOD - [2008.08.04 15:29:14 | 000,036,864 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\hppusg.exe

MOD - [2008.08.04 15:29:12 | 000,114,688 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\HPToolkit.dll

MOD - [2008.08.04 15:29:12 | 000,057,344 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\HPUsageTracking.dll

MOD - [2008.08.04 15:29:12 | 000,040,960 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\Enumeration.dll

MOD - [2008.08.04 15:28:54 | 000,069,632 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\HPTools.dll

MOD - [2008.08.04 15:28:52 | 000,016,384 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\HPStreamsInterface.dll

MOD - [2008.08.01 08:47:02 | 000,102,400 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPFaxUtilities.dll

MOD - [2008.08.01 08:47:00 | 000,552,960 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\Alerts.dll

MOD - [2008.08.01 08:46:36 | 000,593,920 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPAppTools.dll

MOD - [2008.08.01 08:46:30 | 000,126,976 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPToolkit.dll

MOD - [2008.08.01 08:46:30 | 000,069,632 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\AppConstants.dll

MOD - [2008.08.01 08:46:30 | 000,040,960 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\Enumeration.dll

MOD - [2008.08.01 08:46:28 | 000,016,384 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPStreamsInterface.dll

MOD - [2008.08.01 08:46:26 | 000,069,632 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPTools.dll

MOD - [2008.07.31 13:37:06 | 000,086,016 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\NativeUtils.dll

MOD - [2006.12.10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll

MOD - [2006.12.10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll

MOD - [2005.09.23 07:58:32 | 000,163,840 | ---- | M] () -- C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDeskSE.CustomLayout.dll

MOD - [2005.09.23 07:58:28 | 000,196,608 | ---- | M] () -- C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDeskSE.Medical.dll

MOD - [2005.09.23 07:58:26 | 000,253,952 | ---- | M] () -- C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDeskSE.AppHint.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.02.20 09:47:31 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)

SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.10.11 15:06:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.10.11 15:06:20 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)

SRV - [2011.10.11 15:06:18 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010.02.11 12:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)

SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2008.01.21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.10.09 21:07:58 | 000,914,808 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)

SRV - [2005.09.27 11:17:00 | 000,155,648 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\MtxDrvService.exe -- (MtxDrvService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2012.02.20 09:47:34 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.10.11 15:06:39 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.10.11 15:06:39 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2008.05.14 23:49:14 | 003,691,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2008.02.26 06:17:30 | 000,493,568 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)

DRV - [2008.01.21 03:23:28 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2007.10.09 21:02:34 | 000,003,072 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vncmirror.sys -- (vncmirror)

DRV - [2007.08.28 13:44:56 | 000,088,064 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATTchDrv.sys -- (FLMckUsb)

DRV - [2007.07.16 22:29:43 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxfax.sys -- (HPFXFAX)

DRV - [2007.07.16 22:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)

DRV - [2007.01.26 07:42:50 | 002,831,232 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)

DRV - [2006.11.02 09:27:22 | 001,083,520 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)

DRV - [2006.11.02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)

DRV - [2005.09.27 11:13:00 | 001,028,864 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MTXPARM.sys -- (MTXPAR)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1

IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 24 63 AD 9A 05 CC 01  [binary data]

IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Web Search"

FF - prefs.js..browser.search.defaultenginename: "Web Search"

FF - prefs.js..browser.search.order.1: "Web Search"

FF - prefs.js..browser.search.selectedEngine: "Web Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/"

FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2

FF - prefs.js..extensions.enabledItems: {4ac04d99-3f4b-4ec5-bd2d-216d59822f8a}:1.1

FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\OWNER\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\OWNER\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.27 08:03:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.19 13:18:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.02.08 13:40:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

 

[2011.03.14 22:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OWNER\AppData\Roaming\mozilla\Extensions

[2011.03.14 22:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OWNER\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012.02.19 15:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions

[2012.01.20 20:17:43 | 000,000,000 | ---D | M] (VshareComplete - Speed up your search with your personal search suggestions tool) -- C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\{4ac04d99-3f4b-4ec5-bd2d-216d59822f8a}

[2011.04.30 14:37:17 | 000,000,000 | ---D | M] (vShare) -- C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\vshare@toolbar

[2012.01.20 20:17:38 | 000,000,792 | ---- | M] () -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\wwnnjdtx.default\searchplugins\startsear.xml

[2012.02.19 13:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012.02.27 08:03:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.02.19 13:14:45 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll

[2012.02.27 08:02:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.02.27 08:02:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Web Search (Enabled)

CHR - default_search_provider: search_url = hxxp://startsear.ch/?aff=1&src=sp&cf=607cc8c0-439b-11e1-8f3c-00221558181e&q={searchTerms}

CHR - default_search_provider: suggest_url = 

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\OWNER\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\OWNER\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\OWNER\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll

CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll

CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: VshareComplete plugin for chrome = C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\

CHR - Extension: vshare plugin = C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\

CHR - Extension: TV for Google Chrome\u2122 = C:\Users\OWNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lambangeielkjcnmioccboaphdfcffib\2.2.4_0\

 

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O2 - BHO: (VshareComplete) - {222f31fb-a14e-4af2-bb14-997f28294370} - C:\Users\OWNER\AppData\Roaming\VshareComplete\VshareComplete.dll (SimplyGen)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O3 - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)

O4 - HKLM..\Run: [HPPQVideo] "C:\Program Files\HP\ScheduledLaunch\HP Color LaserJet CM2320 MFP Series\bin\hppschlnch.exe" -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CM2320_MFP_Series -f PQOptimizerVideo.xml -o remindLater File not found

O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Matrox PowerDesk SE] C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe (Matrox Graphics Inc.)

O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000..\Run: [CLRHost] C:\blp\API\Office Tools\bbxlcmd.exe ()

O4 - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.132.63.25 80.227.2.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{914CF204-BB59-4A13-AAF8-04FC46F20E60}: DhcpNameServer = 80.227.2.3 80.227.2.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B29C7892-224C-4C46-ABED-5A51DEBC5675}: DhcpNameServer = 213.132.63.25 80.227.2.4

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img3.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img3.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\Shell - "" = AutoRun

O33 - MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\Shell\AutoRun\command - "" = J:\SETUP.EXE /AUTORUN

O33 - MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\Shell\configure\command - "" = J:\SETUP.EXE

O33 - MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\Shell\install\command - "" = J:\SETUP.EXE

O33 - MountPoints2\{b1b4a5b8-91dc-11de-8274-00221557f9e0}\Shell\AutoRun\command - "" = K:\Menu.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.02.27 13:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.02.27 10:08:58 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Roaming\Malwarebytes

[2012.02.27 10:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.02.27 10:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.02.27 10:08:28 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.02.27 10:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.02.20 09:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012.02.20 09:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012.02.20 09:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2012.02.20 09:42:03 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Roaming\Avira

[2012.02.20 09:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.02.20 09:40:32 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2012.02.20 09:40:29 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2012.02.20 09:40:29 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

[2012.02.20 09:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012.02.20 09:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2012.02.20 09:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices

[2012.02.19 15:00:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES

[2012.02.19 15:00:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES

[2012.02.19 15:00:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN

[2012.02.19 13:22:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders

[2012.02.19 13:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2012.02.13 20:23:10 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Roaming\Upsyc

[2012.02.13 20:23:10 | 000,000,000 | ---D | C] -- C:\Users\OWNER\AppData\Roaming\Izva

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.02.28 10:26:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.02.28 10:10:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3062086142-2646581309-1385036962-1000UA.job

[2012.02.28 08:59:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.02.28 08:59:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.02.28 00:10:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3062086142-2646581309-1385036962-1000Core.job

[2012.02.28 00:02:23 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.02.28 00:02:23 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.02.27 13:12:27 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\jxle.sys

[2012.02.27 10:08:31 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.27 08:08:11 | 000,619,382 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.02.27 08:08:11 | 000,108,826 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.02.27 08:02:27 | 000,002,032 | ---- | M] () -- C:\Users\OWNER\AppData\Local\d3d9caps.dat

[2012.02.27 08:02:12 | 3219,709,952 | -HS- | M] () -- C:\hiberfil.sys

[2012.02.20 09:47:34 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2012.02.20 09:43:39 | 000,001,081 | ---- | M] () -- C:\Users\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2012.02.20 09:43:39 | 000,001,057 | ---- | M] () -- C:\Users\OWNER\Desktop\Spybot - Search & Destroy.lnk

[2012.02.20 09:41:28 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.02.20 09:09:38 | 000,308,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.02.20 08:36:24 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

[2012.02.20 08:35:59 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf

[2012.02.19 13:18:54 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012.02.16 04:13:15 | 000,002,044 | ---- | M] () -- C:\Users\OWNER\Desktop\Google Chrome.lnk

[2012.02.16 04:13:15 | 000,002,006 | ---- | M] () -- C:\Users\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012.02.16 03:05:29 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI

 
 ========== Files Created - No Company Name ==========

 

[2012.02.27 13:12:27 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\jxle.sys

[2012.02.27 10:08:31 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.20 09:43:39 | 000,001,081 | ---- | C] () -- C:\Users\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2012.02.20 09:43:39 | 000,001,057 | ---- | C] () -- C:\Users\OWNER\Desktop\Spybot - Search & Destroy.lnk

[2012.02.20 09:41:28 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.02.20 08:36:24 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

[2012.02.20 08:35:59 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf

[2012.02.19 13:18:54 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012.02.19 13:18:54 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk

[2012.02.16 03:05:29 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2011.11.27 07:13:17 | 000,130,834 | ---- | C] () -- C:\Windows\hpoins18.dat

[2011.11.27 07:11:06 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat

[2010.10.25 07:37:18 | 000,006,656 | ---- | C] () -- C:\Users\OWNER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
 ========== LOP Check ==========

 

[2011.12.11 20:48:07 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Image Zone Express

[2012.02.18 16:34:52 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Izva

[2011.12.11 20:48:07 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Printer Info Cache

[2012.02.07 10:02:27 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\TeamViewer

[2011.03.14 22:04:44 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Thunderbird

[2012.02.16 08:39:46 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Upsyc

[2012.01.20 20:17:41 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\VshareComplete

[2012.02.26 21:00:17 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.10.14 08:53:46 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Adobe

[2012.02.20 09:42:03 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Avira

[2009.06.15 07:52:27 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Google

[2011.12.08 08:40:34 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\HP

[2009.05.25 07:25:02 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Identities

[2011.12.11 20:48:07 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Image Zone Express

[2012.02.18 16:34:52 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Izva

[2009.05.25 11:17:15 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Macromedia

[2012.02.27 10:08:58 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Malwarebytes

[2012.02.13 20:23:31 | 000,000,000 | --SD | M] -- C:\Users\OWNER\AppData\Roaming\Microsoft

[2009.05.25 11:15:06 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Mozilla

[2011.12.11 20:48:07 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Printer Info Cache

[2012.02.28 10:35:52 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Skype

[2012.02.28 09:00:20 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\skypePM

[2012.02.07 10:02:27 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\TeamViewer

[2011.03.14 22:04:44 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Thunderbird

[2012.02.16 08:39:46 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\Upsyc

[2012.02.04 17:55:03 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\vlc

[2012.01.20 20:17:41 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\VshareComplete

[2009.06.15 18:26:46 | 000,000,000 | ---D | M] -- C:\Users\OWNER\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2011.03.29 08:31:11 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\OWNER\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2011.12.18 03:53:00 | 000,091,128 | ---- | M] () -- C:\Users\OWNER\AppData\Roaming\VshareComplete\KeepMeUpdated.exe

[2011.12.18 03:53:00 | 000,091,128 | ---- | M] () -- C:\Users\OWNER\AppData\Roaming\VshareComplete\64\KeepMeUpdated.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\drivers\atapi.sys

[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2008.01.21 03:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 03:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\System32\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: EVENTLOG.DLL  >

[2007.01.12 19:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Windows.old\Program Files\CyberLink\PowerDirector\EventLog.dll

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\System32\netlogon.dll

[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

[2008.01.21 03:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\drivers\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

[2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: NVSTOR32.SYS  >

[2008.01.25 20:02:04 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=7DF63192BCF9C20EC2F7492E7F7544F9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvrd32.inf_e2a5b24c\nvstor32.sys

[2008.01.25 20:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\hp\DRIVERS\nvidia_storage\nvstor32.sys

[2008.01.25 20:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\Windows.old\Windows\System32\drivers\nvstor32.sys

[2008.01.25 20:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvstor32.inf_b55bb8a8\nvstor32.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\System32\scecli.dll

[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2008.01.21 03:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows.old\Windows\System32\user32.dll

[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2008.01.21 03:24:47 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2008.01.21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\System32\wininit.exe

[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2008.01.21 03:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 03:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\System32\winlogon.exe

[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

[2008.01.21 03:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

[2008.01.21 03:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 03:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 04:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 04:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 04:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?rd=1

IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 24 63 AD 9A 05 CC 01  [binary data]

IE - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

FF - prefs.js..browser.search.defaultengine: "Web Search"

FF - prefs.js..browser.search.defaultenginename: "Web Search"

FF - prefs.js..browser.search.order.1: "Web Search"

FF - prefs.js..browser.search.selectedEngine: "Web Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2

FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="

[2012.01.20 20:17:43 | 000,000,000 | ---D | M] (VshareComplete - Speed up your search with your personal search suggestions tool) -- C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\{4ac04d99-3f4b-4ec5-bd2d-216d59822f8a}

[2011.04.30 14:37:17 | 000,000,000 | ---D | M] (vShare) -- C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\vshare@toolbar

[2012.01.20 20:17:38 | 000,000,792 | ---- | M] () -- C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\wwnnjdtx.default\searchplugins\startsear.xml

[2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll

CHR - default_search_provider: Web Search (Enabled)

CHR - default_search_provider: search_url = http://startsear.ch/?aff=1&src=sp&cf=607cc8c0-439b-11e1-8f3c-00221558181e&q={searchTerms}

O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O2 - BHO: (VshareComplete) - {222f31fb-a14e-4af2-bb14-997f28294370} - C:\Users\OWNER\AppData\Roaming\VshareComplete\VshareComplete.dll (SimplyGen)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O3 - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O4 - HKLM..\Run: []  File not found

O4 - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000..\Run: [CLRHost] C:\blp\API\Office Tools\bbxlcmd.exe ()

O4 - HKU\S-1-5-21-3062086142-2646581309-1385036962-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\Shell - "" = AutoRun

O33 - MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\Shell\AutoRun\command - "" = J:\SETUP.EXE /AUTORUN

O33 - MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\Shell\configure\command - "" = J:\SETUP.EXE

O33 - MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\Shell\install\command - "" = J:\SETUP.EXE

O33 - MountPoints2\{b1b4a5b8-91dc-11de-8274-00221557f9e0}\Shell\AutoRun\command - "" = K:\Menu.exe

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code:

All processes killed

========== OTL ==========

HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!

HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!

HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!

HKU\S-1-5-21-3062086142-2646581309-1385036962-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!

Prefs.js: "Web Search" removed from browser.search.defaultengine

Prefs.js: "Web Search" removed from browser.search.defaultenginename

Prefs.js: "Web Search" removed from browser.search.order.1

Prefs.js: "Web Search" removed from browser.search.selectedEngine

Prefs.js: true removed from browser.search.useDBForOrder

Prefs.js: vshare@toolbar:1.0.2 removed from extensions.enabledItems

Prefs.js: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=" removed from keyword.URL

C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\{4ac04d99-3f4b-4ec5-bd2d-216d59822f8a}\defaults\preferences folder moved successfully.

C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\{4ac04d99-3f4b-4ec5-bd2d-216d59822f8a}\defaults folder moved successfully.

C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\{4ac04d99-3f4b-4ec5-bd2d-216d59822f8a}\chrome\content folder moved successfully.

C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\{4ac04d99-3f4b-4ec5-bd2d-216d59822f8a}\chrome folder moved successfully.

C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\{4ac04d99-3f4b-4ec5-bd2d-216d59822f8a} folder moved successfully.

C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\vshare@toolbar\modules folder moved successfully.

C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\vshare@toolbar\locale\en-US folder moved successfully.

C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\vshare@toolbar\locale folder moved successfully.

C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\vshare@toolbar\components folder moved successfully.

C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\vshare@toolbar\chrome folder moved successfully.

C:\Users\OWNER\AppData\Roaming\mozilla\Firefox\Profiles\wwnnjdtx.default\extensions\vshare@toolbar folder moved successfully.

C:\Users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\wwnnjdtx.default\searchplugins\startsear.xml moved successfully.

C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll moved successfully.

Unable to fix default_search_provider items.

Unable to fix default_search_provider items.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.

C:\Program Files\vShare\vshare_toolbar.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{222f31fb-a14e-4af2-bb14-997f28294370}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{222f31fb-a14e-4af2-bb14-997f28294370}\ deleted successfully.

C:\Users\OWNER\AppData\Roaming\VshareComplete\VshareComplete.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.

C:\Program Files\Spybot - Search & Destroy\SDHelper.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.

C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.

File C:\Program Files\vShare\vshare_toolbar.dll not found.

Registry value HKEY_USERS\S-1-5-21-3062086142-2646581309-1385036962-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.

File C:\Program Files\vShare\vshare_toolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-3062086142-2646581309-1385036962-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CLRHost deleted successfully.

C:\blp\API\Office Tools\bbxlcmd.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-3062086142-2646581309-1385036962-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe moved successfully.

File C:\Program Files\vShare\vshare_toolbar.dll not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome\ deleted successfully.

File C:\Program Files\vShare\vshare_toolbar.dll not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\ not found.

File J:\SETUP.EXE /AUTORUN not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\ not found.

File J:\SETUP.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01ccfbcc-79d4-11de-84b2-00221557f9e0}\ not found.

File J:\SETUP.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1b4a5b8-91dc-11de-8274-00221557f9e0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1b4a5b8-91dc-11de-8274-00221557f9e0}\ not found.

File K:\Menu.exe not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56466 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: OWNER

->Temp folder emptied: 197407427 bytes

->Temporary Internet Files folder emptied: 66359629 bytes

->Java cache emptied: 134963781 bytes

->FireFox cache emptied: 845821488 bytes

->Google Chrome cache emptied: 38534855 bytes

->Flash cache emptied: 134469 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 147030 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 1.224,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.33.2 log created on 02282012_130909
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Zur Info: Im Zuge des Neustarts war Avira wieder mit den üblichen Viruswarnungen parat. "BOO/whistler was found ......"

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Code:

13:46:03.0190 2712        TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02

13:46:03.0765 2712        ============================================================

13:46:03.0765 2712        Current date / time: 2012/02/28 13:46:03.0765

13:46:03.0765 2712        SystemInfo:

13:46:03.0765 2712        

13:46:03.0765 2712        OS Version: 6.0.6002 ServicePack: 2.0

13:46:03.0765 2712        Product type: Workstation

13:46:03.0765 2712        ComputerName: TOBIASROLLEHOME

13:46:03.0765 2712        UserName: OWNER

13:46:03.0765 2712        Windows directory: C:\Windows

13:46:03.0765 2712        System windows directory: C:\Windows

13:46:03.0765 2712        Processor architecture: Intel x86

13:46:03.0765 2712        Number of processors: 2

13:46:03.0765 2712        Page size: 0x1000

13:46:03.0765 2712        Boot type: Normal boot

13:46:03.0765 2712        ============================================================

13:46:04.0512 2712        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

13:46:04.0524 2712        \Device\Harddisk0\DR0:

13:46:04.0524 2712        MBR used

13:46:04.0524 2712        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x394698A8

13:46:04.0524 2712        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x394698E7, BlocksNum 0xF1B35A

13:46:04.0596 2712        Initialize success

13:46:04.0596 2712        ============================================================

13:46:47.0490 5412        ============================================================

13:46:47.0490 5412        Scan started

13:46:47.0490 5412        Mode: Manual; SigCheck; TDLFS; 

13:46:47.0490 5412        ============================================================

13:46:48.0055 5412        3xHybrid        (3948303f88d035ff1c84aac07a17b9a9) C:\Windows\system32\DRIVERS\3xHybrid.sys

13:46:48.0233 5412        3xHybrid - ok

13:46:48.0359 5412        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

13:46:48.0374 5412        ACPI - ok

13:46:48.0417 5412        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

13:46:48.0437 5412        adp94xx - ok

13:46:48.0513 5412        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

13:46:48.0528 5412        adpahci - ok

13:46:48.0546 5412        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

13:46:48.0557 5412        adpu160m - ok

13:46:48.0573 5412        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

13:46:48.0585 5412        adpu320 - ok

13:46:48.0724 5412        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

13:46:48.0800 5412        AFD - ok

13:46:48.0849 5412        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

13:46:48.0859 5412        agp440 - ok

13:46:48.0899 5412        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

13:46:48.0910 5412        aic78xx - ok

13:46:48.0948 5412        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

13:46:48.0956 5412        aliide - ok

13:46:48.0996 5412        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

13:46:49.0005 5412        amdagp - ok

13:46:49.0093 5412        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

13:46:49.0122 5412        amdide - ok

13:46:49.0155 5412        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

13:46:49.0213 5412        AmdK7 - ok

13:46:49.0236 5412        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

13:46:49.0276 5412        AmdK8 - ok

13:46:49.0399 5412        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

13:46:49.0409 5412        arc - ok

13:46:49.0441 5412        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

13:46:49.0450 5412        arcsas - ok

13:46:49.0489 5412        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

13:46:49.0538 5412        AsyncMac - ok

13:46:49.0576 5412        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

13:46:49.0585 5412        atapi - ok

13:46:49.0687 5412        atikmdag        (c6eec3603b6d66d0f5a2edd430d338b3) C:\Windows\system32\DRIVERS\atikmdag.sys

13:46:49.0848 5412        atikmdag - ok

13:46:49.0937 5412        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys

13:46:49.0965 5412        avgntflt - ok

13:46:49.0985 5412        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys

13:46:49.0994 5412        avipbb - ok

13:46:50.0008 5412        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys

13:46:50.0016 5412        avkmgr - ok

13:46:50.0051 5412        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

13:46:50.0118 5412        Beep - ok

13:46:50.0168 5412        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

13:46:50.0227 5412        blbdrive - ok

13:46:50.0325 5412        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

13:46:50.0342 5412        bowser - ok

13:46:50.0377 5412        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

13:46:50.0425 5412        BrFiltLo - ok

13:46:50.0444 5412        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

13:46:50.0480 5412        BrFiltUp - ok

13:46:50.0568 5412        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

13:46:50.0703 5412        Brserid - ok

13:46:50.0800 5412        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

13:46:50.0862 5412        BrSerWdm - ok

13:46:50.0879 5412        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

13:46:50.0932 5412        BrUsbMdm - ok

13:46:50.0951 5412        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

13:46:51.0014 5412        BrUsbSer - ok

13:46:51.0067 5412        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

13:46:51.0117 5412        BTHMODEM - ok

13:46:51.0217 5412        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

13:46:51.0250 5412        cdfs - ok

13:46:51.0315 5412        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

13:46:51.0344 5412        cdrom - ok

13:46:51.0362 5412        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys

13:46:51.0391 5412        circlass - ok

13:46:51.0455 5412        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

13:46:51.0470 5412        CLFS - ok

13:46:51.0555 5412        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

13:46:51.0563 5412        cmdide - ok

13:46:51.0609 5412        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys

13:46:51.0617 5412        Compbatt - ok

13:46:51.0635 5412        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

13:46:51.0643 5412        crcdisk - ok

13:46:51.0673 5412        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

13:46:51.0695 5412        Crusoe - ok

13:46:51.0779 5412        CSC             (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys

13:46:51.0871 5412        CSC - ok

13:46:52.0010 5412        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

13:46:52.0050 5412        DfsC - ok

13:46:52.0109 5412        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

13:46:52.0120 5412        disk - ok

13:46:52.0219 5412        Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

13:46:52.0271 5412        Dot4 - ok

13:46:52.0328 5412        Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

13:46:52.0402 5412        Dot4Print - ok

13:46:52.0450 5412        dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

13:46:52.0495 5412        dot4usb - ok

13:46:52.0539 5412        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

13:46:52.0555 5412        drmkaud - ok

13:46:52.0804 5412        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

13:46:52.0854 5412        DXGKrnl - ok

13:46:53.0011 5412        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

13:46:53.0080 5412        E1G60 - ok

13:46:53.0185 5412        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

13:46:53.0198 5412        Ecache - ok

13:46:53.0271 5412        ElbyCDIO        (28cb0b64134ad62c2acf77db8501a619) C:\Windows\system32\Drivers\ElbyCDIO.sys

13:46:53.0280 5412        ElbyCDIO - ok

13:46:53.0495 5412        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

13:46:53.0528 5412        elxstor - ok

13:46:53.0635 5412        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

13:46:53.0657 5412        ErrDev - ok

13:46:53.0735 5412        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

13:46:53.0782 5412        exfat - ok

13:46:53.0822 5412        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

13:46:53.0864 5412        fastfat - ok

13:46:53.0898 5412        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

13:46:53.0930 5412        fdc - ok

13:46:53.0999 5412        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

13:46:54.0009 5412        FileInfo - ok

13:46:54.0032 5412        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

13:46:54.0079 5412        Filetrace - ok

13:46:54.0133 5412        FLMckUsb        (9a5f86048cd1190071a826f22bb88f47) C:\Windows\system32\DRIVERS\ATTchDrv.sys

13:46:54.0143 5412        FLMckUsb - ok

13:46:54.0172 5412        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

13:46:54.0236 5412        flpydisk - ok

13:46:54.0298 5412        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

13:46:54.0311 5412        FltMgr - ok

13:46:54.0394 5412        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

13:46:54.0423 5412        Fs_Rec - ok

13:46:54.0454 5412        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

13:46:54.0463 5412        gagp30kx - ok

13:46:54.0560 5412        HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

13:46:54.0599 5412        HdAudAddService - ok

13:46:54.0688 5412        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

13:46:54.0753 5412        HDAudBus - ok

13:46:54.0802 5412        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

13:46:54.0846 5412        HidBth - ok

13:46:54.0878 5412        HidIr           (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys

13:46:54.0907 5412        HidIr - ok

13:46:54.0997 5412        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

13:46:55.0024 5412        HidUsb - ok

13:46:55.0072 5412        hoplfb - ok

13:46:55.0109 5412        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

13:46:55.0118 5412        HpCISSs - ok

13:46:55.0163 5412        HPFXBULK        (299683d4c8aaa3f6f5d5d226a1782a6e) C:\Windows\system32\drivers\hpfxbulk.sys

13:46:55.0171 5412        HPFXBULK - ok

13:46:55.0203 5412        HPFXFAX         (f728db73a87231e27b6ba34d71ce2edb) C:\Windows\system32\drivers\hpfxfax.sys

13:46:55.0210 5412        HPFXFAX - ok

13:46:55.0298 5412        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

13:46:55.0402 5412        HTTP - ok

13:46:55.0492 5412        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

13:46:55.0501 5412        i2omp - ok

13:46:55.0589 5412        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

13:46:55.0620 5412        i8042prt - ok

13:46:55.0641 5412        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

13:46:55.0654 5412        iaStorV - ok

13:46:55.0691 5412        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

13:46:55.0700 5412        iirsp - ok

13:46:55.0783 5412        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

13:46:55.0792 5412        intelide - ok

13:46:55.0822 5412        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

13:46:55.0862 5412        intelppm - ok

13:46:55.0921 5412        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:46:55.0956 5412        IpFilterDriver - ok

13:46:55.0967 5412        IpInIp - ok

13:46:55.0990 5412        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

13:46:56.0012 5412        IPMIDRV - ok

13:46:56.0043 5412        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

13:46:56.0078 5412        IPNAT - ok

13:46:56.0129 5412        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

13:46:56.0167 5412        IRENUM - ok

13:46:56.0191 5412        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

13:46:56.0200 5412        isapnp - ok

13:46:56.0287 5412        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

13:46:56.0298 5412        iScsiPrt - ok

13:46:56.0329 5412        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

13:46:56.0338 5412        iteatapi - ok

13:46:56.0358 5412        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

13:46:56.0366 5412        iteraid - ok

13:46:56.0395 5412        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

13:46:56.0404 5412        kbdclass - ok

13:46:56.0491 5412        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

13:46:56.0507 5412        kbdhid - ok

13:46:56.0576 5412        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

13:46:56.0634 5412        KSecDD - ok

13:46:56.0731 5412        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

13:46:56.0771 5412        lltdio - ok

13:46:56.0828 5412        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

13:46:56.0838 5412        LSI_FC - ok

13:46:56.0915 5412        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

13:46:56.0924 5412        LSI_SAS - ok

13:46:56.0971 5412        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

13:46:56.0981 5412        LSI_SCSI - ok

13:46:57.0005 5412        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

13:46:57.0040 5412        luafv - ok

13:46:57.0132 5412        MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

13:46:57.0139 5412        MBAMProtector - ok

13:46:57.0259 5412        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

13:46:57.0267 5412        megasas - ok

13:46:57.0303 5412        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

13:46:57.0352 5412        MegaSR - ok

13:46:57.0445 5412        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

13:46:57.0467 5412        Modem - ok

13:46:57.0499 5412        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

13:46:57.0526 5412        monitor - ok

13:46:57.0582 5412        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

13:46:57.0591 5412        mouclass - ok

13:46:57.0613 5412        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

13:46:57.0653 5412        mouhid - ok

13:46:57.0680 5412        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

13:46:57.0690 5412        MountMgr - ok

13:46:57.0711 5412        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

13:46:57.0724 5412        mpio - ok

13:46:57.0766 5412        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

13:46:57.0791 5412        mpsdrv - ok

13:46:57.0852 5412        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

13:46:57.0861 5412        Mraid35x - ok

13:46:57.0913 5412        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

13:46:57.0975 5412        MRxDAV - ok

13:46:58.0010 5412        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:46:58.0049 5412        mrxsmb - ok

13:46:58.0131 5412        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:46:58.0146 5412        mrxsmb10 - ok

13:46:58.0187 5412        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:46:58.0211 5412        mrxsmb20 - ok

13:46:58.0237 5412        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

13:46:58.0246 5412        msahci - ok

13:46:58.0265 5412        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

13:46:58.0275 5412        msdsm - ok

13:46:58.0314 5412        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

13:46:58.0348 5412        Msfs - ok

13:46:58.0384 5412        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

13:46:58.0392 5412        msisadrv - ok

13:46:58.0462 5412        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

13:46:58.0483 5412        MSKSSRV - ok

13:46:58.0517 5412        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

13:46:58.0548 5412        MSPCLOCK - ok

13:46:58.0582 5412        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

13:46:58.0612 5412        MSPQM - ok

13:46:58.0684 5412        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

13:46:58.0696 5412        MsRPC - ok

13:46:58.0741 5412        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

13:46:58.0749 5412        mssmbios - ok

13:46:58.0786 5412        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

13:46:58.0828 5412        MSTEE - ok

13:46:58.0917 5412        MTXPAR          (1171baf750ff1772dd128317bb5de001) C:\Windows\system32\DRIVERS\MTXPARM.sys

13:46:58.0946 5412        MTXPAR ( UnsignedFile.Multi.Generic ) - warning

13:46:58.0947 5412        MTXPAR - detected UnsignedFile.Multi.Generic (1)

13:46:59.0027 5412        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

13:46:59.0058 5412        Mup - ok

13:46:59.0229 5412        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

13:46:59.0262 5412        NativeWifiP - ok

13:46:59.0364 5412        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

13:46:59.0383 5412        NDIS - ok

13:46:59.0421 5412        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

13:46:59.0458 5412        NdisTapi - ok

13:46:59.0512 5412        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

13:46:59.0545 5412        Ndisuio - ok

13:46:59.0605 5412        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

13:46:59.0638 5412        NdisWan - ok

13:46:59.0689 5412        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

13:46:59.0712 5412        NDProxy - ok

13:46:59.0736 5412        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

13:46:59.0769 5412        NetBIOS - ok

13:46:59.0857 5412        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

13:46:59.0895 5412        netbt - ok

13:46:59.0959 5412        netr73          (271ac1312ef1dde187793183abbfa8d0) C:\Windows\system32\DRIVERS\netr73.sys

13:47:00.0039 5412        netr73 - ok

13:47:00.0157 5412        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

13:47:00.0165 5412        nfrd960 - ok

13:47:00.0234 5412        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

13:47:00.0273 5412        Npfs - ok

13:47:00.0325 5412        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

13:47:00.0393 5412        nsiproxy - ok

13:47:00.0475 5412        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

13:47:00.0550 5412        Ntfs - ok

13:47:00.0643 5412        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

13:47:00.0682 5412        ntrigdigi - ok

13:47:00.0721 5412        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

13:47:00.0743 5412        Null - ok

13:47:00.0787 5412        NVENETFD        (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys

13:47:00.0851 5412        NVENETFD - ok

13:47:01.0042 5412        nvlddmkm        (cfddedc1151839dd71f78472645214a5) C:\Windows\system32\DRIVERS\nvlddmkm.sys

13:47:01.0166 5412        nvlddmkm - ok

13:47:01.0213 5412        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

13:47:01.0224 5412        nvraid - ok

13:47:01.0265 5412        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

13:47:01.0273 5412        nvstor - ok

13:47:01.0289 5412        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

13:47:01.0300 5412        nv_agp - ok

13:47:01.0310 5412        NwlnkFlt - ok

13:47:01.0320 5412        NwlnkFwd - ok

13:47:01.0387 5412        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

13:47:01.0404 5412        ohci1394 - ok

13:47:01.0444 5412        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

13:47:01.0507 5412        Parport - ok

13:47:01.0592 5412        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

13:47:01.0604 5412        partmgr - ok

13:47:01.0699 5412        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

13:47:01.0748 5412        Parvdm - ok

13:47:01.0799 5412        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

13:47:01.0812 5412        pci - ok

13:47:01.0880 5412        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

13:47:01.0890 5412        pciide - ok

13:47:01.0918 5412        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

13:47:01.0930 5412        pcmcia - ok

13:47:01.0999 5412        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

13:47:02.0116 5412        PEAUTH - ok

13:47:02.0246 5412        Ph3xIB32        (514fadd940a5ee06d6caa5cd0f6725d6) C:\Windows\system32\DRIVERS\Ph3xIB32.sys

13:47:02.0353 5412        Ph3xIB32 - ok

13:47:02.0460 5412        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

13:47:02.0482 5412        PptpMiniport - ok

13:47:02.0529 5412        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

13:47:02.0564 5412        Processor - ok

13:47:02.0653 5412        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

13:47:02.0682 5412        PSched - ok

13:47:02.0761 5412        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

13:47:02.0821 5412        ql2300 - ok

13:47:02.0903 5412        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

13:47:02.0913 5412        ql40xx - ok

13:47:02.0958 5412        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

13:47:03.0011 5412        QWAVEdrv - ok

13:47:03.0071 5412        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

13:47:03.0098 5412        RasAcd - ok

13:47:03.0122 5412        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:47:03.0152 5412        Rasl2tp - ok

13:47:03.0226 5412        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

13:47:03.0255 5412        RasPppoe - ok

13:47:03.0307 5412        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

13:47:03.0319 5412        RasSstp - ok

13:47:03.0399 5412        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

13:47:03.0429 5412        rdbss - ok

13:47:03.0456 5412        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:47:03.0500 5412        RDPCDD - ok

13:47:03.0607 5412        rdpdr           (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys

13:47:03.0654 5412        rdpdr - ok

13:47:03.0697 5412        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

13:47:03.0719 5412        RDPENCDD - ok

13:47:03.0781 5412        RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

13:47:03.0800 5412        RDPWD - ok

13:47:03.0838 5412        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

13:47:03.0860 5412        rspndr - ok

13:47:03.0880 5412        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

13:47:03.0890 5412        sbp2port - ok

13:47:03.0963 5412        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

13:47:04.0008 5412        secdrv - ok

13:47:04.0043 5412        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

13:47:04.0082 5412        Serenum - ok

13:47:04.0111 5412        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

13:47:04.0162 5412        Serial - ok

13:47:04.0212 5412        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

13:47:04.0242 5412        sermouse - ok

13:47:04.0285 5412        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

13:47:04.0312 5412        sffdisk - ok

13:47:04.0359 5412        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

13:47:04.0380 5412        sffp_mmc - ok

13:47:04.0391 5412        sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

13:47:04.0423 5412        sffp_sd - ok

13:47:04.0442 5412        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

13:47:04.0504 5412        sfloppy - ok

13:47:04.0568 5412        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

13:47:04.0578 5412        sisagp - ok

13:47:04.0604 5412        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

13:47:04.0613 5412        SiSRaid2 - ok

13:47:04.0633 5412        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

13:47:04.0643 5412        SiSRaid4 - ok

13:47:04.0738 5412        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

13:47:04.0779 5412        Smb - ok

13:47:04.0822 5412        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

13:47:04.0830 5412        spldr - ok

13:47:04.0889 5412        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

13:47:04.0909 5412        srv - ok

13:47:04.0986 5412        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

13:47:05.0000 5412        srv2 - ok

13:47:05.0037 5412        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

13:47:05.0060 5412        srvnet - ok

13:47:05.0113 5412        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

13:47:05.0120 5412        ssmdrv - ok

13:47:05.0159 5412        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

13:47:05.0167 5412        swenum - ok

13:47:05.0268 5412        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

13:47:05.0276 5412        Symc8xx - ok

13:47:05.0335 5412        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

13:47:05.0344 5412        Sym_hi - ok

13:47:05.0374 5412        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

13:47:05.0382 5412        Sym_u3 - ok

13:47:05.0457 5412        Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

13:47:05.0510 5412        Tcpip - ok

13:47:05.0576 5412        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

13:47:05.0603 5412        Tcpip6 - ok

13:47:05.0694 5412        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

13:47:05.0714 5412        tcpipreg - ok

13:47:05.0796 5412        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

13:47:05.0827 5412        TDPIPE - ok

13:47:05.0857 5412        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

13:47:05.0891 5412        TDTCP - ok

13:47:05.0964 5412        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

13:47:05.0988 5412        tdx - ok

13:47:06.0087 5412        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

13:47:06.0097 5412        TermDD - ok

13:47:06.0143 5412        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:47:06.0179 5412        tssecsrv - ok

13:47:06.0200 5412        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

13:47:06.0259 5412        tunmp - ok

13:47:06.0333 5412        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

13:47:06.0355 5412        tunnel - ok

13:47:06.0419 5412        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

13:47:06.0429 5412        uagp35 - ok

13:47:06.0480 5412        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

13:47:06.0501 5412        udfs - ok

13:47:06.0531 5412        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

13:47:06.0540 5412        uliagpkx - ok

13:47:06.0566 5412        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

13:47:06.0580 5412        uliahci - ok

13:47:06.0640 5412        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

13:47:06.0650 5412        UlSata - ok

13:47:06.0663 5412        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

13:47:06.0674 5412        ulsata2 - ok

13:47:06.0748 5412        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

13:47:06.0784 5412        umbus - ok

13:47:06.0853 5412        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

13:47:06.0891 5412        usbaudio - ok

13:47:06.0945 5412        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

13:47:06.0973 5412        usbccgp - ok

13:47:07.0025 5412        usbcir          (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys

13:47:07.0048 5412        usbcir - ok

13:47:07.0070 5412        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

13:47:07.0107 5412        usbehci - ok

13:47:07.0157 5412        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

13:47:07.0191 5412        usbhub - ok

13:47:07.0268 5412        usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

13:47:07.0285 5412        usbohci - ok

13:47:07.0359 5412        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

13:47:07.0399 5412        usbprint - ok

13:47:07.0422 5412        usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

13:47:07.0456 5412        usbscan - ok

13:47:07.0477 5412        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:47:07.0495 5412        USBSTOR - ok

13:47:07.0542 5412        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

13:47:07.0581 5412        usbuhci - ok

13:47:07.0653 5412        VClone          (9bf2ea54e5ed5acdf96f1dec84c117c4) C:\Windows\system32\DRIVERS\VClone.sys

13:47:07.0695 5412        VClone - ok

13:47:07.0730 5412        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

13:47:07.0774 5412        vga - ok

13:47:07.0795 5412        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

13:47:07.0830 5412        VgaSave - ok

13:47:07.0888 5412        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

13:47:07.0898 5412        viaagp - ok

13:47:07.0963 5412        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

13:47:07.0986 5412        ViaC7 - ok

13:47:08.0016 5412        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

13:47:08.0024 5412        viaide - ok

13:47:08.0093 5412        vncmirror       (efc092b667cbbe3b0a089db902df7ff6) C:\Windows\system32\DRIVERS\vncmirror.sys

13:47:08.0111 5412        vncmirror - ok

13:47:08.0135 5412        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

13:47:08.0145 5412        volmgr - ok

13:47:08.0221 5412        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

13:47:08.0237 5412        volmgrx - ok

13:47:08.0314 5412        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

13:47:08.0328 5412        volsnap - ok

13:47:08.0353 5412        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

13:47:08.0364 5412        vsmraid - ok

13:47:08.0391 5412        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

13:47:08.0439 5412        WacomPen - ok

13:47:08.0457 5412        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

13:47:08.0475 5412        Wanarp - ok

13:47:08.0479 5412        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

13:47:08.0496 5412        Wanarpv6 - ok

13:47:08.0531 5412        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

13:47:08.0541 5412        Wd - ok

13:47:08.0564 5412        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

13:47:08.0585 5412        Wdf01000 - ok

13:47:08.0679 5412        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

13:47:08.0720 5412        WmiAcpi - ok

13:47:08.0813 5412        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

13:47:08.0833 5412        WpdUsb - ok

13:47:08.0896 5412        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

13:47:08.0925 5412        ws2ifsl - ok

13:47:08.0991 5412        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:47:09.0024 5412        WUDFRd - ok

13:47:09.0049 5412        MBR (0x1B8)     (9c603bc3977968c891de319283e1e7af) \Device\Harddisk0\DR0

13:47:09.0079 5412        \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected

13:47:09.0079 5412        \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)

13:47:09.0119 5412        Boot (0x1200)   (29c67c2b976e00795037b915e7320e33) \Device\Harddisk0\DR0\Partition0

13:47:09.0120 5412        \Device\Harddisk0\DR0\Partition0 - ok

13:47:09.0133 5412        Boot (0x1200)   (b0a0a90b9d885581915bfdef59d9eec8) \Device\Harddisk0\DR0\Partition1

13:47:09.0134 5412        \Device\Harddisk0\DR0\Partition1 - ok

13:47:09.0135 5412        ============================================================

13:47:09.0135 5412        Scan finished

13:47:09.0135 5412        ============================================================

13:47:09.0151 3436        Detected object count: 2

13:47:09.0151 3436        Actual detected object count: 2

13:47:19.0675 3436        MTXPAR ( UnsignedFile.Multi.Generic ) - skipped by user

13:47:19.0675 3436        MTXPAR ( UnsignedFile.Multi.Generic ) - User select action: Skip 

13:47:19.0677 3436        \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - skipped by user

13:47:19.0677 3436        \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Skip

Zitat:

\Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - skipped by user

Bitte (nur diesen!!) mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach ein neues Log mit diesem Tool. Poste es wieder mit CODE-Tags umschlossen.

Code:

16:50:31.0541 3984        TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02

16:50:32.0041 3984        ============================================================

16:50:32.0041 3984        Current date / time: 2012/02/28 16:50:32.0041

16:50:32.0041 3984        SystemInfo:

16:50:32.0041 3984        

16:50:32.0041 3984        OS Version: 6.0.6002 ServicePack: 2.0

16:50:32.0042 3984        Product type: Workstation

16:50:32.0042 3984        ComputerName: TOBIASROLLEHOME

16:50:32.0042 3984        UserName: OWNER

16:50:32.0042 3984        Windows directory: C:\Windows

16:50:32.0042 3984        System windows directory: C:\Windows

16:50:32.0042 3984        Processor architecture: Intel x86

16:50:32.0042 3984        Number of processors: 2

16:50:32.0042 3984        Page size: 0x1000

16:50:32.0042 3984        Boot type: Normal boot

16:50:32.0042 3984        ============================================================

16:50:33.0935 3984        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

16:50:33.0946 3984        \Device\Harddisk0\DR0:

16:50:33.0947 3984        MBR used

16:50:33.0947 3984        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x394698A8

16:50:33.0947 3984        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x394698E7, BlocksNum 0xF1B35A

16:50:34.0152 3984        Initialize success

16:50:34.0152 3984        ============================================================

16:50:45.0818 2300        ============================================================

16:50:45.0818 2300        Scan started

16:50:45.0818 2300        Mode: Manual; SigCheck; TDLFS; 

16:50:45.0818 2300        ============================================================

16:50:50.0696 2300        3xHybrid        (3948303f88d035ff1c84aac07a17b9a9) C:\Windows\system32\DRIVERS\3xHybrid.sys

16:51:14.0755 2300        3xHybrid - ok

16:51:14.0910 2300        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

16:51:14.0927 2300        ACPI - ok

16:51:14.0965 2300        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

16:51:14.0986 2300        adp94xx - ok

16:51:15.0045 2300        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

16:51:15.0063 2300        adpahci - ok

16:51:15.0378 2300        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

16:51:15.0433 2300        adpu160m - ok

16:51:15.0606 2300        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

16:51:15.0681 2300        adpu320 - ok

16:51:16.0342 2300        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

16:51:16.0414 2300        AFD - ok

16:51:16.0739 2300        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

16:51:16.0784 2300        agp440 - ok

16:51:17.0148 2300        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

16:51:17.0158 2300        aic78xx - ok

16:51:17.0337 2300        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

16:51:17.0386 2300        aliide - ok

16:51:17.0460 2300        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

16:51:17.0469 2300        amdagp - ok

16:51:17.0891 2300        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

16:51:17.0937 2300        amdide - ok

16:51:18.0078 2300        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

16:51:18.0689 2300        AmdK7 - ok

16:51:19.0000 2300        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

16:51:19.0066 2300        AmdK8 - ok

16:51:19.0299 2300        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

16:51:19.0332 2300        arc - ok

16:51:19.0458 2300        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

16:51:19.0566 2300        arcsas - ok

16:51:19.0712 2300        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

16:51:19.0756 2300        AsyncMac - ok

16:51:19.0857 2300        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

16:51:19.0881 2300        atapi - ok

16:51:21.0636 2300        atikmdag        (c6eec3603b6d66d0f5a2edd430d338b3) C:\Windows\system32\DRIVERS\atikmdag.sys

16:51:21.0921 2300        atikmdag - ok

16:51:22.0053 2300        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys

16:51:22.0078 2300        avgntflt - ok

16:51:22.0111 2300        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys

16:51:22.0120 2300        avipbb - ok

16:51:22.0264 2300        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys

16:51:22.0273 2300        avkmgr - ok

16:51:22.0665 2300        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

16:51:22.0733 2300        Beep - ok

16:51:22.0799 2300        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

16:51:22.0867 2300        blbdrive - ok

16:51:23.0023 2300        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

16:51:23.0090 2300        bowser - ok

16:51:23.0158 2300        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

16:51:23.0689 2300        BrFiltLo - ok

16:51:23.0784 2300        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

16:51:23.0836 2300        BrFiltUp - ok

16:51:23.0915 2300        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

16:51:24.0010 2300        Brserid - ok

16:51:24.0247 2300        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

16:51:24.0348 2300        BrSerWdm - ok

16:51:24.0419 2300        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

16:51:24.0456 2300        BrUsbMdm - ok

16:51:24.0514 2300        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

16:51:24.0559 2300        BrUsbSer - ok

16:51:24.0632 2300        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

16:51:24.0670 2300        BTHMODEM - ok

16:51:24.0831 2300        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

16:51:24.0853 2300        cdfs - ok

16:51:24.0913 2300        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

16:51:24.0939 2300        cdrom - ok

16:51:24.0960 2300        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys

16:51:24.0981 2300        circlass - ok

16:51:25.0104 2300        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

16:51:25.0177 2300        CLFS - ok

16:51:25.0361 2300        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

16:51:25.0406 2300        cmdide - ok

16:51:25.0431 2300        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys

16:51:25.0439 2300        Compbatt - ok

16:51:25.0457 2300        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

16:51:25.0465 2300        crcdisk - ok

16:51:25.0704 2300        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

16:51:25.0746 2300        Crusoe - ok

16:51:25.0878 2300        CSC             (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys

16:51:25.0910 2300        CSC - ok

16:51:26.0068 2300        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

16:51:26.0105 2300        DfsC - ok

16:51:26.0198 2300        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

16:51:26.0220 2300        disk - ok

16:51:26.0450 2300        Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

16:51:26.0676 2300        Dot4 - ok

16:51:26.0933 2300        Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

16:51:26.0955 2300        Dot4Print - ok

16:51:26.0990 2300        dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

16:51:27.0029 2300        dot4usb - ok

16:51:27.0128 2300        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

16:51:27.0297 2300        drmkaud - ok

16:51:27.0793 2300        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

16:51:27.0887 2300        DXGKrnl - ok

16:51:28.0608 2300        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

16:51:28.0658 2300        E1G60 - ok

16:51:28.0799 2300        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

16:51:28.0820 2300        Ecache - ok

16:51:28.0915 2300        ElbyCDIO        (28cb0b64134ad62c2acf77db8501a619) C:\Windows\system32\Drivers\ElbyCDIO.sys

16:51:28.0923 2300        ElbyCDIO - ok

16:51:29.0251 2300        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

16:51:29.0304 2300        elxstor - ok

16:51:29.0341 2300        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

16:51:29.0362 2300        ErrDev - ok

16:51:29.0557 2300        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

16:51:29.0604 2300        exfat - ok

16:51:29.0738 2300        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

16:51:29.0788 2300        fastfat - ok

16:51:29.0945 2300        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

16:51:29.0967 2300        fdc - ok

16:51:29.0996 2300        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

16:51:30.0005 2300        FileInfo - ok

16:51:30.0021 2300        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

16:51:30.0043 2300        Filetrace - ok

16:51:30.0097 2300        FLMckUsb        (9a5f86048cd1190071a826f22bb88f47) C:\Windows\system32\DRIVERS\ATTchDrv.sys

16:51:30.0106 2300        FLMckUsb - ok

16:51:30.0136 2300        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

16:51:30.0157 2300        flpydisk - ok

16:51:30.0322 2300        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

16:51:30.0340 2300        FltMgr - ok

16:51:30.0399 2300        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

16:51:30.0428 2300        Fs_Rec - ok

16:51:30.0493 2300        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

16:51:30.0526 2300        gagp30kx - ok

16:51:30.0632 2300        HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

16:51:30.0663 2300        HdAudAddService - ok

16:51:30.0910 2300        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

16:51:31.0000 2300        HDAudBus - ok

16:51:31.0357 2300        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

16:51:31.0425 2300        HidBth - ok

16:51:31.0933 2300        HidIr           (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys

16:51:31.0950 2300        HidIr - ok

16:51:32.0052 2300        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

16:51:32.0085 2300        HidUsb - ok

16:51:32.0118 2300        hoplfb - ok

16:51:32.0164 2300        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

16:51:32.0193 2300        HpCISSs - ok

16:51:32.0285 2300        HPFXBULK        (299683d4c8aaa3f6f5d5d226a1782a6e) C:\Windows\system32\drivers\hpfxbulk.sys

16:51:32.0293 2300        HPFXBULK - ok

16:51:32.0350 2300        HPFXFAX         (f728db73a87231e27b6ba34d71ce2edb) C:\Windows\system32\drivers\hpfxfax.sys

16:51:32.0357 2300        HPFXFAX - ok

16:51:32.0428 2300        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

16:51:32.0491 2300        HTTP - ok

16:51:32.0581 2300        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

16:51:32.0606 2300        i2omp - ok

16:51:32.0645 2300        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

16:51:32.0662 2300        i8042prt - ok

16:51:32.0688 2300        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

16:51:32.0701 2300        iaStorV - ok

16:51:32.0730 2300        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

16:51:32.0762 2300        iirsp - ok

16:51:32.0830 2300        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

16:51:32.0852 2300        intelide - ok

16:51:32.0886 2300        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

16:51:32.0907 2300        intelppm - ok

16:51:33.0035 2300        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:51:33.0094 2300        IpFilterDriver - ok

16:51:33.0127 2300        IpInIp - ok

16:51:33.0479 2300        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

16:51:33.0550 2300        IPMIDRV - ok

16:51:33.0906 2300        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

16:51:33.0929 2300        IPNAT - ok

16:51:34.0285 2300        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

16:51:34.0319 2300        IRENUM - ok

16:51:34.0355 2300        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

16:51:34.0365 2300        isapnp - ok

16:51:34.0459 2300        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

16:51:34.0470 2300        iScsiPrt - ok

16:51:34.0735 2300        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

16:51:34.0776 2300        iteatapi - ok

16:51:34.0913 2300        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

16:51:35.0046 2300        iteraid - ok

16:51:35.0075 2300        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

16:51:35.0084 2300        kbdclass - ok

16:51:35.0146 2300        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

16:51:35.0163 2300        kbdhid - ok

16:51:35.0322 2300        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

16:51:35.0343 2300        KSecDD - ok

16:51:35.0403 2300        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

16:51:35.0425 2300        lltdio - ok

16:51:35.0484 2300        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

16:51:35.0494 2300        LSI_FC - ok

16:51:35.0587 2300        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

16:51:35.0597 2300        LSI_SAS - ok

16:51:35.0651 2300        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

16:51:35.0661 2300        LSI_SCSI - ok

16:51:35.0702 2300        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

16:51:35.0725 2300        luafv - ok

16:51:35.0812 2300        MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

16:51:35.0819 2300        MBAMProtector - ok

16:51:35.0906 2300        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

16:51:35.0915 2300        megasas - ok

16:51:35.0958 2300        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

16:51:35.0987 2300        MegaSR - ok

16:51:36.0059 2300        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

16:51:36.0087 2300        Modem - ok

16:51:36.0104 2300        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

16:51:36.0126 2300        monitor - ok

16:51:36.0387 2300        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

16:51:36.0395 2300        mouclass - ok

16:51:36.0785 2300        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

16:51:36.0834 2300        mouhid - ok

16:51:36.0886 2300        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

16:51:36.0894 2300        MountMgr - ok

16:51:36.0917 2300        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

16:51:36.0926 2300        mpio - ok

16:51:36.0954 2300        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

16:51:36.0971 2300        mpsdrv - ok

16:51:36.0991 2300        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

16:51:36.0999 2300        Mraid35x - ok

16:51:37.0068 2300        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

16:51:37.0097 2300        MRxDAV - ok

16:51:37.0252 2300        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

16:51:37.0280 2300        mrxsmb - ok

16:51:37.0390 2300        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:51:37.0413 2300        mrxsmb10 - ok

16:51:37.0636 2300        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:51:41.0218 2300        mrxsmb20 - ok

16:51:41.0984 2300        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

16:51:41.0992 2300        msahci - ok

16:51:42.0086 2300        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

16:51:42.0127 2300        msdsm - ok

16:51:42.0152 2300        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

16:51:42.0174 2300        Msfs - ok

16:51:42.0197 2300        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

16:51:42.0205 2300        msisadrv - ok

16:51:42.0283 2300        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

16:51:42.0304 2300        MSKSSRV - ok

16:51:42.0355 2300        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

16:51:42.0376 2300        MSPCLOCK - ok

16:51:42.0387 2300        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

16:51:42.0430 2300        MSPQM - ok

16:51:42.0690 2300        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

16:51:42.0723 2300        MsRPC - ok

16:51:43.0279 2300        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

16:51:43.0287 2300        mssmbios - ok

16:51:43.0407 2300        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

16:51:43.0465 2300        MSTEE - ok

16:51:43.0946 2300        MTXPAR          (1171baf750ff1772dd128317bb5de001) C:\Windows\system32\DRIVERS\MTXPARM.sys

16:51:43.0995 2300        MTXPAR ( UnsignedFile.Multi.Generic ) - warning

16:51:43.0995 2300        MTXPAR - detected UnsignedFile.Multi.Generic (1)

16:51:44.0540 2300        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

16:51:44.0580 2300        Mup - ok

16:51:44.0711 2300        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

16:51:44.0751 2300        NativeWifiP - ok

16:51:44.0802 2300        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

16:51:44.0823 2300        NDIS - ok

16:51:44.0859 2300        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

16:51:44.0875 2300        NdisTapi - ok

16:51:44.0892 2300        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

16:51:44.0913 2300        Ndisuio - ok

16:51:44.0969 2300        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

16:51:44.0992 2300        NdisWan - ok

16:51:45.0619 2300        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

16:51:45.0687 2300        NDProxy - ok

16:51:46.0283 2300        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

16:51:46.0321 2300        NetBIOS - ok

16:51:46.0395 2300        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

16:51:46.0416 2300        netbt - ok

16:51:46.0473 2300        netr73          (271ac1312ef1dde187793183abbfa8d0) C:\Windows\system32\DRIVERS\netr73.sys

16:51:46.0513 2300        netr73 - ok

16:51:46.0545 2300        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

16:51:46.0554 2300        nfrd960 - ok

16:51:46.0631 2300        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

16:51:46.0653 2300        Npfs - ok

16:51:46.0713 2300        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

16:51:46.0758 2300        nsiproxy - ok

16:51:46.0891 2300        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

16:51:46.0932 2300        Ntfs - ok

16:51:46.0973 2300        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

16:51:47.0013 2300        ntrigdigi - ok

16:51:47.0117 2300        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

16:51:47.0142 2300        Null - ok

16:51:47.0292 2300        NVENETFD        (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys

16:51:47.0347 2300        NVENETFD - ok

16:51:47.0555 2300        nvlddmkm        (cfddedc1151839dd71f78472645214a5) C:\Windows\system32\DRIVERS\nvlddmkm.sys

16:51:47.0698 2300        nvlddmkm - ok

16:51:47.0835 2300        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

16:51:47.0847 2300        nvraid - ok

16:51:47.0886 2300        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

16:51:47.0896 2300        nvstor - ok

16:51:47.0936 2300        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

16:51:47.0948 2300        nv_agp - ok

16:51:48.0247 2300        NwlnkFlt - ok

16:51:48.0784 2300        NwlnkFwd - ok

16:51:48.0900 2300        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

16:51:48.0938 2300        ohci1394 - ok

16:51:49.0006 2300        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

16:51:49.0046 2300        Parport - ok

16:51:49.0113 2300        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

16:51:49.0145 2300        partmgr - ok

16:51:49.0187 2300        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

16:51:49.0249 2300        Parvdm - ok

16:51:49.0746 2300        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

16:51:49.0778 2300        pci - ok

16:51:49.0910 2300        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

16:51:49.0918 2300        pciide - ok

16:51:50.0208 2300        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

16:51:50.0219 2300        pcmcia - ok

16:51:50.0304 2300        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

16:51:50.0361 2300        PEAUTH - ok

16:51:51.0159 2300        Ph3xIB32        (514fadd940a5ee06d6caa5cd0f6725d6) C:\Windows\system32\DRIVERS\Ph3xIB32.sys

16:51:51.0248 2300        Ph3xIB32 - ok

16:51:51.0406 2300        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

16:51:51.0467 2300        PptpMiniport - ok

16:51:51.0484 2300        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

16:51:51.0506 2300        Processor - ok

16:51:51.0599 2300        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

16:51:51.0616 2300        PSched - ok

16:51:51.0791 2300        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

16:51:51.0829 2300        ql2300 - ok

16:51:51.0866 2300        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

16:51:51.0889 2300        ql40xx - ok

16:51:51.0979 2300        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

16:51:51.0990 2300        QWAVEdrv - ok

16:51:52.0017 2300        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

16:51:52.0038 2300        RasAcd - ok

16:51:52.0052 2300        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

16:51:52.0081 2300        Rasl2tp - ok

16:51:52.0147 2300        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

16:51:52.0165 2300        RasPppoe - ok

16:51:52.0293 2300        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

16:51:52.0314 2300        RasSstp - ok

16:51:52.0395 2300        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

16:51:52.0416 2300        rdbss - ok

16:51:52.0444 2300        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

16:51:52.0466 2300        RDPCDD - ok

16:51:52.0632 2300        rdpdr           (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys

16:51:52.0659 2300        rdpdr - ok

16:51:52.0688 2300        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

16:51:52.0709 2300        RDPENCDD - ok

16:51:52.0889 2300        RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

16:51:52.0942 2300        RDPWD - ok

16:51:53.0034 2300        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

16:51:53.0056 2300        rspndr - ok

16:51:53.0152 2300        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

16:51:53.0175 2300        sbp2port - ok

16:51:53.0209 2300        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

16:51:53.0247 2300        secdrv - ok

16:51:53.0281 2300        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

16:51:53.0319 2300        Serenum - ok

16:51:53.0361 2300        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

16:51:53.0416 2300        Serial - ok

16:51:53.0542 2300        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

16:51:53.0612 2300        sermouse - ok

16:51:53.0664 2300        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

16:51:53.0699 2300        sffdisk - ok

16:51:53.0780 2300        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

16:51:53.0801 2300        sffp_mmc - ok

16:51:53.0838 2300        sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

16:51:53.0868 2300        sffp_sd - ok

16:51:53.0888 2300        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

16:51:53.0928 2300        sfloppy - ok

16:51:53.0972 2300        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

16:51:53.0982 2300        sisagp - ok

16:51:54.0059 2300        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

16:51:54.0067 2300        SiSRaid2 - ok

16:51:54.0096 2300        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

16:51:54.0106 2300        SiSRaid4 - ok

16:51:54.0189 2300        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

16:51:54.0214 2300        Smb - ok

16:51:54.0419 2300        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

16:51:54.0427 2300        spldr - ok

16:51:55.0003 2300        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

16:51:55.0031 2300        srv - ok

16:51:55.0183 2300        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

16:51:55.0204 2300        srv2 - ok

16:51:55.0250 2300        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

16:51:55.0273 2300        srvnet - ok

16:51:55.0314 2300        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

16:51:55.0322 2300        ssmdrv - ok

16:51:55.0430 2300        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

16:51:55.0438 2300        swenum - ok

16:51:55.0622 2300        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

16:51:55.0631 2300        Symc8xx - ok

16:51:55.0756 2300        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

16:51:55.0779 2300        Sym_hi - ok

16:51:55.0828 2300        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

16:51:55.0837 2300        Sym_u3 - ok

16:51:56.0022 2300        Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

16:51:56.0053 2300        Tcpip - ok

16:51:56.0131 2300        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

16:51:56.0157 2300        Tcpip6 - ok

16:51:56.0240 2300        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

16:51:56.0260 2300        tcpipreg - ok

16:51:56.0301 2300        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

16:51:56.0322 2300        TDPIPE - ok

16:51:56.0353 2300        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

16:51:56.0387 2300        TDTCP - ok

16:51:56.0462 2300        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

16:51:56.0493 2300        tdx - ok

16:51:56.0616 2300        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

16:51:56.0625 2300        TermDD - ok

16:51:56.0781 2300        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

16:51:56.0825 2300        tssecsrv - ok

16:51:56.0871 2300        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

16:51:56.0888 2300        tunmp - ok

16:51:56.0963 2300        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

16:51:57.0000 2300        tunnel - ok

16:51:57.0032 2300        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

16:51:57.0055 2300        uagp35 - ok

16:51:57.0185 2300        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

16:51:57.0206 2300        udfs - ok

16:51:57.0235 2300        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

16:51:57.0265 2300        uliagpkx - ok

16:51:57.0446 2300        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

16:51:57.0459 2300        uliahci - ok

16:51:57.0511 2300        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

16:51:57.0521 2300        UlSata - ok

16:51:57.0651 2300        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

16:51:57.0661 2300        ulsata2 - ok

16:51:57.0676 2300        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

16:51:57.0721 2300        umbus - ok

16:51:57.0841 2300        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

16:51:57.0879 2300        usbaudio - ok

16:51:57.0958 2300        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

16:51:57.0975 2300        usbccgp - ok

16:51:58.0005 2300        usbcir          (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys

16:51:58.0027 2300        usbcir - ok

16:51:58.0099 2300        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

16:51:58.0136 2300        usbehci - ok

16:51:58.0344 2300        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

16:51:58.0364 2300        usbhub - ok

16:51:58.0448 2300        usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

16:51:58.0493 2300        usbohci - ok

16:51:58.0546 2300        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

16:51:58.0586 2300        usbprint - ok

16:51:58.0626 2300        usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

16:51:58.0648 2300        usbscan - ok

16:51:58.0673 2300        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:51:58.0690 2300        USBSTOR - ok

16:51:58.0771 2300        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

16:51:58.0818 2300        usbuhci - ok

16:51:58.0871 2300        VClone          (9bf2ea54e5ed5acdf96f1dec84c117c4) C:\Windows\system32\DRIVERS\VClone.sys

16:51:58.0900 2300        VClone - ok

16:51:58.0935 2300        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

16:51:58.0978 2300        vga - ok

16:51:58.0992 2300        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

16:51:59.0014 2300        VgaSave - ok

16:51:59.0042 2300        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

16:51:59.0075 2300        viaagp - ok

16:51:59.0218 2300        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

16:51:59.0283 2300        ViaC7 - ok

16:51:59.0629 2300        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

16:51:59.0652 2300        viaide - ok

16:51:59.0763 2300        vncmirror       (efc092b667cbbe3b0a089db902df7ff6) C:\Windows\system32\DRIVERS\vncmirror.sys

16:51:59.0806 2300        vncmirror - ok

16:51:59.0847 2300        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

16:51:59.0860 2300        volmgr - ok

16:51:59.0926 2300        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

16:51:59.0940 2300        volmgrx - ok

16:52:00.0002 2300        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

16:52:00.0015 2300        volsnap - ok

16:52:00.0799 2300        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

16:52:00.0838 2300        vsmraid - ok

16:52:00.0904 2300        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

16:52:00.0942 2300        WacomPen - ok

16:52:00.0962 2300        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

16:52:01.0002 2300        Wanarp - ok

16:52:01.0006 2300        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

16:52:01.0023 2300        Wanarpv6 - ok

16:52:01.0110 2300        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

16:52:01.0118 2300        Wd - ok

16:52:01.0143 2300        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

16:52:01.0164 2300        Wdf01000 - ok

16:52:01.0275 2300        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

16:52:01.0324 2300        WmiAcpi - ok

16:52:01.0443 2300        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

16:52:01.0496 2300        WpdUsb - ok

16:52:01.0542 2300        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

16:52:01.0604 2300        ws2ifsl - ok

16:52:01.0653 2300        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

16:52:01.0685 2300        WUDFRd - ok

16:52:01.0711 2300        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

16:52:03.0794 2300        \Device\Harddisk0\DR0 - ok

16:52:03.0845 2300        Boot (0x1200)   (29c67c2b976e00795037b915e7320e33) \Device\Harddisk0\DR0\Partition0

16:52:03.0874 2300        \Device\Harddisk0\DR0\Partition0 - ok

16:52:03.0946 2300        Boot (0x1200)   (b0a0a90b9d885581915bfdef59d9eec8) \Device\Harddisk0\DR0\Partition1

16:52:04.0083 2300        \Device\Harddisk0\DR0\Partition1 - ok

16:52:04.0084 2300        ============================================================

16:52:04.0084 2300        Scan finished

16:52:04.0084 2300        ============================================================

16:52:04.0097 2592        Detected object count: 1

16:52:04.0097 2592        Actual detected object count: 1

16:52:11.0285 2592        MTXPAR ( UnsignedFile.Multi.Generic ) - skipped by user

16:52:11.0285 2592        MTXPAR ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Code:

ComboFix 12-02-29.01 - OWNER 29.02.2012  12:13:28.1.2 - x86

Microsoft® Windows Vista™ Business   6.0.6002.2.1252.1.1033.18.3070.1870 [GMT 1:00]

Running from: c:\users\OWNER\Downloads\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\StartSearch plugin

c:\program files\StartSearch plugin\IEhelperActiveX.dll

c:\program files\StartSearch plugin\uninst.exe

c:\program files\StartSearch plugin\vShareBar.dll

c:\program files\StartSearch plugin\vshareplg.crx

c:\windows\XSxS

.

.

(((((((((((((((((((((((((   Files Created from 2012-01-28 to 2012-02-29  )))))))))))))))))))))))))))))))

.

.

2012-02-29 11:19 . 2012-02-29 11:19        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-02-29 00:37 . 2012-02-29 00:37        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF16A7BF-1466-465E-952F-752A3BAEE7A1}\offreg.dll

2012-02-28 15:47 . 2012-02-28 15:47        --------        d-----w-        C:\TDSSKiller_Quarantine

2012-02-28 12:09 . 2012-02-28 12:09        --------        d-----w-        C:\_OTL

2012-02-28 08:11 . 2012-02-08 06:03        6552120        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF16A7BF-1466-465E-952F-752A3BAEE7A1}\mpengine.dll

2012-02-27 12:14 . 2012-02-27 12:14        --------        d-----w-        c:\program files\ESET

2012-02-27 09:08 . 2012-02-27 09:08        --------        d-----w-        c:\users\OWNER\AppData\Roaming\Malwarebytes

2012-02-27 09:08 . 2012-02-27 09:08        --------        d-----w-        c:\programdata\Malwarebytes

2012-02-27 09:08 . 2012-02-27 09:08        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-02-27 09:08 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-02-27 07:03 . 2012-02-27 07:03        19416        ----a-w-        c:\program files\Mozilla Firefox\AccessibleMarshal.dll

2012-02-27 07:03 . 2012-02-27 07:03        2106216        ----a-w-        c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2012-02-27 07:03 . 2012-02-27 07:03        134104        ----a-w-        c:\program files\Mozilla Firefox\components\browsercomps.dll

2012-02-27 07:03 . 2012-02-27 07:03        125912        ----a-w-        c:\program files\Mozilla Firefox\crashreporter.exe

2012-02-27 07:03 . 2012-02-27 07:03        1998168        ----a-w-        c:\program files\Mozilla Firefox\d3dx9_43.dll

2012-02-20 16:58 . 2011-03-12 21:55        876032        ----a-w-        c:\windows\system32\XpsPrint.dll

2012-02-20 08:43 . 2012-02-28 12:09        --------        d-----w-        c:\program files\Spybot - Search & Destroy

2012-02-20 08:43 . 2012-02-20 09:05        --------        d-----w-        c:\programdata\Spybot - Search & Destroy

2012-02-20 08:42 . 2012-02-20 08:42        --------        d-----w-        c:\users\OWNER\AppData\Roaming\Avira

2012-02-20 08:40 . 2012-02-20 08:47        137416        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-02-20 08:40 . 2011-10-11 14:06        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2012-02-20 08:40 . 2012-02-20 08:40        --------        d-----w-        c:\programdata\Avira

2012-02-20 08:40 . 2012-02-20 08:40        --------        d-----w-        c:\program files\Avira

2012-02-20 08:07 . 2012-02-20 08:07        --------        d-----w-        c:\program files\Windows Portable Devices

2012-02-19 23:00 . 2009-09-10 02:01        3023360        ----a-w-        c:\windows\system32\UIRibbon.dll

2012-02-19 23:00 . 2009-09-10 02:00        1164800        ----a-w-        c:\windows\system32\UIRibbonRes.dll

2012-02-19 23:00 . 2009-09-10 02:00        92672        ----a-w-        c:\windows\system32\UIAnimation.dll

2012-02-19 20:08 . 2011-10-27 08:01        3602816        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2012-02-19 20:08 . 2011-10-27 08:01        3550080        ----a-w-        c:\windows\system32\ntoskrnl.exe

2012-02-19 20:08 . 2011-10-14 16:03        189952        ----a-w-        c:\windows\system32\winmm.dll

2012-02-19 20:08 . 2011-10-14 16:00        23552        ----a-w-        c:\windows\system32\mciseq.dll

2012-02-19 20:05 . 2011-10-14 16:02        429056        ----a-w-        c:\windows\system32\EncDec.dll

2012-02-19 20:03 . 2011-11-25 15:59        376320        ----a-w-        c:\windows\system32\winsrv.dll

2012-02-19 20:03 . 2011-12-14 16:17        680448        ----a-w-        c:\windows\system32\msvcrt.dll

2012-02-19 19:58 . 2011-09-20 21:02        905088        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2012-02-19 19:58 . 2012-01-12 19:52        2044416        ----a-w-        c:\windows\system32\win32k.sys

2012-02-19 19:54 . 2011-10-25 15:56        49152        ----a-w-        c:\windows\system32\csrsrv.dll

2012-02-19 19:54 . 2011-10-25 15:58        1314816        ----a-w-        c:\windows\system32\quartz.dll

2012-02-19 19:54 . 2011-10-25 15:58        497152        ----a-w-        c:\windows\system32\qdvd.dll

2012-02-19 19:49 . 2011-11-17 06:48        440192        ----a-w-        c:\windows\system32\drivers\ksecdd.sys

2012-02-19 19:49 . 2011-11-16 16:23        377344        ----a-w-        c:\windows\system32\winhttp.dll

2012-02-19 19:49 . 2011-11-16 16:23        72704        ----a-w-        c:\windows\system32\secur32.dll

2012-02-19 19:49 . 2011-11-16 16:23        278528        ----a-w-        c:\windows\system32\schannel.dll

2012-02-19 19:49 . 2011-11-16 16:21        1259008        ----a-w-        c:\windows\system32\lsasrv.dll

2012-02-19 19:49 . 2011-11-16 14:12        9728        ----a-w-        c:\windows\system32\lsass.exe

2012-02-19 19:49 . 2011-11-08 14:42        2048        ----a-w-        c:\windows\system32\tzres.dll

2012-02-19 19:49 . 2011-12-20 10:56        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat

2012-02-19 19:48 . 2011-08-25 16:15        555520        ----a-w-        c:\windows\system32\UIAutomationCore.dll

2012-02-19 19:48 . 2011-08-25 16:14        563712        ----a-w-        c:\windows\system32\oleaut32.dll

2012-02-19 19:48 . 2011-08-25 16:14        238080        ----a-w-        c:\windows\system32\oleacc.dll

2012-02-19 19:48 . 2011-08-25 13:31        4096        ----a-w-        c:\windows\system32\oleaccrc.dll

2012-02-19 19:48 . 2011-09-30 15:57        707584        ----a-w-        c:\program files\Common Files\System\wab32.dll

2012-02-19 19:41 . 2010-05-04 19:13        231424        ----a-w-        c:\windows\system32\msshsq.dll

2012-02-19 14:00 . 2012-02-19 14:01        --------        d-----w-        c:\windows\system32\ca-ES

2012-02-19 14:00 . 2012-02-19 14:01        --------        d-----w-        c:\windows\system32\eu-ES

2012-02-19 14:00 . 2012-02-19 14:01        --------        d-----w-        c:\windows\system32\vi-VN

2012-02-19 12:22 . 2012-02-19 12:22        --------        d-----w-        c:\windows\system32\EventProviders

2012-02-19 12:15 . 2012-02-19 12:14        476904        ----a-w-        c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2012-02-19 12:15 . 2012-02-19 12:14        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2012-02-19 12:14 . 2012-02-19 12:14        --------        d-----w-        c:\program files\Java

2012-02-13 19:23 . 2012-02-18 15:34        --------        d-----w-        c:\users\OWNER\AppData\Roaming\Izva

2012-02-13 19:23 . 2012-02-16 07:39        --------        d-----w-        c:\users\OWNER\AppData\Roaming\Upsyc

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-29 04:10 . 2009-10-03 09:52        237072        ------w-        c:\windows\system32\MpSigStub.exe

2011-12-09 09:36 . 2011-12-09 09:36        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-27 07:03 . 2012-02-27 07:03        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-15 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Matrox PowerDesk SE"="c:\program files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe" [2005-09-23 163840]

"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-15 68592]

"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2008-08-01 53248]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]

"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-08-04 36864]

"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-01-26 2831232]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 49122395

*Deregistered* - 49122395

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork        REG_MULTI_SZ           PLA DPS BFE mpssvc

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 16:39]

.

2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 16:39]

.

2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3062086142-2646581309-1385036962-1000Core.job

- c:\users\OWNER\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-26 06:10]

.

2012-02-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3062086142-2646581309-1385036962-1000UA.job

- c:\users\OWNER\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-26 06:10]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 213.132.63.25 80.227.2.4

TCP: Interfaces\{C095790D-7D25-4D96-A430-09ACA1D03712}: NameServer = 208.67.222.222 208.67.220.220

FF - ProfilePath - c:\users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\wwnnjdtx.default\

FF - prefs.js: browser.search.selectedEngine - 

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-HPPQVideo - c:\program files\HP\ScheduledLaunch\HP Color LaserJet CM2320 MFP Series\bin\hppschlnch.exe -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CM2320_MFP_Series -f PQOptimizerVideo.xml

AddRemove-vShare plugin - c:\program files\StartSearch plugin\uninst.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-02-29 12:19

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...  

.

scanning hidden autostart entries ... 

.

scanning hidden files ...  

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2012-02-29  12:23:28

ComboFix-quarantined-files.txt  2012-02-29 11:23

.

Pre-Run: 402.099.834.880 bytes free

Post-Run: 402.031.480.832 bytes free

.

- - End Of File - - B15C98F13CD1FF3B144E654F3C213739

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-03-01 10:55:06

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000058 Hitachi_ rev.GM4O

Running: qn01pe4n.exe; Driver: C:\Users\OWNER\AppData\Local\Temp\kxndruod.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT     8B028C3E                                                                                                                                                                                         ZwCreateSection

SSDT     8B028C16                                                                                                                                                                                         ZwCreateSymbolicLinkObject

SSDT     8B028C1B                                                                                                                                                                                         ZwLoadDriver

SSDT     8B028C11                                                                                                                                                                                         ZwOpenSection

SSDT     8B028C48                                                                                                                                                                                         ZwRequestWaitReplyPort

SSDT     8B028C43                                                                                                                                                                                         ZwSetContextThread

SSDT     8B028C4D                                                                                                                                                                                         ZwSetSecurityObject

SSDT     8B028C20                                                                                                                                                                                         ZwSetSystemInformation

SSDT     8B028C52                                                                                                                                                                                         ZwSystemDebugControl

SSDT     8B028BDF                                                                                                                                                                                         ZwTerminateProcess

SSDT     8B028BDA                                                                                                                                                                                         ZwWriteVirtualMemory
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text    ntkrnlpa.exe!KeSetEvent + 215                                                                                                                                                                    820FB998 4 Bytes  [3E, 8C, 02, 8B]

.text    ntkrnlpa.exe!KeSetEvent + 21D                                                                                                                                                                    820FB9A0 4 Bytes  [16, 8C, 02, 8B]

.text    ntkrnlpa.exe!KeSetEvent + 37D                                                                                                                                                                    820FBB00 4 Bytes  [1B, 8C, 02, 8B]

.text    ntkrnlpa.exe!KeSetEvent + 3FD                                                                                                                                                                    820FBB80 4 Bytes  [11, 8C, 02, 8B]

.text    ntkrnlpa.exe!KeSetEvent + 539                                                                                                                                                                    820FBCBC 4 Bytes  [48, 8C, 02, 8B]

.text    ...                                                                                                                                                                                              
 

---- User code sections - GMER 1.0.15 ----
 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!LdrLoadDll                                                                                                                                   77279378 5 Bytes  JMP 00832D30 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!LdrShutdownThread                                                                                                                            77291D42 5 Bytes  JMP 008524F0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!LdrGetDllHandle                                                                                                                              77295717 5 Bytes  JMP 00850C20 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtAllocateVirtualMemory                                                                                                                      772B3FA4 5 Bytes  JMP 008268F0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtAreMappedFilesTheSame                                                                                                                      772B4114 5 Bytes  JMP 00827E60 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCancelIoFile                                                                                                                               772B4154 5 Bytes  JMP 00832C80 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtClose                                                                                                                                      772B4184 5 Bytes  JMP 0082F940 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCompactKeys                                                                                                                                772B41A4 5 Bytes  JMP 0082DE20 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCompressKey                                                                                                                                772B41D4 5 Bytes  JMP 0082DD70 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCreateEvent                                                                                                                                772B4224 5 Bytes  JMP 0082ED10 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCreateFile                                                                                                                                 772B4244 5 Bytes  JMP 00832B20 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCreateKey                                                                                                                                  772B4284 5 Bytes  JMP 0082DC60 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCreateMailslotFile                                                                                                                         772B42A4 5 Bytes  JMP 00832A10 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCreateMutant                                                                                                                               772B42B4 5 Bytes  JMP 0082F160 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCreateNamedPipeFile                                                                                                                        772B42C4 5 Bytes  JMP 008328E0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCreatePagingFile                                                                                                                           772B42E4 5 Bytes  JMP 00832820 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCreateProcess                                                                                                                              772B4304 5 Bytes  JMP 00850A50 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCreateProcessEx                                                                                                                            772B4314 5 Bytes  JMP 00850970 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCreateSection                                                                                                                              772B4334 5 Bytes  JMP 00828480 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCreateSemaphore                                                                                                                            772B4344 5 Bytes  JMP 0082EE80 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCreateThread                                                                                                                               772B4364 5 Bytes  JMP 008507C0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtDeleteFile                                                                                                                                 772B4624 5 Bytes  JMP 00832750 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtDeleteKey                                                                                                                                  772B4634 5 Bytes  JMP 0082DB90 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtDeleteValueKey                                                                                                                             772B4664 5 Bytes  JMP 0082DAD0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtDeviceIoControlFile                                                                                                                        772B4674 5 Bytes  JMP 00832670 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtDuplicateObject                                                                                                                            772B4694 5 Bytes  JMP 0082F870 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtEnumerateKey                                                                                                                               772B46D4 5 Bytes  JMP 0082DA00 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtEnumerateValueKey                                                                                                                          772B4704 5 Bytes  JMP 0082D930 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtExtendSection                                                                                                                              772B4714 5 Bytes  JMP 008283B0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtFlushBuffersFile                                                                                                                           772B4744 5 Bytes  JMP 008325C0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtFlushKey                                                                                                                                   772B4764 5 Bytes  JMP 0082D880 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtFsControlFile                                                                                                                              772B47E4 5 Bytes  JMP 008324E0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtLoadKey                                                                                                                                    772B48E4 5 Bytes  JMP 0082D7D0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtLoadKey2                                                                                                                                   772B48F4 5 Bytes  JMP 0082D710 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtLoadKeyEx                                                                                                                                  772B4904 5 Bytes  JMP 0082D650 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtLockFile                                                                                                                                   772B4914 5 Bytes  JMP 008323D0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtLockRegistryKey                                                                                                                            772B4934 5 Bytes  JMP 0082D5A0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtMakeTemporaryObject                                                                                                                        772B4964 5 Bytes  JMP 0082F7C0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtMapViewOfSection                                                                                                                           772B4994 5 Bytes  JMP 008282A0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtNotifyChangeDirectoryFile                                                                                                                  772B49C4 5 Bytes  JMP 008322F0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtNotifyChangeKey                                                                                                                            772B49D4 5 Bytes  JMP 0082D4C0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtNotifyChangeMultipleKeys                                                                                                                   772B49E4 5 Bytes  JMP 0082D3E0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtOpenEvent                                                                                                                                  772B4A04 5 Bytes  JMP 0082EF80 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtOpenFile                                                                                                                                   772B4A24 5 Bytes  JMP 00832000 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtOpenKey                                                                                                                                    772B4A54 5 Bytes  JMP 0082D300 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtOpenMutant                                                                                                                                 772B4A74 5 Bytes  JMP 0082F070 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtOpenProcess                                                                                                                                772B4AA4 5 Bytes  JMP 00850B30 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtOpenSection                                                                                                                                772B4AD4 5 Bytes  JMP 008281B0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtOpenSemaphore                                                                                                                              772B4AE4 5 Bytes  JMP 0082ED90 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryAttributesFile                                                                                                                        772B4BC4 5 Bytes  JMP 00831F30 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryDirectoryFile                                                                                                                         772B4C24 5 Bytes  JMP 00831E40 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryEaFile                                                                                                                                772B4C54 5 Bytes  JMP 00831D60 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryFullAttributesFile                                                                                                                    772B4C74 5 Bytes  JMP 00831C90 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryInformationFile                                                                                                                       772B4C94 5 Bytes  JMP 00831BC0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryKey                                                                                                                                   772B4D24 5 Bytes  JMP 0082D150 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryMultipleValueKey                                                                                                                      772B4D34 5 Bytes  JMP 0082D070 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryObject                                                                                                                                772B4D54 5 Bytes  JMP 0082F6E0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryOpenSubKeys                                                                                                                           772B4D64 5 Bytes  JMP 0082CFC0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryOpenSubKeysEx                                                                                                                         772B4D74 5 Bytes  JMP 0082CF00 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryQuotaInformationFile                                                                                                                  772B4D94 5 Bytes  JMP 008312E0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQuerySection                                                                                                                               772B4DA4 5 Bytes  JMP 008280D0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQuerySecurityObject                                                                                                                        772B4DB4 5 Bytes  JMP 0082F310 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryValueKey                                                                                                                              772B4E44 5 Bytes  JMP 0082CE30 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryVirtualMemory                                                                                                                         772B4E54 5 Bytes  JMP 00827F20 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryVolumeInformationFile                                                                                                                 772B4E64 5 Bytes  JMP 00831AF0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtReadFile                                                                                                                                   772B4EA4 5 Bytes  JMP 00831A00 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtReadFileScatter                                                                                                                            772B4EB4 5 Bytes  JMP 00831910 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtRenameKey                                                                                                                                  772B4F34 5 Bytes  JMP 0082CD70 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtReplaceKey                                                                                                                                 772B4F44 5 Bytes  JMP 0082CCB0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtRestoreKey                                                                                                                                 772B5004 5 Bytes  JMP 0082CBF0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtSaveKey                                                                                                                                    772B5034 5 Bytes  JMP 0082CB40 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtSaveKeyEx                                                                                                                                  772B5044 5 Bytes  JMP 0082CA80 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtSaveMergedKeys                                                                                                                             772B5054 5 Bytes  JMP 0082C9C0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtSetEaFile                                                                                                                                  772B50F4 5 Bytes  JMP 00831850 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtSetInformationFile                                                                                                                         772B5154 5 Bytes  JMP 00831780 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtSetInformationKey                                                                                                                          772B5174 5 Bytes  JMP 0082C900 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtSetInformationObject                                                                                                                       772B5184 5 Bytes  JMP 0082F620 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtSetInformationProcess                                                                                                                      772B5194 5 Bytes  JMP 00850700 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtSetQuotaInformationFile                                                                                                                    772B5214 5 Bytes  JMP 00831220 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtSetSecurityObject                                                                                                                          772B5224 5 Bytes  JMP 0082F250 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtSetValueKey                                                                                                                                772B52C4 5 Bytes  JMP 0082C820 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtSetVolumeInformationFile                                                                                                                   772B52D4 5 Bytes  JMP 008316B0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtSignalAndWaitForSingleObject                                                                                                               772B52F4 5 Bytes  JMP 0082F530 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtTerminateProcess                                                                                                                           772B5364 5 Bytes  JMP 00852430 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtTranslateFilePath                                                                                                                          772B53D4 5 Bytes  JMP 00831160 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtUnloadKey                                                                                                                                  772B53F4 5 Bytes  JMP 0082C770 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtUnloadKey2                                                                                                                                 772B5404 5 Bytes  JMP 0082C6B0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtUnloadKeyEx                                                                                                                                772B5414 5 Bytes  JMP 0082C5F0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtUnlockFile                                                                                                                                 772B5424 5 Bytes  JMP 008315C0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtUnmapViewOfSection                                                                                                                         772B5444 5 Bytes  JMP 00827FF0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtWaitForMultipleObjects                                                                                                                     772B5474 5 Bytes  JMP 0082F3E0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtWaitForSingleObject                                                                                                                        772B5484 5 Bytes  JMP 0082EAE0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtWriteFile                                                                                                                                  772B54B4 5 Bytes  JMP 008314C0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtWriteFileGather                                                                                                                            772B54C4 5 Bytes  JMP 008313C0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCreateUserProcess                                                                                                                          772B5674 5 Bytes  JMP 00850890 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!KiUserCallbackDispatcher                                                                                                                     772B5BE0 5 Bytes  JMP 00827260 

.text    c:\blp\API\office tools\bxlartd.exe[6132] kernel32.dll!SetConsoleTitleW                                                                                                                          75E0CC8A 5 Bytes  JMP 00851D50 

.text    c:\blp\API\office tools\bxlartd.exe[6132] kernel32.dll!QueryActCtxW                                                                                                                              75E0E185 5 Bytes  JMP 00845B30 

.text    c:\blp\API\office tools\bxlartd.exe[6132] kernel32.dll!CreateActCtxW                                                                                                                             75E1C7B9 5 Bytes  JMP 008458C0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] kernel32.dll!CreateProcessInternalW                                                                                                                    75E25477 5 Bytes  JMP 00852260 

.text    c:\blp\API\office tools\bxlartd.exe[6132] kernel32.dll!GetCommandLineW                                                                                                                           75E29D20 5 Bytes  JMP 00850680 

.text    c:\blp\API\office tools\bxlartd.exe[6132] kernel32.dll!GetConsoleTitleW                                                                                                                          75E2E0E9 5 Bytes  JMP 00851B70 

.text    c:\blp\API\office tools\bxlartd.exe[6132] kernel32.dll!GetCommandLineA                                                                                                                           75E43E8B 5 Bytes  JMP 008505E0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] kernel32.dll!ExitProcess                                                                                                                               75E443F4 5 Bytes  JMP 00852400 

.text    c:\blp\API\office tools\bxlartd.exe[6132] kernel32.dll!CreateRemoteThread                                                                                                                        75E4CB55 5 Bytes  JMP 00852720 

.text    c:\blp\API\office tools\bxlartd.exe[6132] kernel32.dll!SetConsoleTitleA                                                                                                                          75EA6CDD 5 Bytes  JMP 00851E10 

.text    c:\blp\API\office tools\bxlartd.exe[6132] kernel32.dll!GetConsoleTitleA                                                                                                                          75EA6E93 5 Bytes  JMP 00851C50 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!StartServiceCtrlDispatcherA                                                                                                               759E2036 5 Bytes  JMP 0084B560 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!RegisterServiceCtrlHandlerA                                                                                                               759E308C 5 Bytes  JMP 0084BB10 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!RegisterServiceCtrlHandlerExA                                                                                                             759E6678 5 Bytes  JMP 0084B970 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!StartServiceA                                                                                                                             759EA24D 5 Bytes  JMP 0084B380 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!StartServiceCtrlDispatcherW                                                                                                               759EE495 5 Bytes  JMP 0084B450 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!RegisterServiceCtrlHandlerW                                                                                                               759EE988 5 Bytes  JMP 0084BA40 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!SetServiceStatus                                                                                                                          759EF20C 5 Bytes  JMP 0084B670 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!RegisterServiceCtrlHandlerExW                                                                                                             759EFB59 5 Bytes  JMP 0084B8A0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!OpenSCManagerA                                                                                                                            75A02D93 5 Bytes  JMP 0084C3F0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!OpenServiceA                                                                                                                              75A02EBD 5 Bytes  JMP 0084C270 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!StartServiceW                                                                                                                             75A03E0B 5 Bytes  JMP 0084B2B0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!QueryServiceStatusEx                                                                                                                      75A04FFE 5 Bytes  JMP 0084BBE0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!QueryServiceConfigW                                                                                                                       75A050A4 5 Bytes  JMP 0084BFF0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!QueryServiceConfigA                                                                                                                       75A051AD 5 Bytes  JMP 0084C0C0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!OpenSCManagerW                                                                                                                            75A07137 5 Bytes  JMP 0084C360 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!CloseServiceHandle                                                                                                                        75A082A5 5 Bytes  JMP 0084D100 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!OpenServiceW                                                                                                                              75A08354 5 Bytes  JMP 0084C190 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!QueryServiceStatus                                                                                                                        75A0842C 5 Bytes  JMP 0084BCC0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!CreateServiceW                                                                                                                            75A29EB4 5 Bytes  JMP 0084CCD0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!ControlService                                                                                                                            75A29FB8 5 Bytes  JMP 0084D030 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!DeleteService                                                                                                                             75A2A07E 5 Bytes  JMP 0084CC40 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!GetServiceDisplayNameW                                                                                                                    75A2B0B3 5 Bytes  JMP 0084C480 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!GetServiceKeyNameW                                                                                                                        75A2B164 5 Bytes  JMP 0084C620 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!EnumServicesStatusExA                                                                                                                     75A2B31B 5 Bytes  JMP 0084C870 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!EnumServicesStatusExW                                                                                                                     75A66909 5 Bytes  JMP 0084C7C0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!SetServiceBits                                                                                                                            75A66B11 5 Bytes  JMP 0084B7D0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!EnumServicesStatusA                                                                                                                       75A66B47 5 Bytes  JMP 0084C9D0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!QueryServiceObjectSecurity                                                                                                                75A66C21 5 Bytes  JMP 0084BD90 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!SetServiceObjectSecurity                                                                                                                  75A66CD9 5 Bytes  JMP 0084B740 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!ChangeServiceConfigA                                                                                                                      75A66DD9 5 Bytes  JMP 0084CF40 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!ChangeServiceConfigW                                                                                                                      75A66F81 5 Bytes  JMP 0084CE50 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!CreateServiceA                                                                                                                            75A672A1 5 Bytes  JMP 0084CD90 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!EnumDependentServicesA                                                                                                                    75A67505 5 Bytes  JMP 0084CB60 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!EnumDependentServicesW                                                                                                                    75A675D9 5 Bytes  JMP 0084CA80 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!GetServiceDisplayNameA                                                                                                                    75A676B1 5 Bytes  JMP 0084C550 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!GetServiceKeyNameA                                                                                                                        75A67759 5 Bytes  JMP 0084C6F0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!QueryServiceConfig2A                                                                                                                      75A67891 5 Bytes  JMP 0084BF10 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!QueryServiceConfig2W                                                                                                                      75A67A19 5 Bytes  JMP 0084BE30 

.text    c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!EnumServicesStatusW                                                                                                                       75A67F61 5 Bytes  JMP 0084C920 

.text    c:\blp\API\office tools\bxlartd.exe[6132] GDI32.dll!GdiAddFontResourceW                                                                                                                          773DD4BF 5 Bytes  JMP 00850F70 

.text    c:\blp\API\office tools\bxlartd.exe[6132] GDI32.dll!RemoveFontResourceExW                                                                                                                        773FCCDC 5 Bytes  JMP 00850D30 

.text    c:\blp\API\office tools\bxlartd.exe[6132] USER32.dll!SetWindowsHookExA                                                                                                                           76186322 5 Bytes  JMP 00853980 

.text    c:\blp\API\office tools\bxlartd.exe[6132] USER32.dll!SetWindowsHookExW                                                                                                                           761887AD 5 Bytes  JMP 00853850 

.text    c:\blp\API\office tools\bxlartd.exe[6132] USER32.dll!FindWindowA                                                                                                                                 76189D76 5 Bytes  JMP 00854050 

.text    c:\blp\API\office tools\bxlartd.exe[6132] USER32.dll!GetWindowTextA                                                                                                                              7618F63C 5 Bytes  JMP 00853BC0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] USER32.dll!FindWindowExA                                                                                                                               7618F6C1 5 Bytes  JMP 00853F30 

.text    c:\blp\API\office tools\bxlartd.exe[6132] USER32.dll!GetWindowTextW                                                                                                                              76192069 5 Bytes  JMP 00853AB0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] USER32.dll!SetWindowTextW                                                                                                                              76199815 5 Bytes  JMP 00853CE0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] USER32.dll!FindWindowW                                                                                                                                 7619A441 5 Bytes  JMP 00853FC0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] USER32.dll!SetWindowTextA                                                                                                                              761AA4E6 5 Bytes  JMP 00853DB0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] USER32.dll!FindWindowExW                                                                                                                               761B260C 5 Bytes  JMP 00853EA0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ole32.dll!CoResumeClassObjects + 7                                                                                                                     76342C12 5 Bytes  JMP 00840DC0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ole32.dll!CoRegisterClassObject                                                                                                                        76347DBE 5 Bytes  JMP 00840EC0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ole32.dll!CoGetClassObject                                                                                                                             7636FAE8 5 Bytes  JMP 00841020 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ole32.dll!CoRevokeClassObject                                                                                                                          7637B109 5 Bytes  JMP 00840E20 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ole32.dll!CoCreateInstance                                                                                                                             76389F3E 5 Bytes  JMP 008411A0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ole32.dll!CoCreateInstanceEx                                                                                                                           76389F81 5 Bytes  JMP 008410E0 

.text    c:\blp\API\office tools\bxlartd.exe[6132] ole32.dll!CoGetInstanceFromFile                                                                                                                        763DC595 5 Bytes  JMP 008414D0 
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT      C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                                                                            [73D97817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT      C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                                                                             [73DEA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT      C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                                                                                         [73D9BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT      C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                                                                                   [73D8F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT      C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                                                                             [73D975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT      C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                                                                          [73D8E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT      C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                                                                                              [73DC8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT      C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                                                                                                 [73D9DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT      C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                                                                                         [73D8FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT      C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                                                                          [73D8FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT      C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                                                                           [73D871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT      C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                                                                                                   [73E1CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT      C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                                                                                                      [73DBC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT      C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                                                                                         [73D8D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT      C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                                                                                   [73D86853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT      C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                                                                                  [73D8687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT      C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                                                                                     [73D92AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Processes - GMER 1.0.15 ----
 

Library  C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\415f12bc5874cee471c12d31d41812bf\mscorlib.ni.dll (*** hidden *** ) @ c:\blp\API\office tools\bxlartd.exe [6132]                          0x638D0000                                                                                                                                                           

Library  C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ece12e1b68509d8489de783ace3d21b1\System.ni.dll (*** hidden *** ) @ c:\blp\API\office tools\bxlartd.exe [6132]                              0x63140000                                                                                                                                                           

Library  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\eecd056989bb157d03094acde93890e2\System.Configuration.ni.dll (*** hidden *** ) @ c:\blp\API\office tools\bxlartd.exe [6132]  0x64DD0000                                                                                                                                                           

Library  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b48bb64ff5b083c6afb5ecd439235077\System.Xml.ni.dll (*** hidden *** ) @ c:\blp\API\office tools\bxlartd.exe [6132]                      0x62C00000                                                                                                                                                           

Library  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f728d300a977f19baf982b0e84df806\System.Drawing.ni.dll (*** hidden *** ) @ c:\blp\API\office tools\bxlartd.exe [6132]              0x64C40000                                                                                                                                                           

Library  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\0d1cc1d6b56d6c15bdc56cfb1d3a345b\System.Messaging.ni.dll (*** hidden *** ) @ c:\blp\API\office tools\bxlartd.exe [6132]          0x67250000                                                                                                                                                           

Library  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\c455910808f8d8165d4c9127c1ff8735\System.Data.SqlXml.ni.dll (*** hidden *** ) @ c:\blp\API\office tools\bxlartd.exe [6132]      0x64760000                                                                                                                                                           
 

---- EOF - GMER 1.0.15 ----

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 10:59:18 on 01.03.2012
 

OS: Windows Vista Business Edition Service Pack 2 (Build 6002), 32-bit

Default Browser: Mozilla Corporation Firefox 10.0.2
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskUserS-1-5-21-3062086142-2646581309-1385036962-1000Core.job" - "Google Inc." - C:\Users\OWNER\AppData\Local\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskUserS-1-5-21-3062086142-2646581309-1385036962-1000UA.job" - "Google Inc." - C:\Users\OWNER\AppData\Local\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"ATCPanel.cpl" - "AuthenTec, Inc." - C:\Windows\system32\ATCPanel.cpl

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys

"catchme" (catchme) - ? - C:\Users\OWNER\AppData\Local\Temp\catchme.sys  (File not found)

"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys

"hoplfb" (hoplfb) - ? - C:\Windows\System32\drivers\jxle.sys  (File not found)

"HPFXBULK" (HPFXBULK) - "Hewlett Packard" - C:\Windows\System32\drivers\hpfxbulk.sys

"HPFXFAX" (HPFXFAX) - "Hewlett Packard" - C:\Windows\System32\drivers\hpfxfax.sys

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"kxndruod" (kxndruod) - ? - C:\Users\OWNER\AppData\Local\Temp\kxndruod.sys  (Hidden registry entry, rootkit activity | File not found)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

"MTXPAR" (MTXPAR) - "Matrox Graphics Inc." - C:\Windows\System32\DRIVERS\MTXPARM.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll

{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10b.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - ? -   (File not found | COM-object registry key not found)

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)

"McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"Google Quick Search Box" - "Google Inc." - "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe"  /autorun

"HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

"HPUsageTracking" - ? - "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"Matrox PowerDesk SE" - "Matrox Graphics Inc." - "C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"

"ToolBoxFX" - "HP" - "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on

"VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"HP Fax Port" - "Hewlett-Packard Company" - C:\Windows\system32\hppfaxprintermon5.dll

"HP Standard TCP/IP Port" - "Hewlett Packard" - C:\Windows\system32\HpTcpMon.dll

"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll

"PCL hpz3l4v2" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l4v2.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"Avira Mail Protection" (AntiVirMailService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

"Avira Realtime Protection" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira Scheduler" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Avira Web Protection" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Update Service (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"MtxDrvService" (MtxDrvService) - ? - C:\Windows\system32\MtxDrvService.exe

"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll

"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

"TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

"VNC Server Version 4" (WinVNC4) - "RealVNC Ltd." - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----

"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.

Code:

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software

Run date: 2012-03-01 11:03:27

-----------------------------

11:03:27.257    OS Version: Windows 6.0.6002 Service Pack 2

11:03:27.257    Number of processors: 2 586 0x6B02

11:03:27.260    ComputerName: TOBIASROLLEHOME  UserName: OWNER

11:03:29.544    Initialize success

11:04:14.501    AVAST engine defs: 12030100

11:04:18.240    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058

11:04:18.244    Disk 0 Vendor: Hitachi_ GM4O Size: 476940MB BusType: 8

11:04:18.776    Disk 0 MBR read successfully

11:04:18.780    Disk 0 MBR scan

11:04:18.787    Disk 0 Windows VISTA default MBR code

11:04:18.945    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       469203 MB offset 63

11:04:19.040    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS         7734 MB offset 960927975

11:04:19.438    Disk 0 scanning sectors +976768065

11:04:19.866    Disk 0 scanning C:\Windows\system32\drivers

11:06:09.480    Service scanning

11:06:37.194    Modules scanning

11:08:22.473    Disk 0 trace - called modules:

11:08:22.551    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor.sys 

11:08:22.885    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85911ac8]

11:08:22.897    3 CLASSPNP.SYS[8a3a08b3] -> nt!IofCallDriver -> [0x85359f08]

11:08:22.907    5 acpi.sys[8060b6bc] -> nt!IofCallDriver -> \Device\00000058[0x85373b88]

11:08:23.961    AVAST engine scan C:\Windows

11:08:44.985    AVAST engine scan C:\Windows\system32

11:13:39.335    AVAST engine scan C:\Windows\system32\drivers

11:13:56.801    AVAST engine scan C:\Users\OWNER

11:21:34.161    Disk 0 MBR has been saved successfully to "C:\Users\OWNER\Documents\MBR.dat"

11:21:34.175    The log file has been saved successfully to "C:\Users\OWNER\Documents\aswMBR.txt"

Gerade eben wurde eine Mail von meiner Email an meine Email gesendet mit Spam Inhalt (Viagra etc)
Ich vermute da läuft irgendwas richtig falsch.

Was denkst du dazu? Absender sitzt in Pakistan

Code:

From meineemail@yahoo.de Thu Mar  1 12:15:01 2012

X-Apparently-To: meineemail@yahoo.de via 77.238.189.171; Thu, 01 Mar 2012 12:15:01 +0000

Return-Path: <meineemail@yahoo.de>

X-YahooFilteredBulk: 182.179.110.94

Received-SPF: none (domain of yahoo.de does not designate permitted sender hosts)

X-YMailISG: TeYHagIWLDvTqCQVCEatlIyEu0SGzD2K4Ux6mBNv0NOWq18d

 e2trlcMzAOCWXTIwSmt5k529soM7ZsHEQ3JP44U7nBv1MC3EcVak7wYqwcxQ

 mPvhN72e.97DT_JLcYb.6Ay22dBAfGML_nrJGAjtWt8X44hwS.ck9bz_o1Xl

 gX2R_DS.mRK45Cv3eNupgRz.jQ64HMzOQdhUL6RrVZm3eIumnyUXhbJcrLmH

 Oi_neSopER2EIzvDECpCYzjZywSYHJN4TYrN9So3auhh4QDWiOoi3e_cFoEN

 LwUF2SeUAbY5og3U1.owecBdkq2DTVf8yo6RVLR6OFjZgIr.W4EitBU5ciPW

 l6XVFPyhlNGCW7oWs7sXac6flm6kx0A3lj_zKxcQz5teNiDUSuJiSMchOyOF

 cJl5bBjPw9pBw35c1yjkfg9RxQDxCInlu8XXrqZvszSTKV4HRzvUj0Mcm5Ub

 aidD_PZsjR0PCoGEU4.9aEN6x1xE_nKMX7f1XiUcCsD2jWdf4f.IwBjR7fq4

 p8NBkSGhEWljUwCPwFnGE_93xG_GG6vRyudLKiCO9P44cYEVMX1cvINI9rhf

 VmZNfm9E.z0fzvmOZa2FtnMLepKl1dxlTw6XhdEkJxGJY12ki5wR6dJdUBb8

 Qyia1HECt8Ucmn1r6M18eMYXIf0M9oG_ioI_p28FVuuYLL5AMsghm0NXvm66

 55EiRzyManbuTc3pwodLN1r5L5Kixs3404l58KTjMKPXzV73piURUs8fmw7X

 j3S_BSgiOrsvHEpAwKup8YI8fS9WndNjjY3t_f5WXYrwlBB0illJfa3ZZid7

 Sj42hLkHq2LMzyARDps3648oUG6DEUkwaXo537E8XKYLWl4jeWffwYJzYDn2

 0gCBiaY7bfxQGEzDMA_pGs039AiRuqQDESeRndRKyG.dUUiwEQ--

X-Originating-IP: [182.179.110.94]

Authentication-Results: mta1011.mail.ird.yahoo.com  from=yahoo.de; domainkeys=neutral (no sig);  from=yahoo.de; dkim=neutral (no sig)

Received: from 127.0.0.1  (HELO nj) (182.179.110.94)

  by mta1011.mail.ird.yahoo.com with SMTP; Thu, 01 Mar 2012 12:15:01 +0000

To: <meineemail@yahoo.de>

Subject: meineemail@yahoo.de Pf|zer Discount ID162501

From: <meineemail@yahoo.de>

MIME-Version: 1.0

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: 8bit

Content-Length: 223

Spammer können problemlos die Absendeadressen fälchen. Nur weil deine Mail angeblich der Absender ist, heißt das noch lange nicht, dass das auch von deinem Konto oder gar deinem Rechner ausging

Zitat:

c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryObject

Hast du einen Bloomberg Server? Was macht das Teil genau? :wtf:

Zitat:

"hoplfb" (hoplfb) - ? - C:\Windows\System32\drivers\jxle.sys (File not found)

Bitte mit OSAM deaktivieren und löschen

Bloomberg war alt. Hab ich nun auch de-installed.
Beim Osam Neustart war der Report leer
"(Failed) Cannot find object "

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 08:33:06 on 02.03.2012
 

OS: Windows Vista Business Edition Service Pack 2 (Build 6002), 32-bit

Default Browser: Mozilla Corporation Firefox 10.0.2
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskUserS-1-5-21-3062086142-2646581309-1385036962-1000Core.job" - "Google Inc." - C:\Users\OWNER\AppData\Local\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskUserS-1-5-21-3062086142-2646581309-1385036962-1000UA.job" - "Google Inc." - C:\Users\OWNER\AppData\Local\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"ATCPanel.cpl" - "AuthenTec, Inc." - C:\Windows\system32\ATCPanel.cpl

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys

"catchme" (catchme) - ? - C:\Users\OWNER\AppData\Local\Temp\catchme.sys  (File not found)

"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys

"HPFXBULK" (HPFXBULK) - "Hewlett Packard" - C:\Windows\System32\drivers\hpfxbulk.sys

"HPFXFAX" (HPFXFAX) - "Hewlett Packard" - C:\Windows\System32\drivers\hpfxfax.sys

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

"MTXPAR" (MTXPAR) - "Matrox Graphics Inc." - C:\Windows\System32\DRIVERS\MTXPARM.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll

{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10b.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - ? -   (File not found | COM-object registry key not found)

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)

"McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"Google Quick Search Box" - "Google Inc." - "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe"  /autorun

"HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

"HPUsageTracking" - ? - "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"Matrox PowerDesk SE" - "Matrox Graphics Inc." - "C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"

"ToolBoxFX" - "HP" - "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on

"VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"HP Fax Port" - "Hewlett-Packard Company" - C:\Windows\system32\hppfaxprintermon5.dll

"HP Standard TCP/IP Port" - "Hewlett Packard" - C:\Windows\system32\HpTcpMon.dll

"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll

"PCL hpz3l4v2" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l4v2.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

"Avira Mail Protection" (AntiVirMailService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

"Avira Realtime Protection" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira Scheduler" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Avira Web Protection" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Update Service (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"MtxDrvService" (MtxDrvService) - ? - C:\Windows\system32\MtxDrvService.exe

"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll

"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

"TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

"VNC Server Version 4" (WinVNC4) - "RealVNC Ltd." - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----

"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Code:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org
 

Database version: v2012.03.04.06
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19190

OWNER :: TOBIASROLLEHOME [administrator]
 

Protection: Disabled
 

05.03.2012 21:52:38

mbam-log-2012-03-05 (21-52-38).txt
 

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 381878

Time elapsed: 1 hour(s), 35 minute(s), 22 second(s)
 

Memory Processes Detected: 0

(No malicious items detected)
 

Memory Modules Detected: 0

(No malicious items detected)
 

Registry Keys Detected: 0

(No malicious items detected)
 

Registry Values Detected: 0

(No malicious items detected)
 

Registry Data Items Detected: 0

(No malicious items detected)
 

Folders Detected: 0

(No malicious items detected)
 

Files Detected: 0

(No malicious items detected)
 

(end)

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 03/06/2012 at 10:11 AM
 

Application Version : 5.0.1144
 

Core Rules Database Version : 8306

Trace Rules Database Version: 6118
 

Scan type       : Complete Scan

Total Scan Time : 02:16:28
 

Operating System Information

Windows Vista Business 32-bit, Service Pack 2 (Build 6.00.6002)

UAC Off - Administrator
 

Memory items scanned      : 759

Memory threats detected   : 0

Registry items scanned    : 33869

Registry threats detected : 0

File items scanned        : 211972

File threats detected     : 289
 

Adware.Tracking Cookie

        C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\owner@ad.zanox[2].txt [ /ad.zanox ]

        C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\owner@ad1.adfarm1.adition[1].txt [ /ad1.adfarm1.adition ]

        C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\owner@ad2.adfarm1.adition[2].txt [ /ad2.adfarm1.adition ]

        C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\owner@adfarm1.adition[2].txt [ /adfarm1.adition ]

        C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\owner@adultfriendfinder[2].txt [ /adultfriendfinder ]

        C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\owner@edates.traffective-tracking[1].txt [ /edates.traffective-tracking ]

        C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\owner@webmasterplan[2].txt [ /webmasterplan ]

        C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\GS0FPG9M.txt [ /atdmt.com ]

        C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\ZMMNZJR2.txt [ /c.atdmt.com ]

        C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\NNPDQG0A.txt [ /accounts.google.com ]

        C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Q77UYNYZ.txt [ /doubleclick.net ]

        C:\USERS\OWNER\Cookies\owner@ad.zanox[2].txt [ Cookie:owner@ad.zanox.com/ ]

        C:\USERS\OWNER\Cookies\owner@adfarm1.adition[2].txt [ Cookie:owner@adfarm1.adition.com/ ]

        C:\USERS\OWNER\Cookies\owner@ad1.adfarm1.adition[1].txt [ Cookie:owner@ad1.adfarm1.adition.com/ ]

        C:\USERS\OWNER\Cookies\ZMMNZJR2.txt [ Cookie:owner@c.atdmt.com/ ]

        C:\USERS\OWNER\Cookies\NNPDQG0A.txt [ Cookie:owner@accounts.google.com/ ]

        C:\USERS\OWNER\Cookies\Q77UYNYZ.txt [ Cookie:owner@doubleclick.net/ ]

        C:\USERS\OWNER\Cookies\owner@ad2.adfarm1.adition[2].txt [ Cookie:owner@ad2.adfarm1.adition.com/ ]

        C:\USERS\OWNER\Cookies\owner@adultfriendfinder[2].txt [ Cookie:owner@adultfriendfinder.com/ ]

        C:\USERS\OWNER\Cookies\owner@webmasterplan[2].txt [ Cookie:owner@webmasterplan.com/ ]

        .adtech.de [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        ww251.smartadserver.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .smartadserver.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .smartadserver.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .smartadserver.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .smartadserver.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .smartadserver.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .imrworldwide.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .imrworldwide.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .adinterax.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .adinterax.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .serving-sys.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .serving-sys.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .serving-sys.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        ad3.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        files.youporn.com [ C:\USERS\OWNER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\U4XMY67F ]

        mediadb.kicker.de [ C:\USERS\OWNER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\U4XMY67F ]

        s0.2mdn.net [ C:\USERS\OWNER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\U4XMY67F ]

        accounts.youtube.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .doubleclick.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .getclicky.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .static.getclicky.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        in.getclicky.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .apmebf.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .mediaplex.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .unitymedia.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .unitymedia.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .olympiaverlag.122.2o7.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .specificclick.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        www.youporn.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .zedo.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .xiti.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        eas4.emediate.eu [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        ad1.emediate.dk [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        ad1.emediate.dk [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        ad1.emediate.dk [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        www.youporn.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        rts.pgmediaserve.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        rts.pgmediaserve.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        rts.pgmediaserve.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .partypoker.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .partypoker.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .partypoker.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .partypoker.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .partypoker.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .de.partypoker.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .partypoker.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .partypoker.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .partypoker.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .partypoker.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .partypoker.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .zedo.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .delivery.trafficjunky.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        ads.crakmedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .youporn.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .youporn.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .youporn.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .sexad.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .exoclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .exoclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .syndication.traffichaus.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .syndication.traffichaus.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .syndication.traffichaus.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        eas4.emediate.eu [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .rambler.ru [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .bs.serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .rambler.ru [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .hightraffic.hugoboss.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .hightraffic.hugoboss.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .hightraffic.hugoboss.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .fastclick.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .2o7.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .2o7.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .2o7.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .atdmt.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .atdmt.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .247realmedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        ad.dyntracker.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        track.adform.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        track.adform.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adform.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        media.gan-online.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .zanox-affiliate.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .traffictrack.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .a.revenuemax.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .ad.adnet.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .advertising.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .advertising.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .advertising.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .mediaplex.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .overture.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        www.googleadservices.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .bizrate.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        ww251.smartadserver.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .tribalfusion.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .emiratesintegratedtelecommunicationscompany.112.2o7.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .fastclick.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        accounts.google.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .doubleclick.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        ad3.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        ad1.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        ad4.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        ad2.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        ad.zanox.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .zanox.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]

        C:\WINDOWS.OLD\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\OWNER@ADSERVER.ADTECHUS[1].TXT [ /ADSERVER.ADTECHUS ]

        C:\WINDOWS.OLD\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\OWNER@TRIBALFUSION[1].TXT [ /TRIBALFUSION ]

        C:\WINDOWS.OLD\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\OWNER@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]

        C:\WINDOWS.OLD\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\OWNER@REALMEDIA[2].TXT [ /REALMEDIA ]

        C:\WINDOWS.OLD\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\OWNER@C7.ZEDO[1].TXT [ /C7.ZEDO ]

        C:\WINDOWS.OLD\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\OWNER@FASTCLICK[2].TXT [ /FASTCLICK ]

        C:\WINDOWS.OLD\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\OWNER@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]

        C:\WINDOWS.OLD\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\OWNER@REVSCI[1].TXT [ /REVSCI ]

        C:\WINDOWS.OLD\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\OWNER@ZEDO[1].TXT [ /ZEDO ]

        C:\WINDOWS.OLD\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\OWNER@BURSTNET[2].TXT [ /BURSTNET ]

        C:\WINDOWS.OLD\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\OWNER@ADVERTISING[2].TXT [ /ADVERTISING ]

        C:\WINDOWS.OLD\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\OWNER@ATDMT[1].TXT [ /ATDMT ]

        C:\WINDOWS.OLD\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\OWNER@MICROSOFTWINDOWS.112.2O7[1].TXT [ /MICROSOFTWINDOWS.112.2O7 ]
 

Trojan.Agent/Gen-FakeAV

        C:\PROGRAM FILES\WINRAR\DEFAULT.SFX
 

Trojan.Dropper/Win-NV

        C:\WINDOWS.OLD\PROGRAM FILES\PC-DOCTOR 5 FOR WINDOWS\HTTP.DLL

Sieht ok aus, da wurden nur Cookies gefunden - und zwei Fehlalarme waren dabei
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Sieht sehr sehr gut aus!
Danke Arne - ohne dich wäre ich echt aufgeschmissen.

TOP SERVICE !!!! :party:

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.