Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Problem mit Trojaner Sirefef und Small und Rootkit.0Access (https://www.trojaner-board.de/117382-problem-trojaner-sirefef-small-rootkit-0access.html)

ikos 15.06.2012 13:52

Problem mit Trojaner Sirefef und Small und Rootkit.0Access
 
Hallo liebes Trojaner-Board-Team,

ich habe seit Mittwoch Meldungen von Antivir bekommen, dass ich den Sirefef Trojaner habe. Entfernen ging dabei nicht, weil der Zugriff verweigert wurde.
Aufgrund dessen habe ich dann mal gegoogled und bin auf eure Seite gestoßen und habe Malwarebytes mal ausführen lassen. Die Log dazu findet sich hier direkt im Anschluss.
Anschließend habe ich noch Defrogger, OTL und gmer laufen lassen. Defrogger hat nichts gefunden. Die OTL-Log ist direkt am Anschluss nach der Malware-Log und danach habe ich die gmer-log gepostet. Könnt ihr mir irgendwie helfen oder fehlt noch irgendwas? Irgendwelche Symptome wie ein abstürzender Rechner oder so irgendetwas habe ich nicht. Lediglich die Meldungen von Antivir und Malware.
Ach ich habe mein Antivir nich ausgeschaltet bekommen als ich OTL und GMER laufen lief. Ich hatte es jedoch deaktiviert. Ist das ausreichend oder soll ich Antivir dazu deinstallierten. Ich habe irgendwie keine andere Möglichkeit gefunden ihn auszuschalten...
Vielen Dank!!

Viele Grüße,

Oliver


Code:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.14.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Roesch :: ***-PC [administrator]

Protection: Enabled

14.06.2012 15:48:23
mbam-log-2012-06-14 (15-48-23).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 550304
Time elapsed: 2 hour(s), 17 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Windows\Installer\{1076b8ef-fe8b-072c-6b9f-e2fc8d0b214a}\U\00000001.@ (Trojan.Small) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1076b8ef-fe8b-072c-6b9f-e2fc8d0b214a}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1076b8ef-fe8b-072c-6b9f-e2fc8d0b214a}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

Code:

OTL logfile created on: 15.06.2012 13:25:40 - Run 2
OTL by OldTimer - Version 3.2.48.0    Folder = C:\Users\***\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 74,35% Memory free
10,99 Gb Paging File | 10,02 Gb Available in Paging File | 91,22% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,73 Gb Total Space | 9,74 Gb Free Space | 19,99% Space Free | Partition Type: NTFS
Drive D: | 9,77 Gb Total Space | 5,69 Gb Free Space | 58,27% Space Free | Partition Type: NTFS
Drive E: | 239,50 Gb Total Space | 92,70 Gb Free Space | 38,71% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.14 14:31:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.11 01:59:14 | 000,542,552 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2012.04.10 14:22:48 | 000,385,376 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.02 20:46:58 | 000,329,544 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2011.11.15 20:26:48 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2011.07.08 22:32:14 | 000,666,696 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.03.28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.09.08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009.09.08 09:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.07.24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.11 02:06:10 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2012.04.11 01:59:14 | 000,542,552 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012.04.10 14:22:48 | 000,385,376 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012.04.10 14:21:56 | 000,401,760 | ---- | M] (BlueStack Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.04.02 20:46:58 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- E:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.11.15 20:26:48 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011.07.08 22:32:14 | 000,666,696 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.04.01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009.09.08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.07.24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - [2012.05.16 23:24:50 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.04.10 14:22:30 | 000,066,912 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys -- (BstHdDrv)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.26 23:45:18 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2012.03.26 23:45:14 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2011.08.19 02:46:06 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tapoas.sys -- (tapoas)
DRV - [2011.05.13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.05.13 03:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011.05.13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.14 01:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010.01.13 16:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009.12.09 15:10:40 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009.09.28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.08.10 16:21:00 | 009,824,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 B6 41 2E A9 1F CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: E:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: E:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.05.17 16:19:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.30 00:32:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2012.05.07 21:32:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2012.05.11 08:01:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: E:\Program Files\Mozilla Thunderbird\components [2012.04.05 00:00:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: E:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2012.05.07 21:32:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2012.05.11 08:01:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: E:\Program Files\Mozilla Thunderbird\components [2012.04.05 00:00:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: E:\Program Files\Mozilla Thunderbird\plugins
 
[2011.05.09 22:19:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions
[2011.05.09 22:19:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.06.13 13:37:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4gcd6kzp.default\extensions
[2012.06.13 13:37:19 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4gcd6kzp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011.07.31 19:00:39 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4gcd6kzp.default\extensions\firefox@tvunetworks.com
[2011.05.25 16:07:56 | 000,000,925 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4gcd6kzp.default\searchplugins\conduit.xml
[2012.06.13 13:39:23 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4gcd6kzp.default\searchplugins\icqplugin-1.xml
[2011.05.17 00:51:02 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4gcd6kzp.default\searchplugins\icqplugin-2.xml
[2010.05.12 18:40:48 | 000,001,042 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4gcd6kzp.default\searchplugins\icqplugin.xml
[2012.03.31 01:04:09 | 000,061,705 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4GCD6KZP.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
[2012.02.15 02:50:59 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4GCD6KZP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.03.31 00:44:05 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\AFURLADVISOR@ANCHORFREE.COM
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2011.11.06 23:54:04 | 000,438,159 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        123fporn.info
O1 - Hosts: 15068 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: An OneNote s&enden - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - E:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Users\***\Desktop\PartyCasino.lnk File not found
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Users\***\Desktop\PartyCasino.lnk File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\***\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\***\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA9EF41D-BD0C-4801-B57C-ECC677D1316A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c1514ca6-9f98-11e1-917a-001f3ad0e7ab}\Shell - "" = AutoRun
O33 - MountPoints2\{c1514ca6-9f98-11e1-917a-001f3ad0e7ab}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{c1514ca6-9f98-11e1-917a-001f3ad0e7ab}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{c1514ca6-9f98-11e1-917a-001f3ad0e7ab}\Shell\install\command - "" = G:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.12 12:33:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2012.06.12 12:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.06.12 12:28:07 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.06.12 12:28:06 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.06.12 12:28:06 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.06.12 12:28:06 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.06.12 12:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.06.12 12:28:02 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.06.12 09:17:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.06.12 09:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.12 09:17:21 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.11 23:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Zip Password Recovery Processor
[2012.06.11 23:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Elcomsoft Password Recovery
[2012.06.11 23:25:17 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\temp
[2012.06.11 21:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced ZIP Password Recovery
[2012.06.11 21:15:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pakeysoft ZIP Password Recovery
[2012.06.11 21:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZIP Password Recovery
[2012.06.11 21:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.06.11 20:39:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PWC
[2012.06.11 20:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\ElcomSoft
[2012.06.07 12:39:50 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Paris 2012
[2012.05.20 01:29:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ScummVM
[2012.05.20 01:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScummVM
[2012.05.19 23:09:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Amiga Files
[2012.05.19 23:09:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinUAE
[2012.05.19 23:09:09 | 000,000,000 | ---D | C] -- C:\Program Files\WinUAE
[2012.05.18 02:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.05.16 23:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012.05.16 23:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.05.16 23:34:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012.05.16 23:34:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012.05.16 23:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012.05.16 23:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012.05.16 23:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012.05.16 23:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.05.16 23:24:50 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012.05.16 23:24:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.05.16 23:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.15 13:23:14 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.15 13:06:12 | 000,000,548 | ---- | M] () -- C:\Windows\tasks\MATLAB R2012a Startup Accelerator.job
[2012.06.15 12:51:53 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.15 12:51:53 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.15 12:43:56 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.15 12:43:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.15 12:43:34 | 2411,679,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.14 14:30:22 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.06.14 11:27:23 | 000,562,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.14 01:23:56 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.14 01:23:56 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.12 17:00:23 | 004,112,888 | ---- | M] () -- C:\Users\***\Desktop\Studienarbeit - Oliver Rösch.pdf
[2012.06.12 12:28:17 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.11 23:14:46 | 000,000,034 | ---- | M] () -- C:\Windows\ZipPwdDecry.INI
[2012.06.11 23:06:42 | 000,000,049 | ---- | M] () -- C:\Users\***\ziprecovery.ini
[2012.06.11 21:20:10 | 000,000,910 | ---- | M] () -- C:\Windows\AZPR3.INI
[2012.06.11 18:57:25 | 000,859,826 | ---- | M] () -- C:\resultslast.zip
[2012.05.19 23:09:10 | 000,000,995 | ---- | M] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\WinUAE.lnk
[2012.05.19 23:09:10 | 000,000,971 | ---- | M] () -- C:\Users\***\Desktop\WinUAE.lnk
[2012.05.19 22:48:53 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.05.19 22:48:53 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012.05.16 23:25:29 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.05.16 23:24:50 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
 
========== Files Created - No Company Name ==========
 
[2012.06.15 12:53:05 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{1076b8ef-fe8b-072c-6b9f-e2fc8d0b214a}\U\800000cb.@
[2012.06.15 12:53:04 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{1076b8ef-fe8b-072c-6b9f-e2fc8d0b214a}\U\80000000.@
[2012.06.15 00:00:38 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{1076b8ef-fe8b-072c-6b9f-e2fc8d0b214a}\U\00000001.@
[2012.06.14 14:30:22 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.06.12 12:28:17 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.11 23:14:46 | 000,000,034 | ---- | C] () -- C:\Windows\ZipPwdDecry.INI
[2012.06.11 23:06:38 | 000,000,049 | ---- | C] () -- C:\Users\***\ziprecovery.ini
[2012.06.11 22:52:09 | 000,859,826 | ---- | C] () -- C:\resultslast.zip
[2012.06.11 21:42:34 | 000,083,968 | ---- | C] () -- C:\Windows\UnGins.exe
[2012.06.11 21:19:41 | 000,000,910 | ---- | C] () -- C:\Windows\AZPR3.INI
[2012.05.31 23:29:49 | 004,112,888 | ---- | C] () -- C:\Users\***\Desktop\Studienarbeit - Oliver Rösch.pdf
[2012.05.19 23:09:10 | 000,000,995 | ---- | C] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\WinUAE.lnk
[2012.05.19 23:09:10 | 000,000,971 | ---- | C] () -- C:\Users\***\Desktop\WinUAE.lnk
[2012.05.19 22:48:53 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012.05.19 22:48:53 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012.05.16 23:25:29 | 000,000,811 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.05.14 12:39:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.03.31 00:44:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2012.01.11 14:45:54 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{1076b8ef-fe8b-072c-6b9f-e2fc8d0b214a}\@
[2012.01.11 14:45:54 | 000,002,048 | -HS- | C] () -- C:\Users\***\AppData\Local\{1076b8ef-fe8b-072c-6b9f-e2fc8d0b214a}\@
[2012.01.06 03:46:23 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2011.07.20 09:41:19 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2011.07.20 09:37:28 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2011.07.11 22:14:24 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.12 11:07:09 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.09 22:05:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.17 22:16:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.05.17 22:16:53 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2010.12.06 15:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\System32\abgx360.exe
 
========== LOP Check ==========
 
[2011.10.08 20:12:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\abgx360
[2011.06.17 22:02:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft
[2012.05.31 19:52:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.05.16 23:26:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.12.14 00:24:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011.07.21 12:21:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eTeks
[2011.08.14 16:16:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FireShot
[2011.12.28 00:09:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HEM Data
[2012.06.13 18:01:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.10.01 18:03:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2011.06.07 16:58:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JabRef 2.6
[2011.12.16 14:21:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Juniper Networks
[2012.06.15 13:25:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass
[2012.05.06 17:44:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LibreOffice
[2011.11.12 21:53:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011.05.13 22:32:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.06.11 20:40:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PWC
[2012.05.20 01:29:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScummVM
[2012.05.23 09:12:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StarOffice8
[2011.06.06 13:06:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SumatraPDF
[2011.05.17 16:46:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2011.05.09 22:19:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2012.06.15 13:06:12 | 000,000,548 | ---- | M] () -- C:\Windows\Tasks\MATLAB R2012a Startup Accelerator.job
[2012.05.08 10:05:44 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >



Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-15 14:00:37
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G2 rev.00000009
Running: tgdp3hb0.exe; Driver: C:\Users\***\AppData\Local\Temp\pwdiqpoc.sys


---- System - GMER 1.0.15 ----

SSDT            95345126                                                                                        ZwCreateSection
SSDT            95345130                                                                                        ZwRequestWaitReplyPort
SSDT            9534512B                                                                                        ZwSetContextThread
SSDT            95345135                                                                                        ZwSetSecurityObject
SSDT            9534513A                                                                                        ZwSystemDebugControl
SSDT            953450C7                                                                                        ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          ntoskrnl.exe!ZwRollbackEnlistment + 1409                                                        82C51989 1 Byte  [06]
.text          ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                          82C714E2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntoskrnl.exe!KeRemoveQueueEx + 14BF                                                              82C7887C 4 Bytes  [26, 51, 34, 95]
.text          ntoskrnl.exe!KeRemoveQueueEx + 181B                                                              82C78BD8 4 Bytes  [30, 51, 34, 95] {XOR [ECX+0x34], DL; XCHG EBP, EAX}
.text          ntoskrnl.exe!KeRemoveQueueEx + 185F                                                              82C78C1C 4 Bytes  [2B, 51, 34, 95] {SUB EDX, [ECX+0x34]; XCHG EBP, EAX}
.text          ntoskrnl.exe!KeRemoveQueueEx + 18DB                                                              82C78C98 4 Bytes  [35, 51, 34, 95]
.text          ntoskrnl.exe!KeRemoveQueueEx + 192F                                                              82C78CEC 4 Bytes  [3A, 51, 34, 95] {CMP DL, [ECX+0x34]; XCHG EBP, EAX}
.text          ...                                                                                             

---- User code sections - GMER 1.0.15 ----

?              C:\Windows\system32\services.exe[480] C:\Windows\system32\smss.exe                              image checksum mismatch; time/date stamp mismatch; unknown module: MSWSOCK.dll

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000056                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\BTHUSB \Device\00000080                                                                  bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\0000007e                                                                  bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad0e7ab                     
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad0e7ab (not active ControlSet) 

---- EOF - GMER 1.0.15 ----


cosinus 18.06.2012 12:16

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

ikos 19.06.2012 14:23

Hallo Arne,

vielen Dank für deine Antwort.

Also ich habe noch einen weiteren Scan mit Malwarebytes zuvor gemacht.
Ich poste hier der Vollständigkeit halber auch nochmal den anderen Log aus dem alten Post. Die Logs sind nun in chronologischer Reihenfolge.

Gruß,

Oliver

Code:

12.06.2012 09:18:50
mbam-log-2012-06-12 (09-18-50).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 545203
Time elapsed: 2 hour(s), 8 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCR\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Bad: (C:\Users\***\AppData\Local\{1076b8ef-fe8b-072c-6b9f-e2fc8d0b214a}\n.) Good: (%SystemRoot%\system32\shell32.dll) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Users\***\AppData\Local\{1076b8ef-fe8b-072c-6b9f-e2fc8d0b214a}\n (Rootkit.0Access) -> Delete on reboot.
C:\Users\***\Downloads\SoftonicDownloader_fuer_ikea-home-planer.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.
C:\Users\***\Downloads\SoftonicDownloader_fuer_smart-cutter.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1076b8ef-fe8b-072c-6b9f-e2fc8d0b214a}\n (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1076b8ef-fe8b-072c-6b9f-e2fc8d0b214a}\U\00000001.@ (Trojan.Small) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1076b8ef-fe8b-072c-6b9f-e2fc8d0b214a}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1076b8ef-fe8b-072c-6b9f-e2fc8d0b214a}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

Code:

Database version: v2012.06.14.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [administrator]

Protection: Enabled

14.06.2012 15:48:23
mbam-log-2012-06-14 (15-48-23).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 550304
Time elapsed: 2 hour(s), 17 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Windows\Installer\{1076b8ef-fe8b-072c-6b9f-e2fc8d0b214a}\U\00000001.@ (Trojan.Small) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1076b8ef-fe8b-072c-6b9f-e2fc8d0b214a}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1076b8ef-fe8b-072c-6b9f-e2fc8d0b214a}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)


cosinus 19.06.2012 21:42

Code:

C:\Users\***\Downloads\SoftonicDownloader_fuer_ikea-home-planer.exe
Vermüllte Software von Softonic scheint gerade stark in Mode zu sein! http://cosgan.de/images/midi/boese/a040.gif

Finger weg von Softonic!! :pfui:

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:

"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:

"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
Poste nun den Inhalt der log.txt.

ikos 20.06.2012 18:50

Hallo Arne,

vielen Dank für deine Tipps.

Der Inhalt der log von ESET findet sich unten.

Gruß,

Oliver

Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=da17f6fa96a37c41adaa551aaa104feb
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-20 12:34:31
# local_time=2012-06-20 02:34:31 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 653591 653591 0 0
# compatibility_mode=5893 16776574 66 94 999943 91781664 0 0
# compatibility_mode=8192 67108863 100 0 195 195 0 0
# scanned=55772
# found=1
# cleaned=0
# scan_time=1997
C:\Users\***\Downloads\fsSetup132.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=da17f6fa96a37c41adaa551aaa104feb
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-20 05:38:17
# local_time=2012-06-20 07:38:17 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 706378 706378 0 0
# compatibility_mode=5893 16776574 66 94 1052730 91834451 0 0
# compatibility_mode=8192 67108863 100 0 52982 52982 0 0
# scanned=336993
# found=6
# cleaned=0
# scan_time=10658
C:\Users\***\Downloads\fsSetup132.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\Downloads\PDFCreator-1_2_3_setup.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\Downloads\SweetImSetup.exe        a variant of Win32/SweetIM.B application (unable to clean)        00000000000000000000000000000000        I
E:\backup\Documents\Studium\alt\Rechnerstrukturen\Klausuren\registrybooster47.exe        a variant of Win32/RegistryBooster application (unable to clean)        00000000000000000000000000000000        I
E:\backup\Pokvervids\nl\new\SoftonicDownloader25726.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I


cosinus 21.06.2012 10:09

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

ikos 21.06.2012 15:16

Hallo Arne,

also Windows läuft unter dem normalen Modus uneingeschränkt und ich hatte bisher auch gar keine Probleme damit.
Bei Durchsicht meines Startmenüs ist mir auch nichts aufgefallen. Ich habe eigentlich überhaupt keine auffälligen Symptome. Ich bekomme lediglich die Meldungen von Antivir und Malwarebytes.

Gruß,

Oliver

cosinus 21.06.2012 15:36

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT


ikos 22.06.2012 09:53

Hi Arne,

hier das OTL-Log.

Gruß,

Oliver

OTL Logfile:
Code:

OTL logfile created on: 21.06.2012 16:44:45 - Run 3
OTL by OldTimer - Version 3.2.50.0    Folder = C:\Users\***\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 72,04% Memory free
10,99 Gb Paging File | 9,88 Gb Available in Paging File | 89,87% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,73 Gb Total Space | 9,38 Gb Free Space | 19,25% Space Free | Partition Type: NTFS
Drive D: | 9,77 Gb Total Space | 5,69 Gb Free Space | 58,27% Space Free | Partition Type: NTFS
Drive E: | 239,50 Gb Total Space | 92,62 Gb Free Space | 38,67% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.21 16:42:17 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.11 01:59:14 | 000,542,552 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2012.04.10 14:22:48 | 000,385,376 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.02 20:46:58 | 000,329,544 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2011.11.15 20:26:48 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2011.07.08 22:32:14 | 000,666,696 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.03.28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.18 07:39:44 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.09.08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009.09.08 09:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.07.24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.11 02:06:10 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2012.04.11 01:59:14 | 000,542,552 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012.04.10 14:22:48 | 000,385,376 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012.04.10 14:21:56 | 000,401,760 | ---- | M] (BlueStack Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.04.02 20:46:58 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- E:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.11.15 20:26:48 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011.07.08 22:32:14 | 000,666,696 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.04.01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009.09.08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.07.24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - [2012.05.16 23:24:50 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.04.10 14:22:30 | 000,066,912 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys -- (BstHdDrv)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.26 23:45:18 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2012.03.26 23:45:14 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2011.08.19 02:46:06 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tapoas.sys -- (tapoas)
DRV - [2011.05.13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.05.13 03:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011.05.13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.14 01:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010.01.13 16:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009.12.09 15:10:40 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009.09.28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.08.10 16:21:00 | 009,824,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1217613968-2587663232-1825071954-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
IE - HKU\S-1-5-21-1217613968-2587663232-1825071954-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1217613968-2587663232-1825071954-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1217613968-2587663232-1825071954-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 B6 41 2E A9 1F CC 01  [binary data]
IE - HKU\S-1-5-21-1217613968-2587663232-1825071954-1000\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKU\S-1-5-21-1217613968-2587663232-1825071954-1000\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\S-1-5-21-1217613968-2587663232-1825071954-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1217613968-2587663232-1825071954-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKU\S-1-5-21-1217613968-2587663232-1825071954-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: E:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: E:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.05.17 16:19:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.30 00:32:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2012.06.20 22:35:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2012.05.11 08:01:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: E:\Program Files\Mozilla Thunderbird\components [2012.04.05 00:00:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: E:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2012.06.20 22:35:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2012.05.11 08:01:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: E:\Program Files\Mozilla Thunderbird\components [2012.04.05 00:00:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: E:\Program Files\Mozilla Thunderbird\plugins
 
[2011.05.09 22:19:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions
[2011.05.09 22:19:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.06.13 13:37:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4gcd6kzp.default\extensions
[2012.06.13 13:37:19 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4gcd6kzp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011.07.31 19:00:39 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4gcd6kzp.default\extensions\firefox@tvunetworks.com
[2011.05.25 16:07:56 | 000,000,925 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4gcd6kzp.default\searchplugins\conduit.xml
[2012.06.20 19:19:30 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4gcd6kzp.default\searchplugins\icqplugin-1.xml
[2011.05.17 00:51:02 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4gcd6kzp.default\searchplugins\icqplugin-2.xml
[2010.05.12 18:40:48 | 000,001,042 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4gcd6kzp.default\searchplugins\icqplugin.xml
[2012.03.31 01:04:09 | 000,061,705 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4GCD6KZP.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
[2012.02.15 02:50:59 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4GCD6KZP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.03.31 00:44:05 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- E:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\AFURLADVISOR@ANCHORFREE.COM
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2011.11.06 23:54:04 | 000,438,159 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 15068 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-1217613968-2587663232-1825071954-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1217613968-2587663232-1825071954-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: An OneNote s&enden - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - E:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Users\***\Desktop\PartyCasino.lnk File not found
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Users\***\Desktop\PartyCasino.lnk File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\***\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\***\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8418BF80-45C6-46B1-884E-B88612F5058E}: NameServer = 10.1.40.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA9EF41D-BD0C-4801-B57C-ECC677D1316A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c1514ca6-9f98-11e1-917a-001f3ad0e7ab}\Shell - "" = AutoRun
O33 - MountPoints2\{c1514ca6-9f98-11e1-917a-001f3ad0e7ab}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{c1514ca6-9f98-11e1-917a-001f3ad0e7ab}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{c1514ca6-9f98-11e1-917a-001f3ad0e7ab}\Shell\install\command - "" = G:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OpenVPN Connect.lnk -  - File not found
MsConfig - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - E:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^StarOffice 8.lnk - C:\Program Files\Sun\StarOffice 8\program\quickstart.exe - ()
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= -  File not found
MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - E:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
MsConfig - StartUpReg: BCSSync - hkey= - key= - E:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig - StartUpReg: BlueStacks Agent - hkey= - key= - C:\Program Files\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
MsConfig - StartUpReg: BlueStacks App Player - hkey= - key= - C:\Program Files\BlueStacks\HD-FrontEnd.exe (BlueStack Systems, Inc.)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - E:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - E:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KeePass 2 PreLoad - hkey= - key= - E:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
MsConfig - StartUpReg: PDFPrint - hkey= - key= - E:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TrayServer - hkey= - key= - E:\Program Files\MAGIX\Video_deluxe_17_Premium_Download-Version\Trayserver.exe (MAGIX AG)
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SharedAccess -  File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dv25 - E:\Program Files\Matrox VFW Software Codecs\VFW32\mvcVfwDV.dll (Matrox Electronic Systems)
Drivers32: vidc.dv50 - E:\Program Files\Matrox VFW Software Codecs\VFW32\mvcVfwDV.dll (Matrox Electronic Systems)
Drivers32: vidc.dvh1 - E:\Program Files\Matrox VFW Software Codecs\VFW32\mvcVfwDV100.dll (Matrox Electronic Systems)
Drivers32: vidc.dvsd - E:\Program Files\Matrox VFW Software Codecs\VFW32\mvcVfwDV.dll (Matrox Electronic Systems)
Drivers32: vidc.M101 - E:\Program Files\Matrox VFW Software Codecs\VFW32\mvcVfw.dll (Matrox Electronic Systems)
Drivers32: vidc.M102 - E:\Program Files\Matrox VFW Software Codecs\VFW32\mvcVfwHD.dll (Matrox Electronic Systems)
Drivers32: vidc.M103 - E:\Program Files\Matrox VFW Software Codecs\VFW32\mvcVfwYUVA.dll (Matrox Electronic Systems)
Drivers32: vidc.M104 - E:\Program Files\Matrox VFW Software Codecs\VFW32\mvcVfwYUVAHD.dll (Matrox Electronic Systems)
Drivers32: vidc.M301 - E:\Program Files\Matrox VFW Software Codecs\VFW32\mvcVfwRefAVI.dll (Matrox Electronic Systems)
Drivers32: vidc.M701 - E:\Program Files\Matrox VFW Software Codecs\VFW32\mvcVfwMpeg2HD.dll (Matrox Electronic Systems)
Drivers32: vidc.M702 - E:\Program Files\Matrox VFW Software Codecs\VFW32\mvcVfwMpeg2HDOffLine.dll (Matrox Electronic Systems)
Drivers32: vidc.M703 - E:\Program Files\Matrox VFW Software Codecs\VFW32\mvcVfwMpeg2HDV.dll (Matrox Electronic Systems)
Drivers32: vidc.M704 - E:\Program Files\Matrox VFW Software Codecs\VFW32\mvcVfwMpeg2Alpha.dll (Matrox Electronic Systems)
Drivers32: vidc.M705 - E:\Program Files\Matrox VFW Software Codecs\VFW32\mvcVfwMpeg2AlphaHD.dll (Matrox Electronic Systems)
Drivers32: vidc.MJPG - E:\Program Files\Matrox VFW Software Codecs\VFW32\mvcVfwMjpeg.dll (Matrox Electronic Systems)
Drivers32: vidc.MMES - E:\Program Files\Matrox VFW Software Codecs\VFW32\mvcVfwMpeg2.dll (Matrox Electronic Systems)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.21 13:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.06.21 13:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012.06.20 01:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.19 15:16:45 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\malware
[2012.06.12 12:33:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2012.06.12 12:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.06.12 12:28:07 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.06.12 12:28:06 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.06.12 12:28:06 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.06.12 12:28:06 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.06.12 12:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.06.12 12:28:02 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.06.12 09:17:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.06.12 09:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.12 09:17:21 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.11 23:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Zip Password Recovery Processor
[2012.06.11 23:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Elcomsoft Password Recovery
[2012.06.11 23:25:17 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\temp
[2012.06.11 21:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced ZIP Password Recovery
[2012.06.11 21:15:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pakeysoft ZIP Password Recovery
[2012.06.11 21:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZIP Password Recovery
[2012.06.11 21:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.06.11 20:39:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PWC
[2012.06.11 20:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\ElcomSoft
[2012.06.07 12:39:50 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Paris 2012
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.21 16:23:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.21 13:32:06 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.06.21 13:24:19 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.21 13:24:19 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.21 13:16:45 | 000,000,548 | ---- | M] () -- C:\Windows\tasks\MATLAB R2012a Startup Accelerator.job
[2012.06.21 13:15:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.21 13:15:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.21 13:15:29 | 2411,679,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.14 14:30:22 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.06.14 11:27:23 | 000,562,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.14 01:23:56 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.14 01:23:56 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.12 17:00:23 | 004,112,888 | ---- | M] () -- C:\Users\***\Desktop\Studienarbeit - Oliver Rösch.pdf
[2012.06.12 12:28:17 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.11 23:14:46 | 000,000,034 | ---- | M] () -- C:\Windows\ZipPwdDecry.INI
[2012.06.11 23:06:42 | 000,000,049 | ---- | M] () -- C:\Users\***\ziprecovery.ini
[2012.06.11 21:20:10 | 000,000,910 | ---- | M] () -- C:\Windows\AZPR3.INI
[2012.06.11 18:57:25 | 000,859,826 | ---- | M] () -- C:\resultslast.zip
 
========== Files Created - No Company Name ==========
 
[2012.06.21 13:32:06 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.06.20 13:17:12 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{1076b8ef-fe8b-072c-6b9f-e2fc8d0b214a}\U\00000001.@
[2012.06.14 14:30:22 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.06.12 12:28:17 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.11 23:14:46 | 000,000,034 | ---- | C] () -- C:\Windows\ZipPwdDecry.INI
[2012.06.11 23:06:38 | 000,000,049 | ---- | C] () -- C:\Users\***\ziprecovery.ini
[2012.06.11 22:52:09 | 000,859,826 | ---- | C] () -- C:\resultslast.zip
[2012.06.11 21:42:34 | 000,083,968 | ---- | C] () -- C:\Windows\UnGins.exe
[2012.06.11 21:19:41 | 000,000,910 | ---- | C] () -- C:\Windows\AZPR3.INI
[2012.05.31 23:29:49 | 004,112,888 | ---- | C] () -- C:\Users\***\Desktop\Studienarbeit - Oliver Rösch.pdf
[2012.05.14 12:39:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.03.31 00:44:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2012.01.11 14:45:54 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{1076b8ef-fe8b-072c-6b9f-e2fc8d0b214a}\@
[2012.01.11 14:45:54 | 000,002,048 | -HS- | C] () -- C:\Users\***\AppData\Local\{1076b8ef-fe8b-072c-6b9f-e2fc8d0b214a}\@
[2012.01.06 03:46:23 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2011.07.20 09:41:19 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2011.07.20 09:37:28 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2011.07.11 22:14:24 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.12 11:07:09 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.09 22:05:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.17 22:16:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.05.17 22:16:53 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2010.12.06 15:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\System32\abgx360.exe
 
========== LOP Check ==========
 
[2011.10.08 20:12:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\abgx360
[2011.06.17 22:02:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft
[2012.05.31 19:52:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.05.16 23:26:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.12.14 00:24:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011.07.21 12:21:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eTeks
[2011.08.14 16:16:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FireShot
[2011.12.28 00:09:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HEM Data
[2012.06.20 20:17:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.10.01 18:03:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2011.06.07 16:58:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JabRef 2.6
[2011.12.16 14:21:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Juniper Networks
[2012.06.21 16:44:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass
[2012.05.06 17:44:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LibreOffice
[2011.11.12 21:53:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011.05.13 22:32:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.06.11 20:40:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PWC
[2012.05.20 01:29:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScummVM
[2012.05.23 09:12:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StarOffice8
[2011.06.06 13:06:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SumatraPDF
[2011.05.17 16:46:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2011.05.09 22:19:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2012.06.21 13:16:45 | 000,000,548 | ---- | M] () -- C:\Windows\Tasks\MATLAB R2012a Startup Accelerator.job
[2012.05.08 10:05:44 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.10.08 20:12:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\abgx360
[2011.12.14 00:22:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2011.06.17 22:02:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft
[2011.06.16 21:55:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2012.06.12 12:33:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2011.11.18 16:35:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVS4YOU
[2012.05.31 19:52:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2011.08.14 00:53:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Corel
[2012.05.16 23:26:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.12.14 00:24:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011.12.31 18:42:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX
[2011.08.28 20:57:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2011.07.21 12:21:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eTeks
[2011.08.14 16:16:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FireShot
[2011.12.28 00:09:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HEM Data
[2012.06.20 20:17:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.05.09 19:08:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2011.10.01 18:03:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2011.06.07 16:58:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JabRef 2.6
[2011.12.16 14:21:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Juniper Networks
[2012.06.21 16:44:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass
[2012.05.06 17:44:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LibreOffice
[2011.05.10 19:16:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2011.11.12 21:53:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.06.12 09:17:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.04.25 21:32:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MathWorks
[2009.07.14 09:49:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011.12.31 18:42:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Player Classic
[2012.05.27 11:16:08 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2011.05.15 23:53:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MiKTeX
[2011.05.09 22:09:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.03.08 21:11:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla-Cache
[2011.11.18 16:04:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NCH Software
[2011.05.13 22:32:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.06.11 20:40:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PWC
[2012.05.20 01:29:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScummVM
[2012.06.20 22:48:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2012.01.10 18:46:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2012.05.23 09:12:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StarOffice8
[2011.06.06 13:06:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SumatraPDF
[2011.05.17 16:46:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2011.05.09 22:19:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2012.06.21 13:32:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2011.05.16 19:25:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.04.13 18:18:24 | 000,048,963 | ---- | M] () -- C:\Users\***\AppData\Roaming\JabRef 2.6\JabRef.exe
[2011.06.07 16:58:05 | 000,062,536 | ---- | M] (JabRef Team) -- C:\Users\***\AppData\Roaming\JabRef 2.6\uninstall.exe
[2011.06.03 19:32:28 | 000,149,368 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\dsmmf.exe
[2011.06.03 19:32:42 | 000,265,384 | ---- | M] (Juniper Networks) -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\JuniperCompMgrInstaller.exe
[2011.06.03 19:32:24 | 000,530,296 | ---- | M] (Juniper Networks) -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
[2011.06.03 19:31:08 | 000,335,496 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe
[2011.06.03 19:18:12 | 000,225,816 | ---- | M] () -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupXP.exe
[2011.06.03 19:32:46 | 000,051,360 | ---- | M] (Juniper Networks) -- C:\Users\***\AppData\Roaming\Juniper Networks\Setup Client\uninstall.exe
[2011.12.14 00:23:14 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.12.14 00:21:40 | 015,160,720 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe
[2011.11.12 21:33:48 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{9A9CEF47-6227-4D03-A3E0-55C2B64F61DE}\ARPPRODUCTICON.exe
[2011.11.12 21:33:48 | 000,009,662 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{9A9CEF47-6227-4D03-A3E0-55C2B64F61DE}\NewShortcut11_9A9CEF4762274D03A3E055C2B64F61DE.exe
[2011.11.12 21:33:48 | 000,009,662 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{9A9CEF47-6227-4D03-A3E0-55C2B64F61DE}\NewShortcut1_9A9CEF4762274D03A3E055C2B64F61DE.exe
[2010.10.02 21:06:49 | 001,288,704 | ---- | M] () -- C:\Users\***\AppData\Roaming\MiKTeX\2.9\miktex\bin\miktex-taskbar-icon.exe
[2010.10.02 21:06:49 | 001,288,704 | ---- | M] () -- C:\Users\***\AppData\Roaming\MiKTeX\2.9\miktex\bin\miktex-update.exe
[2010.10.02 21:06:51 | 001,288,704 | ---- | M] () -- C:\Users\***\AppData\Roaming\MiKTeX\2.9\miktex\bin\miktex-update_admin.exe
[2012.05.28 12:06:16 | 000,056,320 | ---- | M] (getfireshot.com) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4gcd6kzp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\crashreporter.exe
[2012.05.28 12:06:00 | 000,141,312 | ---- | M] (getfireshot.com) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4gcd6kzp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-container.exe
[2012.05.28 12:05:56 | 000,070,144 | ---- | M] (getfireshot.com) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4gcd6kzp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-deploy.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >

--- --- ---

cosinus 22.06.2012 11:43

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKU\S-1-5-21-1217613968-2587663232-1825071954-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2736476
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - user.js - File not found
[2011.05.25 16:07:56 | 000,000,925 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4gcd6kzp.default\searchplugins\conduit.xml
[2012.06.20 19:19:30 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4gcd6kzp.default\searchplugins\icqplugin-1.xml
[2011.05.17 00:51:02 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4gcd6kzp.default\searchplugins\icqplugin-2.xml
[2010.05.12 18:40:48 | 000,001,042 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4gcd6kzp.default\searchplugins\icqplugin.xml
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-1217613968-2587663232-1825071954-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Users\***\Desktop\PartyCasino.lnk File not found
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Users\***\Desktop\PartyCasino.lnk File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\***\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\***\Desktop\PartyPoker.lnk File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c1514ca6-9f98-11e1-917a-001f3ad0e7ab}\Shell - "" = AutoRun
O33 - MountPoints2\{c1514ca6-9f98-11e1-917a-001f3ad0e7ab}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{c1514ca6-9f98-11e1-917a-001f3ad0e7ab}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{c1514ca6-9f98-11e1-917a-001f3ad0e7ab}\Shell\install\command - "" = G:\SETUP.EXE
:Files
C:\Windows\Installer\{1076b8ef-fe8b-072c-6b9f-e2fc8d0b214a}\@
C:\Users\***\AppData\Local\{1076b8ef-fe8b-072c-6b9f-e2fc8d0b214a}\@
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

ikos 22.06.2012 14:05

Hier die erzeugte Log von dem Fix

Code:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
HKU\S-1-5-21-1217613968-2587663232-1825071954-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Freeware.de Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" removed from keyword.URL
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4gcd6kzp.default\searchplugins\conduit.xml moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4gcd6kzp.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4gcd6kzp.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4gcd6kzp.default\searchplugins\icqplugin.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files\Microsoft\BingBar\BingExt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
C:\Program Files\Hotspot Shield\HssIE\HssIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_USERS\S-1-5-21-1217613968-2587663232-1825071954-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1514ca6-9f98-11e1-917a-001f3ad0e7ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1514ca6-9f98-11e1-917a-001f3ad0e7ab}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1514ca6-9f98-11e1-917a-001f3ad0e7ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1514ca6-9f98-11e1-917a-001f3ad0e7ab}\ not found.
File G:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1514ca6-9f98-11e1-917a-001f3ad0e7ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1514ca6-9f98-11e1-917a-001f3ad0e7ab}\ not found.
File G:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1514ca6-9f98-11e1-917a-001f3ad0e7ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1514ca6-9f98-11e1-917a-001f3ad0e7ab}\ not found.
File G:\SETUP.EXE not found.
========== FILES ==========
C:\Windows\Installer\{1076b8ef-fe8b-072c-6b9f-e2fc8d0b214a}\@ moved successfully.
C:\Users\***\AppData\Local\{1076b8ef-fe8b-072c-6b9f-e2fc8d0b214a}\@ moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Public
 
User: ***
->Temp folder emptied: 138780291 bytes
->Temporary Internet Files folder emptied: 621178460 bytes
->Java cache emptied: 1893528 bytes
->FireFox cache emptied: 49769753 bytes
->Google Chrome cache emptied: 10038166 bytes
->Flash cache emptied: 15220533 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 383135161 bytes
RecycleBin emptied: 4689818 bytes
 
Total Files Cleaned = 1.168,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: postgres
->Flash cache emptied: 0 bytes
 
User: Public
 
User: ***
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.50.0 log created on 06222012_132911

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


cosinus 24.06.2012 14:55

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

ikos 24.06.2012 15:53

Hier die Log.

Code:

16:50:46.0188 3560        TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
16:50:46.0283 3560        ============================================================
16:50:46.0283 3560        Current date / time: 2012/06/24 16:50:46.0283
16:50:46.0283 3560        SystemInfo:
16:50:46.0283 3560       
16:50:46.0284 3560        OS Version: 6.1.7601 ServicePack: 1.0
16:50:46.0284 3560        Product type: Workstation
16:50:46.0284 3560        ComputerName: ROESCH-PC
16:50:46.0284 3560        UserName: Roesch
16:50:46.0284 3560        Windows directory: C:\Windows
16:50:46.0284 3560        System windows directory: C:\Windows
16:50:46.0284 3560        Processor architecture: Intel x86
16:50:46.0284 3560        Number of processors: 2
16:50:46.0284 3560        Page size: 0x1000
16:50:46.0284 3560        Boot type: Normal boot
16:50:46.0285 3560        ============================================================
16:50:47.0436 3560        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:50:47.0438 3560        ============================================================
16:50:47.0438 3560        \Device\Harddisk0\DR0:
16:50:47.0438 3560        MBR partitions:
16:50:47.0438 3560        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:50:47.0438 3560        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6176000
16:50:47.0438 3560        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x61A8800, BlocksNum 0x1388000
16:50:47.0438 3560        \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7530800, BlocksNum 0x1DEFD800
16:50:47.0438 3560        ============================================================
16:50:47.0454 3560        C: <-> \Device\Harddisk0\DR0\Partition1
16:50:47.0485 3560        D: <-> \Device\Harddisk0\DR0\Partition2
16:50:47.0517 3560        E: <-> \Device\Harddisk0\DR0\Partition3
16:50:47.0517 3560        ============================================================
16:50:47.0517 3560        Initialize success
16:50:47.0517 3560        ============================================================
16:50:54.0510 0492        ============================================================
16:50:54.0510 0492        Scan started
16:50:54.0510 0492        Mode: Manual; SigCheck; TDLFS;
16:50:54.0510 0492        ============================================================
16:50:55.0248 0492        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
16:50:55.0325 0492        1394ohci - ok
16:50:55.0365 0492        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
16:50:55.0381 0492        ACPI - ok
16:50:55.0409 0492        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
16:50:55.0423 0492        AcpiPmi - ok
16:50:55.0482 0492        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
16:50:55.0500 0492        adp94xx - ok
16:50:55.0541 0492        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
16:50:55.0557 0492        adpahci - ok
16:50:55.0583 0492        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
16:50:55.0596 0492        adpu320 - ok
16:50:55.0628 0492        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
16:50:55.0641 0492        AeLookupSvc - ok
16:50:55.0707 0492        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
16:50:55.0728 0492        AFD - ok
16:50:55.0766 0492        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
16:50:55.0798 0492        agp440 - ok
16:50:55.0829 0492        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
16:50:55.0846 0492        aic78xx - ok
16:50:55.0865 0492        ALG            (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
16:50:55.0878 0492        ALG - ok
16:50:55.0893 0492        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
16:50:55.0904 0492        aliide - ok
16:50:55.0913 0492        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
16:50:55.0925 0492        amdagp - ok
16:50:55.0937 0492        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
16:50:55.0949 0492        amdide - ok
16:50:55.0982 0492        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
16:50:55.0995 0492        AmdK8 - ok
16:50:56.0015 0492        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
16:50:56.0028 0492        AmdPPM - ok
16:50:56.0069 0492        amdsata        (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
16:50:56.0099 0492        amdsata - ok
16:50:56.0122 0492        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
16:50:56.0135 0492        amdsbs - ok
16:50:56.0151 0492        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
16:50:56.0162 0492        amdxata - ok
16:50:56.0281 0492        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:50:56.0310 0492        AntiVirSchedulerService - ok
16:50:56.0624 0492        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:50:56.0634 0492        AntiVirService - ok
16:50:56.0662 0492        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
16:50:56.0686 0492        AppID - ok
16:50:56.0715 0492        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
16:50:56.0738 0492        AppIDSvc - ok
16:50:56.0767 0492        Appinfo        (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
16:50:56.0791 0492        Appinfo - ok
16:50:56.0855 0492        Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:50:56.0878 0492        Apple Mobile Device - ok
16:50:56.0924 0492        AppMgmt        (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
16:50:56.0942 0492        AppMgmt - ok
16:50:56.0970 0492        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
16:50:56.0987 0492        arc - ok
16:50:57.0008 0492        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
16:50:57.0020 0492        arcsas - ok
16:50:57.0046 0492        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
16:50:57.0071 0492        AsyncMac - ok
16:50:57.0097 0492        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
16:50:57.0109 0492        atapi - ok
16:50:57.0185 0492        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
16:50:57.0249 0492        AudioEndpointBuilder - ok
16:50:57.0257 0492        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
16:50:57.0288 0492        Audiosrv - ok
16:50:57.0344 0492        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
16:50:57.0367 0492        avgntflt - ok
16:50:57.0396 0492        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
16:50:57.0407 0492        avipbb - ok
16:50:57.0434 0492        avkmgr          (53e56450da16a1a7f0d002f511113f67) C:\Windows\system32\DRIVERS\avkmgr.sys
16:50:57.0444 0492        avkmgr - ok
16:50:57.0530 0492        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
16:50:57.0552 0492        AxInstSV - ok
16:50:57.0612 0492        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
16:50:57.0633 0492        b06bdrv - ok
16:50:57.0669 0492        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:50:57.0688 0492        b57nd60x - ok
16:50:57.0795 0492        BBSvc          (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
16:50:57.0821 0492        BBSvc - ok
16:50:57.0845 0492        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
16:50:57.0858 0492        BDESVC - ok
16:50:57.0869 0492        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
16:50:57.0893 0492        Beep - ok
16:50:57.0952 0492        BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
16:50:57.0982 0492        BITS - ok
16:50:57.0998 0492        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
16:50:58.0010 0492        blbdrive - ok
16:50:58.0058 0492        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
16:50:58.0070 0492        bowser - ok
16:50:58.0081 0492        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:50:58.0094 0492        BrFiltLo - ok
16:50:58.0112 0492        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:50:58.0126 0492        BrFiltUp - ok
16:50:58.0355 0492        Browser        (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
16:50:58.0400 0492        Browser - ok
16:50:58.0431 0492        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
16:50:58.0451 0492        Brserid - ok
16:50:58.0464 0492        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
16:50:58.0482 0492        BrSerWdm - ok
16:50:58.0485 0492        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:50:58.0499 0492        BrUsbMdm - ok
16:50:58.0502 0492        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
16:50:58.0515 0492        BrUsbSer - ok
16:50:58.0647 0492        BstHdAndroidSvc (52d8866f682a7fc210446930b3201eeb) C:\Program Files\BlueStacks\HD-Service.exe
16:50:58.0681 0492        BstHdAndroidSvc - ok
16:50:58.0728 0492        BstHdDrv        (75203ff9fcf67b7f7ac5007e3c61cfe9) C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys
16:50:58.0740 0492        BstHdDrv - ok
16:50:58.0806 0492        BstHdLogRotatorSvc (cce8303fc02e2a47e15d1b794c5e0bb8) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
16:50:58.0846 0492        BstHdLogRotatorSvc - ok
16:50:58.0881 0492        BthEnum        (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
16:50:58.0897 0492        BthEnum - ok
16:50:58.0916 0492        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
16:50:58.0935 0492        BTHMODEM - ok
16:50:58.0968 0492        BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
16:50:58.0982 0492        BthPan - ok
16:50:59.0021 0492        BTHPORT        (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
16:50:59.0036 0492        BTHPORT - ok
16:50:59.0071 0492        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
16:50:59.0113 0492        bthserv - ok
16:50:59.0123 0492        BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
16:50:59.0134 0492        BTHUSB - ok
16:50:59.0160 0492        btusbflt        (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
16:50:59.0169 0492        btusbflt - ok
16:50:59.0189 0492        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
16:50:59.0214 0492        cdfs - ok
16:50:59.0278 0492        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
16:50:59.0295 0492        cdrom - ok
16:50:59.0338 0492        CertPropSvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
16:50:59.0381 0492        CertPropSvc - ok
16:50:59.0408 0492        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
16:50:59.0422 0492        circlass - ok
16:50:59.0451 0492        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
16:50:59.0466 0492        CLFS - ok
16:50:59.0557 0492        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:50:59.0589 0492        clr_optimization_v2.0.50727_32 - ok
16:50:59.0681 0492        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:50:59.0705 0492        clr_optimization_v4.0.30319_32 - ok
16:50:59.0746 0492        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
16:50:59.0762 0492        CmBatt - ok
16:50:59.0787 0492        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
16:50:59.0802 0492        cmdide - ok
16:50:59.0860 0492        CNG            (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
16:50:59.0892 0492        CNG - ok
16:50:59.0917 0492        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
16:50:59.0928 0492        Compbatt - ok
16:50:59.0963 0492        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
16:50:59.0994 0492        CompositeBus - ok
16:51:00.0009 0492        COMSysApp - ok
16:51:00.0070 0492        cpuz135 - ok
16:51:00.0094 0492        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
16:51:00.0120 0492        crcdisk - ok
16:51:00.0181 0492        CryptSvc        (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
16:51:00.0213 0492        CryptSvc - ok
16:51:00.0271 0492        CSC            (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
16:51:00.0302 0492        CSC - ok
16:51:00.0341 0492        CscService      (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
16:51:00.0358 0492        CscService - ok
16:51:00.0390 0492        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
16:51:00.0418 0492        DcomLaunch - ok
16:51:00.0445 0492        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
16:51:00.0472 0492        defragsvc - ok
16:51:00.0526 0492        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
16:51:00.0564 0492        DfsC - ok
16:51:00.0617 0492        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
16:51:00.0672 0492        Dhcp - ok
16:51:00.0692 0492        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
16:51:00.0724 0492        discache - ok
16:51:00.0763 0492        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
16:51:00.0775 0492        Disk - ok
16:51:00.0825 0492        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
16:51:00.0848 0492        Dnscache - ok
16:51:00.0891 0492        dot3svc        (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
16:51:00.0926 0492        dot3svc - ok
16:51:00.0960 0492        DPS            (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
16:51:00.0984 0492        DPS - ok
16:51:01.0018 0492        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
16:51:01.0050 0492        drmkaud - ok
16:51:01.0089 0492        dsNcAdpt        (b2c3f71b86e25c3df78339ddb40a7562) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
16:51:01.0111 0492        dsNcAdpt - ok
16:51:01.0222 0492        dsNcService    (60ae3d932bc594ff9cdc91f7cd2c2015) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
16:51:01.0247 0492        dsNcService - ok
16:51:01.0322 0492        dtsoftbus01    (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:51:01.0349 0492        dtsoftbus01 - ok
16:51:01.0434 0492        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
16:51:01.0476 0492        DXGKrnl - ok
16:51:01.0527 0492        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
16:51:01.0578 0492        EapHost - ok
16:51:01.0830 0492        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
16:51:01.0874 0492        ebdrv - ok
16:51:01.0972 0492        EFS            (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
16:51:02.0007 0492        EFS - ok
16:51:02.0094 0492        ehRecvr        (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
16:51:02.0133 0492        ehRecvr - ok
16:51:02.0165 0492        ehSched        (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
16:51:02.0178 0492        ehSched - ok
16:51:02.0238 0492        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
16:51:02.0280 0492        elxstor - ok
16:51:02.0315 0492        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
16:51:02.0327 0492        ErrDev - ok
16:51:02.0366 0492        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
16:51:02.0394 0492        EventSystem - ok
16:51:02.0423 0492        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
16:51:02.0448 0492        exfat - ok
16:51:02.0541 0492        Fabs - ok
16:51:02.0574 0492        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
16:51:02.0621 0492        fastfat - ok
16:51:02.0685 0492        Fax            (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
16:51:02.0710 0492        Fax - ok
16:51:02.0727 0492        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
16:51:02.0739 0492        fdc - ok
16:51:02.0745 0492        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
16:51:02.0771 0492        fdPHost - ok
16:51:02.0780 0492        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
16:51:02.0806 0492        FDResPub - ok
16:51:02.0824 0492        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
16:51:02.0835 0492        FileInfo - ok
16:51:02.0845 0492        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
16:51:02.0870 0492        Filetrace - ok
16:51:03.0122 0492        FirebirdServerMAGIXInstance (fff1130f7c9fa01d093a1edfc5cce8fc) C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
16:51:03.0172 0492        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
16:51:03.0172 0492        FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
16:51:03.0263 0492        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
16:51:03.0280 0492        flpydisk - ok
16:51:03.0309 0492        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
16:51:03.0328 0492        FltMgr - ok
16:51:03.0450 0492        FontCache      (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
16:51:03.0488 0492        FontCache - ok
16:51:03.0535 0492        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:51:03.0558 0492        FontCache3.0.0.0 - ok
16:51:03.0571 0492        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
16:51:03.0587 0492        FsDepends - ok
16:51:03.0632 0492        fssfltr        (bfaaa92861526bb0adcd01e964ab6609) C:\Windows\system32\DRIVERS\fssfltr.sys
16:51:03.0644 0492        fssfltr - ok
16:51:03.0809 0492        fsssvc          (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
16:51:03.0855 0492        fsssvc - ok
16:51:03.0968 0492        Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
16:51:03.0993 0492        Fs_Rec - ok
16:51:04.0048 0492        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
16:51:04.0094 0492        fvevol - ok
16:51:04.0128 0492        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:51:04.0144 0492        gagp30kx - ok
16:51:04.0174 0492        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:51:04.0185 0492        GEARAspiWDM - ok
16:51:04.0259 0492        gpsvc          (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
16:51:04.0296 0492        gpsvc - ok
16:51:04.0403 0492        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:51:04.0430 0492        gupdate - ok
16:51:04.0438 0492        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:51:04.0448 0492        gupdatem - ok
16:51:04.0465 0492        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
16:51:04.0478 0492        hcw85cir - ok
16:51:04.0534 0492        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
16:51:04.0565 0492        HdAudAddService - ok
16:51:04.0595 0492        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
16:51:04.0609 0492        HDAudBus - ok
16:51:04.0632 0492        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
16:51:04.0644 0492        HidBatt - ok
16:51:04.0664 0492        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
16:51:04.0679 0492        HidBth - ok
16:51:04.0707 0492        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
16:51:04.0720 0492        HidIr - ok
16:51:04.0754 0492        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
16:51:04.0780 0492        hidserv - ok
16:51:04.0837 0492        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
16:51:04.0863 0492        HidUsb - ok
16:51:04.0893 0492        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
16:51:04.0927 0492        hkmsvc - ok
16:51:04.0953 0492        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
16:51:04.0973 0492        HomeGroupListener - ok
16:51:05.0021 0492        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
16:51:05.0049 0492        HomeGroupProvider - ok
16:51:05.0086 0492        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
16:51:05.0103 0492        HpSAMD - ok
16:51:05.0276 0492        hshld          (b7cfe93627e7796624004687125a729f) C:\Program Files\Hotspot Shield\bin\openvpnas.exe
16:51:05.0312 0492        hshld - ok
16:51:05.0325 0492        HssDrv          (4f28652ec514fa1ba473bc1a695a5c98) C:\Windows\system32\DRIVERS\HssDrv.sys
16:51:05.0333 0492        HssDrv - ok
16:51:05.0419 0492        HssSrv          (2cfea9c337b699aca38487e8a7438f35) C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
16:51:05.0454 0492        HssSrv - ok
16:51:05.0498 0492        HssTrayService  (b3c6eeeff5c5ea3235b7d84317c1fb3f) C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
16:51:05.0507 0492        HssTrayService - ok
16:51:05.0514 0492        HssWd - ok
16:51:05.0583 0492        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
16:51:05.0611 0492        HTTP - ok
16:51:05.0647 0492        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
16:51:05.0658 0492        hwpolicy - ok
16:51:05.0711 0492        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
16:51:05.0750 0492        i8042prt - ok
16:51:05.0821 0492        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
16:51:05.0855 0492        iaStorV - ok
16:51:05.0977 0492        idsvc          (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:51:06.0015 0492        idsvc - ok
16:51:06.0037 0492        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
16:51:06.0048 0492        iirsp - ok
16:51:06.0116 0492        IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
16:51:06.0166 0492        IKEEXT - ok
16:51:06.0184 0492        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
16:51:06.0195 0492        intelide - ok
16:51:06.0223 0492        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
16:51:06.0235 0492        intelppm - ok
16:51:06.0259 0492        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
16:51:06.0285 0492        IPBusEnum - ok
16:51:06.0300 0492        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:51:06.0325 0492        IpFilterDriver - ok
16:51:06.0358 0492        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
16:51:06.0389 0492        IPMIDRV - ok
16:51:06.0408 0492        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
16:51:06.0434 0492        IPNAT - ok
16:51:06.0550 0492        iPod Service    (b84a28b3984185eda8867541af14cddb) C:\Program Files\iPod\bin\iPodService.exe
16:51:06.0579 0492        iPod Service - ok
16:51:06.0610 0492        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
16:51:06.0624 0492        IRENUM - ok
16:51:06.0653 0492        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
16:51:06.0664 0492        isapnp - ok
16:51:06.0687 0492        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
16:51:06.0701 0492        iScsiPrt - ok
16:51:06.0723 0492        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
16:51:06.0735 0492        kbdclass - ok
16:51:06.0754 0492        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
16:51:06.0766 0492        kbdhid - ok
16:51:06.0795 0492        KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:51:06.0807 0492        KeyIso - ok
16:51:06.0817 0492        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
16:51:06.0829 0492        KSecDD - ok
16:51:06.0864 0492        KSecPkg        (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
16:51:06.0896 0492        KSecPkg - ok
16:51:06.0943 0492        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
16:51:06.0983 0492        KtmRm - ok
16:51:07.0020 0492        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
16:51:07.0064 0492        LanmanServer - ok
16:51:07.0091 0492        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
16:51:07.0117 0492        LanmanWorkstation - ok
16:51:07.0152 0492        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
16:51:07.0177 0492        lltdio - ok
16:51:07.0208 0492        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
16:51:07.0235 0492        lltdsvc - ok
16:51:07.0248 0492        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
16:51:07.0272 0492        lmhosts - ok
16:51:07.0294 0492        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:51:07.0306 0492        LSI_FC - ok
16:51:07.0327 0492        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:51:07.0339 0492        LSI_SAS - ok
16:51:07.0356 0492        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:51:07.0368 0492        LSI_SAS2 - ok
16:51:07.0385 0492        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:51:07.0398 0492        LSI_SCSI - ok
16:51:07.0410 0492        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
16:51:07.0435 0492        luafv - ok
16:51:07.0483 0492        MBAMProtector  (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
16:51:07.0505 0492        MBAMProtector - ok
16:51:07.0652 0492        MBAMService    (ba400ed640bca1eae5c727ae17c10207) E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:51:07.0689 0492        MBAMService - ok
16:51:07.0726 0492        Mcx2Svc        (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
16:51:07.0745 0492        Mcx2Svc - ok
16:51:07.0775 0492        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
16:51:07.0791 0492        megasas - ok
16:51:07.0829 0492        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
16:51:07.0849 0492        MegaSR - ok
16:51:07.0923 0492        Microsoft SharePoint Workspace Audit Service - ok
16:51:07.0974 0492        MMCSS          (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:51:08.0027 0492        MMCSS - ok
16:51:08.0039 0492        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
16:51:08.0064 0492        Modem - ok
16:51:08.0086 0492        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
16:51:08.0099 0492        monitor - ok
16:51:08.0149 0492        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
16:51:08.0166 0492        mouclass - ok
16:51:08.0224 0492        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
16:51:08.0253 0492        mouhid - ok
16:51:08.0402 0492        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
16:51:08.0430 0492        mountmgr - ok
16:51:08.0468 0492        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
16:51:08.0481 0492        mpio - ok
16:51:08.0494 0492        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
16:51:08.0517 0492        mpsdrv - ok
16:51:08.0548 0492        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
16:51:08.0564 0492        MRxDAV - ok
16:51:08.0606 0492        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:51:08.0638 0492        mrxsmb - ok
16:51:08.0673 0492        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:51:08.0687 0492        mrxsmb10 - ok
16:51:08.0698 0492        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:51:08.0711 0492        mrxsmb20 - ok
16:51:08.0748 0492        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
16:51:08.0760 0492        msahci - ok
16:51:08.0784 0492        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
16:51:08.0796 0492        msdsm - ok
16:51:08.0820 0492        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
16:51:08.0834 0492        MSDTC - ok
16:51:08.0869 0492        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
16:51:08.0894 0492        Msfs - ok
16:51:08.0904 0492        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
16:51:08.0929 0492        mshidkmdf - ok
16:51:08.0944 0492        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
16:51:08.0955 0492        msisadrv - ok
16:51:08.0994 0492        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
16:51:09.0043 0492        MSiSCSI - ok
16:51:09.0046 0492        msiserver - ok
16:51:09.0072 0492        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
16:51:09.0100 0492        MSKSSRV - ok
16:51:09.0107 0492        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
16:51:09.0134 0492        MSPCLOCK - ok
16:51:09.0138 0492        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
16:51:09.0164 0492        MSPQM - ok
16:51:09.0181 0492        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
16:51:09.0195 0492        MsRPC - ok
16:51:09.0224 0492        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
16:51:09.0235 0492        mssmbios - ok
16:51:09.0238 0492        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
16:51:09.0263 0492        MSTEE - ok
16:51:09.0271 0492        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
16:51:09.0283 0492        MTConfig - ok
16:51:09.0293 0492        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
16:51:09.0305 0492        Mup - ok
16:51:09.0351 0492        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
16:51:09.0378 0492        napagent - ok
16:51:09.0430 0492        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
16:51:09.0447 0492        NativeWifiP - ok
16:51:09.0502 0492        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
16:51:09.0523 0492        NDIS - ok
16:51:09.0542 0492        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
16:51:09.0567 0492        NdisCap - ok
16:51:09.0595 0492        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
16:51:09.0618 0492        NdisTapi - ok
16:51:09.0651 0492        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
16:51:09.0675 0492        Ndisuio - ok
16:51:09.0711 0492        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
16:51:09.0735 0492        NdisWan - ok
16:51:09.0768 0492        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
16:51:09.0792 0492        NDProxy - ok
16:51:09.0805 0492        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
16:51:09.0830 0492        NetBIOS - ok
16:51:09.0870 0492        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
16:51:09.0912 0492        NetBT - ok
16:51:09.0940 0492        Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:51:09.0952 0492        Netlogon - ok
16:51:09.0998 0492        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
16:51:10.0047 0492        Netman - ok
16:51:10.0082 0492        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
16:51:10.0111 0492        netprofm - ok
16:51:10.0158 0492        NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:51:10.0169 0492        NetTcpPortSharing - ok
16:51:10.0662 0492        NETw5s32        (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
16:51:10.0743 0492        NETw5s32 - ok
16:51:11.0162 0492        netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
16:51:11.0218 0492        netw5v32 - ok
16:51:11.0297 0492        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
16:51:11.0329 0492        nfrd960 - ok
16:51:11.0380 0492        NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
16:51:11.0406 0492        NlaSvc - ok
16:51:11.0421 0492        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
16:51:11.0447 0492        Npfs - ok
16:51:11.0475 0492        nsi            (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
16:51:11.0502 0492        nsi - ok
16:51:11.0513 0492        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
16:51:11.0538 0492        nsiproxy - ok
16:51:11.0643 0492        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
16:51:11.0678 0492        Ntfs - ok
16:51:11.0690 0492        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
16:51:11.0714 0492        Null - ok
16:51:12.0386 0492        nvlddmkm        (519d5e6b7fa9542c42437b2dfdcfafd1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:51:12.0499 0492        nvlddmkm - ok
16:51:12.0665 0492        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
16:51:12.0694 0492        nvraid - ok
16:51:12.0713 0492        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
16:51:12.0732 0492        nvstor - ok
16:51:12.0760 0492        nvsvc          (d9295d59e8c69537b87d0dc638f61b76) C:\Windows\system32\nvvsvc.exe
16:51:12.0772 0492        nvsvc - ok
16:51:12.0803 0492        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
16:51:12.0816 0492        nv_agp - ok
16:51:12.0831 0492        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
16:51:12.0843 0492        ohci1394 - ok
16:51:12.0929 0492        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:51:12.0956 0492        ose - ok
16:51:13.0356 0492        osppsvc        (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:51:13.0438 0492        osppsvc - ok
16:51:13.0639 0492        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:51:13.0660 0492        p2pimsvc - ok
16:51:13.0697 0492        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
16:51:13.0719 0492        p2psvc - ok
16:51:13.0770 0492        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
16:51:13.0800 0492        Parport - ok
16:51:13.0829 0492        partmgr        (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
16:51:13.0841 0492        partmgr - ok
16:51:13.0851 0492        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
16:51:13.0863 0492        Parvdm - ok
16:51:13.0884 0492        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
16:51:13.0901 0492        PcaSvc - ok
16:51:13.0945 0492        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
16:51:13.0958 0492        pci - ok
16:51:13.0970 0492        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
16:51:13.0982 0492        pciide - ok
16:51:14.0000 0492        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
16:51:14.0014 0492        pcmcia - ok
16:51:14.0024 0492        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
16:51:14.0036 0492        pcw - ok
16:51:14.0088 0492        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
16:51:14.0119 0492        PEAUTH - ok
16:51:14.0201 0492        PeerDistSvc    (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
16:51:14.0234 0492        PeerDistSvc - ok
16:51:14.0370 0492        pla            (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
16:51:14.0418 0492        pla - ok
16:51:14.0545 0492        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
16:51:14.0570 0492        PlugPlay - ok
16:51:14.0590 0492        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
16:51:14.0602 0492        PNRPAutoReg - ok
16:51:14.0627 0492        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:51:14.0642 0492        PNRPsvc - ok
16:51:14.0676 0492        PolicyAgent    (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
16:51:14.0703 0492        PolicyAgent - ok
16:51:14.0799 0492        postgresql-8.4 - ok
16:51:14.0845 0492        Power          (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
16:51:14.0897 0492        Power - ok
16:51:14.0961 0492        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
16:51:15.0010 0492        PptpMiniport - ok
16:51:15.0030 0492        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
16:51:15.0043 0492        Processor - ok
16:51:15.0084 0492        ProfSvc        (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
16:51:15.0098 0492        ProfSvc - ok
16:51:15.0130 0492        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:51:15.0143 0492        ProtectedStorage - ok
16:51:15.0163 0492        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
16:51:15.0189 0492        Psched - ok
16:51:15.0286 0492        PSI_SVC_2      (0b6dea0a1662cab8f2bf339dc0752ef4) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
16:51:15.0314 0492        PSI_SVC_2 - ok
16:51:15.0404 0492        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
16:51:15.0438 0492        ql2300 - ok
16:51:15.0562 0492        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
16:51:15.0597 0492        ql40xx - ok
16:51:15.0622 0492        QWAVE          (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
16:51:15.0639 0492        QWAVE - ok
16:51:15.0652 0492        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
16:51:15.0667 0492        QWAVEdrv - ok
16:51:15.0675 0492        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
16:51:15.0700 0492        RasAcd - ok
16:51:15.0738 0492        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:51:15.0761 0492        RasAgileVpn - ok
16:51:15.0778 0492        RasAuto        (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
16:51:15.0805 0492        RasAuto - ok
16:51:15.0815 0492        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:51:15.0841 0492        Rasl2tp - ok
16:51:15.0889 0492        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
16:51:15.0916 0492        RasMan - ok
16:51:15.0928 0492        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
16:51:15.0953 0492        RasPppoe - ok
16:51:15.0972 0492        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
16:51:15.0995 0492        RasSstp - ok
16:51:16.0036 0492        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
16:51:16.0061 0492        rdbss - ok
16:51:16.0075 0492        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
16:51:16.0089 0492        rdpbus - ok
16:51:16.0119 0492        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:51:16.0143 0492        RDPCDD - ok
16:51:16.0163 0492        RDPDR          (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
16:51:16.0175 0492        RDPDR - ok
16:51:16.0194 0492        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
16:51:16.0218 0492        RDPENCDD - ok
16:51:16.0224 0492        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
16:51:16.0248 0492        RDPREFMP - ok
16:51:16.0292 0492        RDPWD          (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
16:51:16.0321 0492        RDPWD - ok
16:51:16.0366 0492        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
16:51:16.0379 0492        rdyboost - ok
16:51:16.0403 0492        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
16:51:16.0428 0492        RemoteAccess - ok
16:51:16.0454 0492        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
16:51:16.0482 0492        RemoteRegistry - ok
16:51:16.0516 0492        RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
16:51:16.0531 0492        RFCOMM - ok
16:51:16.0553 0492        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
16:51:16.0580 0492        RpcEptMapper - ok
16:51:16.0603 0492        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
16:51:16.0616 0492        RpcLocator - ok
16:51:16.0783 0492        RpcSs          (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
16:51:16.0829 0492        RpcSs - ok
16:51:16.0857 0492        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
16:51:16.0882 0492        rspndr - ok
16:51:16.0907 0492        s3cap          (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
16:51:16.0919 0492        s3cap - ok
16:51:16.0942 0492        SamSs          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:51:16.0954 0492        SamSs - ok
16:51:16.0986 0492        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
16:51:16.0998 0492        sbp2port - ok
16:51:17.0041 0492        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
16:51:17.0067 0492        SCardSvr - ok
16:51:17.0089 0492        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
16:51:17.0113 0492        scfilter - ok
16:51:17.0181 0492        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
16:51:17.0225 0492        Schedule - ok
16:51:17.0252 0492        SCPolicySvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
16:51:17.0275 0492        SCPolicySvc - ok
16:51:17.0317 0492        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
16:51:17.0347 0492        SDRSVC - ok
16:51:17.0474 0492        SeaPort        (78779ee07231c658b483b1f38b5088df) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
16:51:17.0500 0492        SeaPort - ok
16:51:17.0536 0492        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:51:17.0570 0492        secdrv - ok
16:51:17.0945 0492        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
16:51:17.0993 0492        seclogon - ok
16:51:18.0022 0492        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
16:51:18.0048 0492        SENS - ok
16:51:18.0091 0492        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
16:51:18.0121 0492        SensrSvc - ok
16:51:18.0134 0492        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
16:51:18.0146 0492        Serenum - ok
16:51:18.0158 0492        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
16:51:18.0172 0492        Serial - ok
16:51:18.0203 0492        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
16:51:18.0216 0492        sermouse - ok
16:51:18.0260 0492        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
16:51:18.0286 0492        SessionEnv - ok
16:51:18.0319 0492        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
16:51:18.0333 0492        sffdisk - ok
16:51:18.0341 0492        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
16:51:18.0354 0492        sffp_mmc - ok
16:51:18.0360 0492        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
16:51:18.0374 0492        sffp_sd - ok
16:51:18.0392 0492        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
16:51:18.0405 0492        sfloppy - ok
16:51:18.0459 0492        ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
16:51:18.0523 0492        ShellHWDetection - ok
16:51:18.0540 0492        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
16:51:18.0553 0492        sisagp - ok
16:51:18.0584 0492        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:51:18.0596 0492        SiSRaid2 - ok
16:51:18.0605 0492        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
16:51:18.0617 0492        SiSRaid4 - ok
16:51:18.0692 0492        SkypeUpdate    (6128e98eaaed364ed1a32708d2fd22cb) E:\Program Files\Skype\Updater\Updater.exe
16:51:18.0706 0492        SkypeUpdate - ok
16:51:18.0745 0492        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
16:51:18.0809 0492        Smb - ok
16:51:18.0847 0492        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
16:51:18.0861 0492        SNMPTRAP - ok
16:51:18.0880 0492        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
16:51:18.0893 0492        spldr - ok
16:51:18.0942 0492        Spooler        (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
16:51:19.0003 0492        Spooler - ok
16:51:19.0376 0492        sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
16:51:19.0441 0492        sppsvc - ok
16:51:19.0598 0492        sppuinotify    (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
16:51:19.0643 0492        sppuinotify - ok
16:51:19.0713 0492        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
16:51:19.0742 0492        srv - ok
16:51:19.0766 0492        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
16:51:19.0780 0492        srv2 - ok
16:51:19.0799 0492        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
16:51:19.0812 0492        srvnet - ok
16:51:19.0852 0492        ssadbus        (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys
16:51:19.0866 0492        ssadbus - ok
16:51:19.0915 0492        ssadmdfl        (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys
16:51:19.0944 0492        ssadmdfl - ok
16:51:19.0988 0492        ssadmdm        (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys
16:51:20.0006 0492        ssadmdm - ok
16:51:20.0045 0492        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
16:51:20.0079 0492        SSDPSRV - ok
16:51:20.0105 0492        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
16:51:20.0114 0492        ssmdrv - ok
16:51:20.0133 0492        SstpSvc        (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
16:51:20.0158 0492        SstpSvc - ok
16:51:20.0176 0492        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
16:51:20.0188 0492        stexstor - ok
16:51:20.0243 0492        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
16:51:20.0264 0492        StiSvc - ok
16:51:20.0289 0492        storflt        (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
16:51:20.0301 0492        storflt - ok
16:51:20.0330 0492        StorSvc        (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
16:51:20.0343 0492        StorSvc - ok
16:51:20.0374 0492        storvsc        (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
16:51:20.0386 0492        storvsc - ok
16:51:20.0394 0492        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
16:51:20.0406 0492        swenum - ok
16:51:20.0431 0492        swprv          (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
16:51:20.0460 0492        swprv - ok
16:51:20.0571 0492        SysMain        (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
16:51:20.0611 0492        SysMain - ok
16:51:20.0635 0492        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
16:51:20.0652 0492        TabletInputService - ok
16:51:20.0717 0492        taphss          (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
16:51:20.0733 0492        taphss - ok
16:51:20.0769 0492        TapiSrv        (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
16:51:20.0807 0492        TapiSrv - ok
16:51:20.0849 0492        tapoas          (827c8058c284ff0013e4462efe2591a3) C:\Windows\system32\DRIVERS\tapoas.sys
16:51:20.0874 0492        tapoas - ok
16:51:20.0907 0492        TBS            (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
16:51:20.0972 0492        TBS - ok
16:51:21.0089 0492        Tcpip          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
16:51:21.0127 0492        Tcpip - ok
16:51:21.0147 0492        TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
16:51:21.0177 0492        TCPIP6 - ok
16:51:21.0216 0492        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
16:51:21.0239 0492        tcpipreg - ok
16:51:21.0278 0492        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
16:51:21.0290 0492        TDPIPE - ok
16:51:21.0323 0492        TDTCP          (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
16:51:21.0350 0492        TDTCP - ok
16:51:21.0394 0492        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
16:51:21.0424 0492        tdx - ok
16:51:21.0459 0492        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
16:51:21.0472 0492        TermDD - ok
16:51:21.0532 0492        TermService    (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
16:51:21.0584 0492        TermService - ok
16:51:21.0612 0492        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
16:51:21.0629 0492        Themes - ok
16:51:21.0654 0492        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:51:21.0680 0492        THREADORDER - ok
16:51:21.0701 0492        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
16:51:21.0728 0492        TrkWks - ok
16:51:21.0786 0492        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
16:51:21.0830 0492        TrustedInstaller - ok
16:51:21.0844 0492        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:51:21.0867 0492        tssecsrv - ok
16:51:21.0901 0492        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
16:51:21.0913 0492        TsUsbFlt - ok
16:51:21.0970 0492        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
16:51:22.0011 0492        tunnel - ok
16:51:22.0033 0492        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
16:51:22.0045 0492        uagp35 - ok
16:51:22.0089 0492        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
16:51:22.0145 0492        udfs - ok
16:51:22.0186 0492        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
16:51:22.0200 0492        UI0Detect - ok
16:51:22.0234 0492        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
16:51:22.0246 0492        uliagpkx - ok
16:51:22.0277 0492        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
16:51:22.0289 0492        umbus - ok
16:51:22.0311 0492        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
16:51:22.0324 0492        UmPass - ok
16:51:22.0363 0492        UmRdpService    (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
16:51:22.0378 0492        UmRdpService - ok
16:51:22.0408 0492        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
16:51:22.0437 0492        upnphost - ok
16:51:22.0472 0492        USBAAPL        (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
16:51:22.0482 0492        USBAAPL - ok
16:51:22.0523 0492        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
16:51:22.0535 0492        usbccgp - ok
16:51:22.0571 0492        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
16:51:22.0586 0492        usbcir - ok
16:51:22.0602 0492        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
16:51:22.0614 0492        usbehci - ok
16:51:22.0647 0492        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
16:51:22.0662 0492        usbhub - ok
16:51:22.0672 0492        usbohci        (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
16:51:22.0684 0492        usbohci - ok
16:51:22.0712 0492        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
16:51:22.0726 0492        usbprint - ok
16:51:22.0766 0492        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
16:51:22.0799 0492        usbscan - ok
16:51:22.0812 0492        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:51:22.0824 0492        USBSTOR - ok
16:51:22.0835 0492        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
16:51:22.0847 0492        usbuhci - ok
16:51:22.0871 0492        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
16:51:22.0885 0492        usbvideo - ok
16:51:22.0907 0492        UxSms          (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
16:51:22.0932 0492        UxSms - ok
16:51:22.0979 0492        VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:51:23.0009 0492        VaultSvc - ok
16:51:23.0046 0492        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
16:51:23.0058 0492        vdrvroot - ok
16:51:23.0116 0492        vds            (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
16:51:23.0161 0492        vds - ok
16:51:23.0172 0492        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
16:51:23.0186 0492        vga - ok
16:51:23.0202 0492        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
16:51:23.0227 0492        VgaSave - ok
16:51:23.0250 0492        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
16:51:23.0263 0492        vhdmp - ok
16:51:23.0292 0492        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
16:51:23.0304 0492        viaagp - ok
16:51:23.0323 0492        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
16:51:23.0335 0492        ViaC7 - ok
16:51:23.0353 0492        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
16:51:23.0364 0492        viaide - ok
16:51:23.0391 0492        vmbus          (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
16:51:23.0404 0492        vmbus - ok
16:51:23.0425 0492        VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
16:51:23.0436 0492        VMBusHID - ok
16:51:23.0453 0492        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
16:51:23.0465 0492        volmgr - ok
16:51:23.0496 0492        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
16:51:23.0511 0492        volmgrx - ok
16:51:23.0539 0492        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
16:51:23.0554 0492        volsnap - ok
16:51:23.0595 0492        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
16:51:23.0608 0492        vsmraid - ok
16:51:23.0717 0492        VSS            (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
16:51:23.0758 0492        VSS - ok
16:51:23.0773 0492        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
16:51:23.0787 0492        vwifibus - ok
16:51:23.0832 0492        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
16:51:23.0859 0492        vwififlt - ok
16:51:23.0902 0492        W32Time        (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
16:51:23.0941 0492        W32Time - ok
16:51:23.0951 0492        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
16:51:23.0963 0492        WacomPen - ok
16:51:24.0004 0492        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:51:24.0061 0492        WANARP - ok
16:51:24.0064 0492        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:51:24.0088 0492        Wanarpv6 - ok
16:51:24.0164 0492        wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
16:51:24.0189 0492        wbengine - ok
16:51:24.0213 0492        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
16:51:24.0231 0492        WbioSrvc - ok
16:51:24.0277 0492        wcncsvc        (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
16:51:24.0328 0492        wcncsvc - ok
16:51:24.0348 0492        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
16:51:24.0362 0492        WcsPlugInService - ok
16:51:24.0403 0492        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
16:51:24.0415 0492        Wd - ok
16:51:24.0460 0492        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:51:24.0495 0492        Wdf01000 - ok
16:51:24.0507 0492        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:51:24.0524 0492        WdiServiceHost - ok
16:51:24.0526 0492        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:51:24.0543 0492        WdiSystemHost - ok
16:51:24.0586 0492        WebClient      (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
16:51:24.0605 0492        WebClient - ok
16:51:24.0630 0492        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
16:51:24.0659 0492        Wecsvc - ok
16:51:24.0677 0492        wercplsupport  (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
16:51:24.0702 0492        wercplsupport - ok
16:51:24.0727 0492        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
16:51:24.0754 0492        WerSvc - ok
16:51:24.0784 0492        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
16:51:24.0809 0492        WfpLwf - ok
16:51:24.0820 0492        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
16:51:24.0832 0492        WIMMount - ok
16:51:24.0837 0492        WinHttpAutoProxySvc - ok
16:51:24.0920 0492        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
16:51:24.0957 0492        Winmgmt - ok
16:51:25.0070 0492        WinRM          (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
16:51:25.0111 0492        WinRM - ok
16:51:25.0164 0492        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
16:51:25.0178 0492        WinUsb - ok
16:51:25.0239 0492        Wlansvc        (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
16:51:25.0263 0492        Wlansvc - ok
16:51:25.0376 0492        wlcrasvc        (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:51:25.0401 0492        wlcrasvc - ok
16:51:25.0589 0492        wlidsvc        (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:51:25.0633 0492        wlidsvc - ok
16:51:25.0754 0492        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
16:51:25.0788 0492        WmiAcpi - ok
16:51:25.0860 0492        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
16:51:25.0897 0492        wmiApSrv - ok
16:51:26.0025 0492        WMPNetworkSvc  (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:51:26.0057 0492        WMPNetworkSvc - ok
16:51:26.0085 0492        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
16:51:26.0099 0492        WPCSvc - ok
16:51:26.0128 0492        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
16:51:26.0144 0492        WPDBusEnum - ok
16:51:26.0171 0492        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
16:51:26.0195 0492        ws2ifsl - ok
16:51:26.0198 0492        WSearch - ok
16:51:26.0366 0492        wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
16:51:26.0426 0492        wuauserv - ok
16:51:26.0542 0492        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
16:51:26.0577 0492        WudfPf - ok
16:51:26.0607 0492        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:51:26.0631 0492        WUDFRd - ok
16:51:26.0677 0492        wudfsvc        (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
16:51:26.0703 0492        wudfsvc - ok
16:51:26.0734 0492        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
16:51:26.0752 0492        WwanSvc - ok
16:51:26.0796 0492        yukonw7        (30b73eb97218a16cbc6de535782a1b35) C:\Windows\system32\DRIVERS\yk62x86.sys
16:51:26.0826 0492        yukonw7 - ok
16:51:26.0867 0492        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:51:27.0173 0492        \Device\Harddisk0\DR0 - ok
16:51:27.0180 0492        Boot (0x1200)  (8bb26dcaa996da5e4ee8beda2e3f3072) \Device\Harddisk0\DR0\Partition0
16:51:27.0183 0492        \Device\Harddisk0\DR0\Partition0 - ok
16:51:27.0219 0492        Boot (0x1200)  (fd13bb7b1022e18db08e31eaa176c303) \Device\Harddisk0\DR0\Partition1
16:51:27.0221 0492        \Device\Harddisk0\DR0\Partition1 - ok
16:51:27.0246 0492        Boot (0x1200)  (6c43e54634c482c6bfc2c8b870f02a61) \Device\Harddisk0\DR0\Partition2
16:51:27.0249 0492        \Device\Harddisk0\DR0\Partition2 - ok
16:51:27.0269 0492        Boot (0x1200)  (50b5fd583633c88a0c8776cea3aaf5d8) \Device\Harddisk0\DR0\Partition3
16:51:27.0272 0492        \Device\Harddisk0\DR0\Partition3 - ok
16:51:27.0273 0492        ============================================================
16:51:27.0273 0492        Scan finished
16:51:27.0273 0492        ============================================================
16:51:27.0341 0572        Detected object count: 1
16:51:27.0342 0572        Actual detected object count: 1
16:51:32.0382 0572        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
16:51:32.0382 0572        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip


cosinus 24.06.2012 16:51

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

ikos 24.06.2012 19:20

Hier die Log:

Combofix Logfile:
Code:

ComboFix 12-06-24.03 - *** 24.06.2012  20:04:06.1.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1033.18.3067.2177 [GMT 2:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Local\assembly\tmp
c:\windows\Installer\{1076b8ef-fe8b-072c-6b9f-e2fc8d0b214a}\U\00000001.@
E:\install.exe
.
Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe wurde wiederhergestellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-24 bis 2012-06-24  ))))))))))))))))))))))))))))))
.
.
2012-06-24 18:10 . 2012-06-24 18:12        --------        d-----w-        c:\users\***\AppData\Local\temp
2012-06-24 18:10 . 2012-06-24 18:10        --------        d-----w-        c:\users\postgres\AppData\Local\temp
2012-06-24 18:10 . 2012-06-24 18:10        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-06-22 11:29 . 2012-06-22 11:29        --------        d-----w-        C:\_OTL
2012-06-21 11:31 . 2012-06-21 11:31        --------        d-----w-        c:\program files\VideoLAN
2012-06-19 23:57 . 2012-06-19 23:57        --------        d-----w-        c:\program files\ESET
2012-06-19 11:10 . 2012-06-02 22:19        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-19 11:10 . 2012-06-02 22:19        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-19 11:10 . 2012-06-02 22:19        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-19 11:10 . 2012-06-02 22:12        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-19 11:09 . 2012-06-02 22:19        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-19 11:09 . 2012-06-02 22:19        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-19 11:09 . 2012-06-02 22:12        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-19 11:09 . 2012-06-02 13:19        171904        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-19 11:09 . 2012-06-02 13:12        33792        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-13 21:52 . 2012-05-15 01:05        2343936        ----a-w-        c:\windows\system32\win32k.sys
2012-06-13 21:52 . 2012-04-26 04:45        58880        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-06-13 21:52 . 2012-04-26 04:45        129536        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-06-13 21:52 . 2012-04-26 04:41        8192        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-06-13 21:52 . 2012-04-28 03:17        183808        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-06-13 21:51 . 2012-04-07 11:26        2342400        ----a-w-        c:\windows\system32\msi.dll
2012-06-13 21:51 . 2012-05-01 04:44        164352        ----a-w-        c:\windows\system32\profsvc.dll
2012-06-13 21:51 . 2012-04-24 04:36        140288        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-06-13 21:51 . 2012-04-24 04:36        1158656        ----a-w-        c:\windows\system32\crypt32.dll
2012-06-13 21:51 . 2012-04-24 04:36        103936        ----a-w-        c:\windows\system32\cryptnet.dll
2012-06-12 07:17 . 2012-06-12 07:17        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2012-06-12 07:17 . 2012-06-12 07:17        --------        d-----w-        c:\programdata\Malwarebytes
2012-06-12 07:17 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-11 22:21 . 2012-06-11 22:21        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-06-11 21:26 . 2012-06-11 22:27        --------        d-----w-        c:\programdata\Elcomsoft Password Recovery
2012-06-11 19:42 . 2000-05-16 08:40        83968        ----a-w-        c:\windows\UnGins.exe
2012-06-11 18:39 . 2012-06-11 18:40        --------        d-----w-        c:\users\***\AppData\Roaming\PWC
2012-06-11 18:26 . 2012-06-11 18:26        --------        d-----w-        c:\program files\ElcomSoft
2012-06-08 10:15 . 2012-05-08 16:40        6737808        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE197EA9-C40C-48F8-92FD-237F0DB0F1F3}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-11 22:21 . 2011-12-05 15:23        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-11 16:57 . 2012-06-11 20:52        859826        ----a-w-        C:\resultslast.zip
2012-05-16 21:24 . 2012-05-16 21:24        242240        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-11 06:01 . 2012-05-11 06:01        476960        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-05-11 06:01 . 2011-05-13 20:18        472864        ----a-w-        c:\windows\system32\deployJava1.dll
2012-03-31 04:39 . 2012-05-11 22:25        3968368        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-11 22:25        3913072        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-11 22:25        1291632        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-03-26 21:45 . 2012-03-26 21:45        37376        ----a-w-        c:\windows\system32\drivers\HssDrv.sys
2012-03-26 21:45 . 2012-03-26 21:45        32768        ----a-w-        c:\windows\system32\drivers\taphss.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-10 13797920]
"Malwarebytes' Anti-Malware"="e:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OpenVPN Connect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN Connect.lnk
backup=c:\windows\pss\OpenVPN Connect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^StarOffice 8.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StarOffice 8.lnk
backup=c:\windows\pss\StarOffice 8.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37        843712        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45        35736        ----a-w-        e:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54        91520        ----a-w-        e:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
2012-04-10 12:23        549216        ----a-w-        c:\program files\BlueStacks\HD-Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks App Player]
2012-04-10 12:23        573792        ----a-w-        c:\program files\BlueStacks\HD-Frontend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-11 09:54        3672384        ----a-w-        e:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08        1259376        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2010-06-17 19:56        370176        ----a-w-        c:\program files\FreePDF_XP\fpassist.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 15:51        421160        ----a-w-        e:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad]
2011-04-10 08:18        1733120        ----a-w-        e:\program files\KeePass Password Safe 2\KeePass.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-07-07 07:08        216064        ----a-w-        e:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02        254696        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
2008-08-07 16:18        90112        ----a-w-        e:\program files\MAGIX\Video_deluxe_17_Premium_Download-Version\Trayserver.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-16 136176]
R2 SkypeUpdate;Skype Updater;e:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 cpuz135;cpuz135;c:\users\***\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-16 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;e:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-19 26112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-16 242240]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2012-04-10 66912]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2012-04-10 385376]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544]
S2 MBAMService;MBAMService;e:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 45736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-16 17:21]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-16 17:21]
.
2012-06-24 c:\windows\Tasks\MATLAB R2012a Startup Accelerator.job
- e:\program files\MATLAB\R2012a\bin\win32\MATLABStartupAccelerator.exe [2012-04-25 02:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: An OneNote s&enden - e:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - e:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - e:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - e:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8418BF80-45C6-46B1-884E-B88612F5058E}: NameServer = 10.94.48.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4gcd6kzp.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)
MSConfigStartUp-Acrobat Assistant 8 - e:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
MSConfigStartUp-Adobe Acrobat Speed Launcher - e:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1020)
e:\program files\WinSCP\DragExt.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\PostgreSQL\8.4\bin\pg_ctl.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-24  20:15:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-24 18:15
.
Vor Suchlauf: 11.725.127.680 bytes free
Nach Suchlauf: 11.625.844.736 bytes free
.
- - End Of File - - 00F77F21BF4E964C50E416167811617E

--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:51 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19