Trojaner-Board - Aus Sicherheitsgründen wurde ihr Windows blockiert! + Combofix!

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Aus Sicherheitsgründen wurde ihr Windows blockiert! + Combofix! (https://www.trojaner-board.de/107317-sicherheitsgruenden-wurde-windows-blockiert-combofix.html)

Aus Sicherheitsgründen wurde ihr Windows blockiert! + Combofix!

Ich hab wohl leider auch den Virus bei dem der Bildschirm schwarz-durchsichtig wird und in der Mitte die der Schriftzug (s. Titel) kommt. Unten ist dann ein Button und man kann sich "freikaufen".
LEIDER hat ein Freund von mir gerade schon Combofix aufgeführt NACHDEM ich hier gelesen hatte, das man es nie tun soll ohne vorher einen Fachmann zu fragen. Er kennt sich zwar auch ein bisschen aus, habe jetzt aber trotzdem Angst.
Nun hoffe ich, ich habe meinen PC nicht völlig zerstört. Anbei die Combofix.txt und OTLs nach der Combofix Ausführung
DANKE im Voraus!!

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hey,

vielen Dank für die ausführliche Antwort.

Code:

Malwarebytes Anti-Malware (Test) 1.60.0.1800

www.malwarebytes.org
 

Datenbank Version: v2012.01.02.04
 

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

Schaka :: SCHAKA-PC [Administrator]
 

Schutz: Aktiviert
 

02.01.2012 20:29:04

mbam-log-2012-01-02 (20-29-04).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 318809

Laufzeit: 1 Stunde(n), 6 Minute(n), 41 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=bbfd7d58a35769479cc052ebf4b26a20

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-02 10:36:24

# local_time=2012-01-02 11:36:24 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7600 NT 

# compatibility_mode=1538 16774142 20 3 13236915 154091221 0 0

# compatibility_mode=5893 16776573 100 94 3773 77169322 0 0

# compatibility_mode=8192 67108863 100 0 4544 4544 0 0

# scanned=163874

# found=3

# cleaned=0

# scan_time=5673

C:\Qoobox\Quarantine\C\Users\Schaka\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe.vir        a variant of Win32/Kryptik.YHX trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Schaka\Downloads\RegistryReviverSetup.exe        a variant of Win32/RegistryReviver application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Schaka\Downloads\SoftonicDownloader_fuer_adobe-flash-player.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

Zitat:

C:\Qoobox\Quarantine\C\Users\Schaka\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe.vir

Warum hast du CF ausgeführt, wann war das und wer hat dich angewiesen?
CF ist ein sehr mächtiges Tool, das niemals ohne Anweisung ausgeführt werden sollte!
hast du das Log davon noch?

Zitat:

Datenbank Version: v2012.01.02.04

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Zitat:

C:\Users\Schaka\Downloads\RegistryReviverSetup.exe
C:\Users\Schaka\Downloads\SoftonicDownloader_fuer_adobe-flash-player.exe

Finger weg von Registry-Cleanern und auch Finger weg von Softonic!!

a) Registry:
Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.

Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

b) Softonic:
Lass die Finger von dieser Seite. Da ist immer irgendein Müll wie Toolbars oder der sinnlose Softonic Downloader drin. Warum lädst du die Software nicht von der Seite des Herstellers oder notfalls bei chip.de?

Combofix:

Code:

ComboFix 11-12-30.02 - Schaka 31.12.2011   0:29.1.2 - x86 NETWORK

Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.2038.1390 [GMT 1:00]

ausgeführt von:: c:\users\Schaka\Downloads\ComboFix.exe

AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}

SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Schaka\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-11-28 bis 2011-12-30  ))))))))))))))))))))))))))))))

.

.

2011-12-30 23:40 . 2011-12-30 23:41        --------        d-----w-        c:\users\Schaka\AppData\Local\temp

2011-12-30 23:40 . 2011-12-30 23:40        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-12-30 23:16 . 2011-12-30 23:16        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F4D4E4A-A663-4060-8BCC-318B5EE9BC14}\offreg.dll

2011-12-30 22:56 . 2011-12-30 22:56        --------        d-----w-        c:\program files\Common Files\Java

2011-12-30 20:56 . 2011-11-21 10:47        6823496        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F4D4E4A-A663-4060-8BCC-318B5EE9BC14}\mpengine.dll

2011-12-14 14:35 . 2011-11-24 04:23        2340352        ----a-w-        c:\windows\system32\win32k.sys

2011-12-14 14:35 . 2011-11-05 04:30        2048        ----a-w-        c:\windows\system32\tzres.dll

2011-12-14 14:35 . 2011-10-15 05:48        534528        ----a-w-        c:\windows\system32\EncDec.dll

2011-12-14 14:35 . 2011-10-26 04:25        38912        ----a-w-        c:\windows\system32\csrsrv.dll

2011-12-14 14:35 . 2011-10-26 04:42        3901808        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-12-14 14:35 . 2011-10-26 04:42        3957104        ----a-w-        c:\windows\system32\ntkrnlpa.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-15 10:27 . 2011-05-17 12:00        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-10 04:54 . 2010-10-21 21:41        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2011-11-09 19:03 . 2011-04-30 14:20        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]

@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"

[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]

2011-05-09 10:45        288584        ----a-w-        c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]

@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"

[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]

2011-05-09 10:45        288584        ----a-w-        c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]

"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]

"Malwarebytes' Anti-Malware (reboot)"="d:\malwarebytes' anti-malware\mbam.exe" [2010-12-20 963976]

"TrojanScanner"="d:\trojan remover\Trjscan.exe" [2010-07-05 1167296]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2011-1-12 6144]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2011-04-28 126024]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 136176]

R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]

R2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2011-08-01 143624]

R2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2011-04-28 99400]

R2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2011-04-28 111176]

R2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2011-04-28 112712]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 136176]

R3 SCR33x USB Smart Card Reader;SCR33x USB Smart Card Reader;c:\windows\system32\DRIVERS\SCR33X2K.sys [2005-08-25 45568]

R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2010-01-06 57856]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 STC2DFU;STCII DFU Adapter;c:\windows\system32\DRIVERS\Stc2Dfu.SYS [2004-10-24 7796]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-27 1343400]

S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]

2010-02-16 17:02        114688        ----a-w-        c:\program files\PixiePack Codec Pack\InstallerHelper.exe

.

Inhalt des "geplante Tasks" Ordners

.

2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 09:12]

.

2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 09:12]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://start.icq.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=

FF - user.js: yahoo.homepage.dontask - true

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKCU-Run-ICQ - c:\program files\ICQ6.5\ICQ.exe

HKCU-Run-iexploer.exe - c:\users\Schaka\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2011-12-31  00:43:26

ComboFix-quarantined-files.txt  2011-12-30 23:43

.

Vor Suchlauf: 8 Verzeichnis(se), 19.158.126.592 Bytes frei

Nach Suchlauf: 11 Verzeichnis(se), 19.053.461.504 Bytes frei

.

- - End Of File - - B7E5F88445760E3567EE2D6A33A8E2CA

Es gibt noch wesentlich ältere logs von malewarbytes, sollten die auch relevant sein kann ich sie gern noch posten. Das hier ist jetzt der erste, den ich bzgl. des genannten Problems gemacht habe. Danach kam nur noch der von oben.

Code:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org
 

Datenbank Version: 6412
 

Windows 6.1.7600

Internet Explorer 9.0.8112.16421
 

31.12.2011 16:42:34

mbam-log-2011-12-31 (16-42-33).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Durchsuchte Objekte: 300077

Laufzeit: 58 Minute(n), 6 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Danke nochmal für die Hilfe :)

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Code:

OTL logfile created on: 04.01.2012 18:10:26 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Schaka\Downloads

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 63,93% Memory free

3,98 Gb Paging File | 3,00 Gb Available in Paging File | 75,32% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69,77 Gb Total Space | 18,97 Gb Free Space | 27,19% Space Free | Partition Type: NTFS

Drive D: | 66,27 Gb Total Space | 58,38 Gb Free Space | 88,08% Space Free | Partition Type: NTFS

 

Computer Name: SCHAKA-PC | User Name: Schaka | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.12.31 01:36:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Schaka\Downloads\OTL.exe

PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011.10.17 16:03:07 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.79\GoogleCrashHandler.exe

PRC - [2011.04.28 13:01:20 | 000,439,616 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

PRC - [2011.04.28 12:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSANHost.exe

PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.11.17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2008.07.29 18:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2008.07.29 18:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.04.28 12:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)

SRV - [2010.12.21 06:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)

SRV - [2010.07.28 00:53:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2009.11.17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.08.01 12:23:23 | 000,143,624 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINAflt.sys -- (PSINAflt)

DRV - [2011.04.28 12:57:47 | 000,112,712 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINProt.sys -- (PSINProt)

DRV - [2011.04.28 12:57:21 | 000,111,176 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINProc.sys -- (PSINProc)

DRV - [2011.04.28 12:57:20 | 000,126,024 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC)

DRV - [2011.04.28 12:57:20 | 000,099,400 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINFile.sys -- (PSINFile)

DRV - [2010.01.06 23:19:00 | 000,057,856 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K)

DRV - [2009.11.17 12:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)

DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)

DRV - [2008.05.02 10:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2008.05.02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2008.05.02 10:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2008.05.02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2007.08.13 14:54:22 | 001,749,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)

DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006.11.14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2005.12.22 17:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2005.11.16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2005.08.25 16:00:00 | 000,045,568 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR33X2K.sys -- (SCR33x USB Smart Card Reader)

DRV - [2004.10.25 00:04:00 | 000,007,796 | R--- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Stc2Dfu.sys -- (STC2DFU)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2

FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.09.23 10:13:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.09 20:03:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.30 15:20:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.18 15:41:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

 

[2010.06.30 15:16:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schaka\AppData\Roaming\mozilla\Extensions

[2010.06.30 15:16:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schaka\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012.01.03 22:26:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schaka\AppData\Roaming\mozilla\Firefox\Profiles\hwy17gvr.default\extensions

[2012.01.02 21:44:42 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Schaka\AppData\Roaming\mozilla\Firefox\Profiles\hwy17gvr.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2011.03.25 14:44:48 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Schaka\AppData\Roaming\mozilla\Firefox\Profiles\hwy17gvr.default\extensions\personas@christopher.beard

[2011.12.29 16:40:38 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-1.xml

[2010.07.22 12:00:06 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-2.xml

[2010.07.25 10:42:16 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-3.xml

[2010.09.20 22:32:39 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-4.xml

[2010.10.21 07:38:00 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-5.xml

[2010.10.31 11:51:28 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-6.xml

[2010.12.12 16:46:57 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-7.xml

[2011.01.12 15:55:20 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-8.xml

[2010.07.14 18:13:21 | 000,001,069 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin.xml

[2011.12.30 23:56:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.12.30 23:56:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\SCHAKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HWY17GVR.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI

[2011.11.09 20:03:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.10.10 17:34:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.10.10 17:34:26 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.10.10 17:34:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.10.10 17:34:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.10.10 17:34:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.10.10 17:34:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: ICQ Search (Enabled)

CHR - default_search_provider: search_url = hxxp://search.icq.com/search/results.php?ch_id=osd&q={searchTerms}&icid=chrome

CHR - default_search_provider: suggest_url = 

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Schaka\AppData\Local\Google\Chrome\Application\8.0.552.224\pdf.dll

CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Schaka\AppData\Local\Google\Chrome\Application\8.0.552.224\gears.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Schaka\AppData\Local\Google\Chrome\Application\8.0.552.224\gcswf32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

 

O1 HOSTS File: ([2011.12.31 00:41:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] D:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()

O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)

O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)

O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{836B0485-EC4E-48BB-BDF3-AEBF454356E9}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 0

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe

ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: aux - wdmaud.drv (Microsoft Corporation)

Drivers32: midi - wdmaud.drv (Microsoft Corporation)

Drivers32: midimapper - midimap.dll (Microsoft Corporation)

Drivers32: mixer - wdmaud.drv (Microsoft Corporation)

Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)

Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)

Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)

Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)

Drivers32: msacm.sl_anet - sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)

Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)

Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)

Drivers32: VIDC.MP42 - mpg4c32.dll (Microsoft Corporation)

Drivers32: VIDC.MPG4 - mpg4c32.dll (Microsoft Corporation)

Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)

Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)

Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)

Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)

Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)

Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)

Drivers32: wave - wdmaud.drv (Microsoft Corporation)

Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.01.02 21:46:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.01.02 21:46:07 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Schaka\Desktop\esetsmartinstaller_enu.exe

[2012.01.02 20:25:04 | 010,847,608 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Schaka\Desktop\mbam-setup-1.60.0.1800.exe

[2012.01.01 01:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover

[2012.01.01 01:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover

[2012.01.01 01:44:27 | 000,000,000 | ---D | C] -- C:\Users\Schaka\AppData\Roaming\Simply Super Software

[2012.01.01 01:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software

[2011.12.31 00:43:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011.12.31 00:43:28 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011.12.31 00:43:28 | 000,000,000 | ---D | C] -- C:\Users\Schaka\AppData\Local\temp

[2011.12.31 00:27:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011.12.31 00:27:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011.12.31 00:27:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011.12.31 00:27:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011.12.31 00:22:10 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011.12.30 23:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010.03.01 01:35:12 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll

[2010.03.01 01:35:12 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Schaka\Desktop\*.tmp files -> C:\Users\Schaka\Desktop\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.01.04 18:14:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.01.04 18:08:14 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.01.04 18:04:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.01.04 00:45:48 | 000,015,256 | ---- | M] () -- C:\Users\Schaka\Desktop\Haushalt.ods

[2012.01.03 22:43:45 | 000,019,456 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.01.03 22:43:45 | 000,019,456 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.01.03 22:38:29 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys

[2012.01.02 21:46:11 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Schaka\Desktop\esetsmartinstaller_enu.exe

[2012.01.02 20:27:09 | 000,000,618 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.02 20:25:21 | 010,847,608 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Schaka\Desktop\mbam-setup-1.60.0.1800.exe

[2011.12.31 17:40:15 | 000,314,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.12.31 00:41:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011.12.24 13:32:31 | 000,684,954 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2011.12.24 13:32:31 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.12.24 13:32:31 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.12.24 13:32:31 | 000,127,070 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2011.12.24 13:32:31 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.12.24 13:32:31 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.12.18 23:33:38 | 000,022,062 | ---- | M] () -- C:\Users\Schaka\Desktop\6003467-mosaik-der-jungfrau-maria-in-die-kirche-der-hagia-sofia-istanbul-t-rkei.jpg

[2011.12.18 23:31:58 | 000,018,585 | ---- | M] () -- C:\Users\Schaka\Desktop\PD_Hagia_Sophia_BW_web_560.jpg

[2011.12.11 19:32:59 | 003,770,308 | ---- | M] () -- C:\Users\Schaka\Desktop\Hahn, Alois.PDF

[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.12.05 21:27:12 | 000,007,317 | ---- | M] () -- C:\Users\Schaka\Desktop\Neue Nachricht von Mar Rine!.eml

[2011.12.05 21:24:19 | 000,187,929 | ---- | M] () -- C:\Users\Schaka\Desktop\Whng.Überg.Protokoll1.jpg

[2011.12.05 21:24:19 | 000,164,551 | ---- | M] () -- C:\Users\Schaka\Desktop\Whng.Überg.Protokoll2.jpg

[2011.12.05 21:21:31 | 000,491,356 | ---- | M] () -- C:\Users\Schaka\Desktop\Flözstr. 6, Wohnungs-Übernahmeprotokoll.eml

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Schaka\Desktop\*.tmp files -> C:\Users\Schaka\Desktop\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.01.02 20:27:09 | 000,000,618 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.01 01:44:28 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll

[2012.01.01 01:44:28 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll

[2012.01.01 01:44:28 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll

[2012.01.01 01:44:28 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll

[2011.12.31 00:27:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011.12.31 00:27:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011.12.31 00:27:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011.12.31 00:27:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011.12.31 00:27:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011.12.18 23:33:38 | 000,022,062 | ---- | C] () -- C:\Users\Schaka\Desktop\6003467-mosaik-der-jungfrau-maria-in-die-kirche-der-hagia-sofia-istanbul-t-rkei.jpg

[2011.12.18 23:31:58 | 000,018,585 | ---- | C] () -- C:\Users\Schaka\Desktop\PD_Hagia_Sophia_BW_web_560.jpg

[2011.12.13 22:57:42 | 003,770,308 | ---- | C] () -- C:\Users\Schaka\Desktop\Hahn, Alois.PDF

[2011.12.10 22:20:30 | 001,206,473 | ---- | C] () -- C:\Users\Schaka\Desktop\BILD0282.JPG

[2011.12.05 21:27:12 | 000,007,317 | ---- | C] () -- C:\Users\Schaka\Desktop\Neue Nachricht von Mar Rine!.eml

[2011.12.05 21:24:18 | 000,164,551 | ---- | C] () -- C:\Users\Schaka\Desktop\Whng.Überg.Protokoll2.jpg

[2011.12.05 21:24:16 | 000,187,929 | ---- | C] () -- C:\Users\Schaka\Desktop\Whng.Überg.Protokoll1.jpg

[2011.12.05 21:21:30 | 000,491,356 | ---- | C] () -- C:\Users\Schaka\Desktop\Flözstr. 6, Wohnungs-Übernahmeprotokoll.eml

[2011.06.26 17:42:10 | 000,000,000 | ---- | C] () -- C:\Users\Schaka\AppData\Local\{E3C6840F-6AA1-4EBD-9015-702D46845B43}

[2011.04.21 15:54:47 | 000,000,264 | ---- | C] () -- C:\Windows\System32\PSUNCpl.dat

[2011.04.21 13:47:43 | 000,000,176 | ---- | C] () -- C:\ProgramData\~32562952

[2011.04.21 13:47:43 | 000,000,120 | ---- | C] () -- C:\ProgramData\~32562952r

[2011.04.21 13:47:34 | 000,000,336 | ---- | C] () -- C:\ProgramData\32562952

[2011.01.12 16:21:46 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI

[2011.01.12 16:21:45 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini

[2011.01.12 16:21:41 | 000,000,000 | ---- | C] () -- C:\Windows\NSREX.INI

[2010.06.13 13:21:41 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll

[2010.06.13 13:21:41 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe

[2010.06.13 13:21:41 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe

[2010.03.01 01:35:17 | 001,749,376 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys

[2010.03.01 01:35:17 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys

[2010.03.01 01:35:13 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys

[2010.03.01 01:35:12 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys

[2010.03.01 01:35:12 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini

[2010.03.01 01:35:12 | 000,000,131 | ---- | C] () -- C:\Windows\PidList.ini

[2009.12.11 22:35:27 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

[2009.11.25 12:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2009.11.17 12:08:34 | 000,197,424 | ---- | C] () -- C:\Windows\System32\vpnapi.dll

[2009.11.06 17:56:22 | 000,000,454 | ---- | C] () -- C:\Windows\HBCIKRNL.INI

[2009.11.01 21:29:55 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll

[2009.11.01 21:25:52 | 000,684,954 | ---- | C] () -- C:\Windows\System32\perfh00C.dat

[2009.11.01 21:25:52 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat

[2009.11.01 21:25:52 | 000,127,070 | ---- | C] () -- C:\Windows\System32\perfc00C.dat

[2009.11.01 21:25:52 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat

[2009.09.23 18:16:08 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin

[2009.07.14 09:47:43 | 000,643,866 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2009.07.14 09:47:43 | 000,126,394 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 05:33:53 | 000,314,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009.07.14 03:05:48 | 000,607,190 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009.07.14 03:05:48 | 000,103,568 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009.07.14 01:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll

[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2005.05.06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

 
 ========== LOP Check ==========

 

[2011.12.19 20:52:31 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\foobar2000

[2011.01.12 16:24:52 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Foxit Software

[2012.01.02 14:09:05 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\ICQ

[2009.11.01 21:44:09 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\IrfanView

[2009.11.14 22:08:28 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\OpenOffice.org

[2011.04.21 15:55:39 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Panda Security

[2011.04.21 14:22:48 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Reviversoft

[2012.01.01 01:44:27 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Simply Super Software

[2010.06.30 15:16:59 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Thunderbird

[2011.09.17 09:29:34 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2009.11.07 19:11:44 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Adobe

[2011.12.06 18:49:24 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\dvdcss

[2011.12.19 20:52:31 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\foobar2000

[2011.01.12 16:24:52 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Foxit Software

[2012.01.02 14:09:05 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\ICQ

[2009.11.01 19:37:56 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Identities

[2010.03.01 01:34:44 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\InstallShield

[2009.11.01 21:44:09 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\IrfanView

[2009.11.01 21:50:44 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Macromedia

[2011.04.21 16:26:28 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Malwarebytes

[2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Media Center Programs

[2011.04.21 15:39:12 | 000,000,000 | --SD | M] -- C:\Users\Schaka\AppData\Roaming\Microsoft

[2011.01.12 16:18:11 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Microsoft Web Folders

[2011.01.12 16:20:07 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\MiKTeX

[2009.11.01 21:41:24 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Mozilla

[2009.11.14 22:08:28 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\OpenOffice.org

[2011.04.21 15:55:39 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Panda Security

[2011.04.21 14:22:48 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Reviversoft

[2012.01.01 01:44:27 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Simply Super Software

[2011.12.30 23:39:46 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Skype

[2011.12.30 22:07:07 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\skypePM

[2010.06.30 15:16:59 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\Thunderbird

[2011.12.06 22:03:18 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\vlc

[2009.11.06 17:55:20 | 000,000,000 | ---D | M] -- C:\Users\Schaka\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2009.11.12 09:14:39 | 000,003,638 | R--- | M] () -- C:\Users\Schaka\AppData\Roaming\Microsoft\Installer\{E06F91DB-9DA5-41F9-9941-6B0802236A44}\_2cd672ae.exe

[2009.11.12 09:14:39 | 000,003,638 | R--- | M] () -- C:\Users\Schaka\AppData\Roaming\Microsoft\Installer\{E06F91DB-9DA5-41F9-9941-6B0802236A44}\_4ae13d6c.exe

[2010.10.02 20:06:49 | 001,288,704 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\MiKTeX\2.9\miktex\bin\miktex-taskbar-icon.exe

[2010.10.02 20:06:49 | 001,288,704 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\MiKTeX\2.9\miktex\bin\miktex-update.exe

[2010.10.02 20:06:51 | 001,288,704 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\MiKTeX\2.9\miktex\bin\miktex-update_admin.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys

[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys

[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys

[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys

[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys

[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys

[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys

[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys

[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys

[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys

[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys

[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys

[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys

[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\ERDNT\cache\user32.dll

[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll

[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe

[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe

[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 869 bytes -> C:\Users\Schaka\Desktop\Neue Nachricht von Mar Rine!.eml:OECustomProperty

@Alternate Data Stream - 1333 bytes -> C:\Users\Schaka\Desktop\Flözstr. 6, Wohnungs-Übernahmeprotokoll.eml:OECustomProperty

@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:CB0AACC9
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="

[2011.12.29 16:40:38 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-1.xml

[2010.07.22 12:00:06 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-2.xml

[2010.07.25 10:42:16 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-3.xml

[2010.09.20 22:32:39 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-4.xml

[2010.10.21 07:38:00 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-5.xml

[2010.10.31 11:51:28 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-6.xml

[2010.12.12 16:46:57 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-7.xml

[2011.01.12 15:55:20 | 000,000,950 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-8.xml

[2010.07.14 18:13:21 | 000,001,069 | ---- | M] () -- C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin.xml

CHR - default_search_provider: ICQ Search (Enabled)

CHR - default_search_provider: search_url = http://search.icq.com/search/results.php?ch_id=osd&q={searchTerms}&icid=chrome

[2011.04.21 13:47:43 | 000,000,176 | ---- | C] () -- C:\ProgramData\~32562952

[2011.04.21 13:47:43 | 000,000,120 | ---- | C] () -- C:\ProgramData\~32562952r

[2011.04.21 13:47:34 | 000,000,336 | ---- | C] () -- C:\ProgramData\32562952

@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:CB0AACC9

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code:

All processes killed

========== OTL ==========

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Prefs.js: "ICQ Search" removed from browser.search.defaultenginename

Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" removed from keyword.URL

C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-1.xml moved successfully.

C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-2.xml moved successfully.

C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-3.xml moved successfully.

C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-4.xml moved successfully.

C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-5.xml moved successfully.

C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-6.xml moved successfully.

C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-7.xml moved successfully.

C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin-8.xml moved successfully.

C:\Users\Schaka\AppData\Roaming\Mozilla\Firefox\Profiles\hwy17gvr.default\searchplugins\icqplugin.xml moved successfully.

Unable to fix default_search_provider items.

Unable to fix default_search_provider items.

C:\ProgramData\~32562952 moved successfully.

C:\ProgramData\~32562952r moved successfully.

C:\ProgramData\32562952 moved successfully.

ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: Schaka

->Temp folder emptied: 4681146 bytes

->Temporary Internet Files folder emptied: 22459987 bytes

->Java cache emptied: 1686081 bytes

->FireFox cache emptied: 221401322 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 39641 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1533469 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 900722 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 241,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 01072012_151253
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Isses jetzt weg? :S
DICKES DANKE!!!

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Code:

16:32:36.0576 2868        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

16:32:36.0719 2868        ============================================================

16:32:36.0719 2868        Current date / time: 2012/01/07 16:32:36.0719

16:32:36.0719 2868        SystemInfo:

16:32:36.0719 2868        

16:32:36.0719 2868        OS Version: 6.1.7600 ServicePack: 0.0

16:32:36.0719 2868        Product type: Workstation

16:32:36.0719 2868        ComputerName: SCHAKA-PC

16:32:36.0719 2868        UserName: Schaka

16:32:36.0719 2868        Windows directory: C:\Windows

16:32:36.0719 2868        System windows directory: C:\Windows

16:32:36.0719 2868        Processor architecture: Intel x86

16:32:36.0719 2868        Number of processors: 2

16:32:36.0719 2868        Page size: 0x1000

16:32:36.0719 2868        Boot type: Normal boot

16:32:36.0719 2868        ============================================================

16:32:38.0305 2868        Initialize success

16:34:33.0521 3856        ============================================================

16:34:33.0521 3856        Scan started

16:34:33.0521 3856        Mode: Manual; SigCheck; TDLFS; 

16:34:33.0521 3856        ============================================================

16:34:34.0969 3856        1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

16:34:35.0144 3856        1394ohci - ok

16:34:35.0201 3856        ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

16:34:35.0233 3856        ACPI - ok

16:34:35.0276 3856        AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

16:34:35.0369 3856        AcpiPmi - ok

16:34:35.0428 3856        adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

16:34:35.0465 3856        adp94xx - ok

16:34:35.0500 3856        adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

16:34:35.0534 3856        adpahci - ok

16:34:35.0575 3856        adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

16:34:35.0601 3856        adpu320 - ok

16:34:35.0690 3856        AFD             (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys

16:34:35.0770 3856        AFD - ok

16:34:35.0814 3856        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

16:34:35.0836 3856        agp440 - ok

16:34:35.0881 3856        aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

16:34:35.0903 3856        aic78xx - ok

16:34:35.0961 3856        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

16:34:35.0982 3856        aliide - ok

16:34:36.0015 3856        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

16:34:36.0037 3856        amdagp - ok

16:34:36.0063 3856        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

16:34:36.0083 3856        amdide - ok

16:34:36.0127 3856        AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

16:34:36.0174 3856        AmdK8 - ok

16:34:36.0209 3856        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

16:34:36.0270 3856        AmdPPM - ok

16:34:36.0335 3856        amdsata         (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys

16:34:36.0359 3856        amdsata - ok

16:34:36.0526 3856        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

16:34:36.0553 3856        amdsbs - ok

16:34:36.0585 3856        amdxata         (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys

16:34:36.0606 3856        amdxata - ok

16:34:36.0646 3856        AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

16:34:36.0743 3856        AppID - ok

16:34:36.0815 3856        arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

16:34:36.0838 3856        arc - ok

16:34:36.0860 3856        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

16:34:36.0884 3856        arcsas - ok

16:34:36.0929 3856        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

16:34:37.0079 3856        AsyncMac - ok

16:34:37.0102 3856        atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

16:34:37.0122 3856        atapi - ok

16:34:37.0217 3856        b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

16:34:37.0283 3856        b06bdrv - ok

16:34:37.0325 3856        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

16:34:37.0386 3856        b57nd60x - ok

16:34:37.0436 3856        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

16:34:37.0501 3856        Beep - ok

16:34:37.0550 3856        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

16:34:37.0586 3856        blbdrive - ok

16:34:37.0627 3856        bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys

16:34:37.0676 3856        bowser - ok

16:34:37.0701 3856        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

16:34:37.0743 3856        BrFiltLo - ok

16:34:37.0774 3856        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

16:34:37.0843 3856        BrFiltUp - ok

16:34:37.0897 3856        Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

16:34:37.0974 3856        Brserid - ok

16:34:38.0010 3856        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

16:34:38.0053 3856        BrSerWdm - ok

16:34:38.0085 3856        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

16:34:38.0136 3856        BrUsbMdm - ok

16:34:38.0150 3856        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

16:34:38.0192 3856        BrUsbSer - ok

16:34:38.0221 3856        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

16:34:38.0267 3856        BTHMODEM - ok

16:34:38.0441 3856        catchme - ok

16:34:38.0563 3856        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

16:34:38.0640 3856        cdfs - ok

16:34:38.0714 3856        cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

16:34:38.0756 3856        cdrom - ok

16:34:38.0816 3856        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

16:34:38.0864 3856        circlass - ok

16:34:38.0903 3856        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

16:34:38.0933 3856        CLFS - ok

16:34:38.0973 3856        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

16:34:39.0012 3856        CmBatt - ok

16:34:39.0038 3856        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

16:34:39.0058 3856        cmdide - ok

16:34:39.0098 3856        CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

16:34:39.0142 3856        CNG - ok

16:34:39.0186 3856        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

16:34:39.0207 3856        Compbatt - ok

16:34:39.0245 3856        CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

16:34:39.0292 3856        CompositeBus - ok

16:34:39.0342 3856        crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

16:34:39.0363 3856        crcdisk - ok

16:34:39.0419 3856        CSC             (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

16:34:39.0481 3856        CSC - ok

16:34:39.0537 3856        CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys

16:34:39.0591 3856        CVirtA - ok

16:34:39.0689 3856        CVPNDRVA        (c23025ac5ae45a105d63bd6e2408edd4) C:\Windows\system32\Drivers\CVPNDRVA.sys

16:34:39.0720 3856        CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning

16:34:39.0720 3856        CVPNDRVA - detected UnsignedFile.Multi.Generic (1)

16:34:39.0782 3856        DfsC            (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys

16:34:39.0855 3856        DfsC - ok

16:34:39.0893 3856        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

16:34:39.0967 3856        discache - ok

16:34:40.0015 3856        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

16:34:40.0037 3856        Disk - ok

16:34:40.0097 3856        DNE             (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys

16:34:40.0118 3856        DNE - ok

16:34:40.0175 3856        drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

16:34:40.0226 3856        drmkaud - ok

16:34:40.0295 3856        DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys

16:34:40.0359 3856        DXGKrnl - ok

16:34:40.0405 3856        E1G60           (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys

16:34:40.0447 3856        E1G60 - ok

16:34:40.0605 3856        ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

16:34:40.0787 3856        ebdrv - ok

16:34:40.0839 3856        elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

16:34:40.0878 3856        elxstor - ok

16:34:40.0910 3856        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

16:34:40.0948 3856        ErrDev - ok

16:34:40.0993 3856        exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

16:34:41.0057 3856        exfat - ok

16:34:41.0080 3856        fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

16:34:41.0149 3856        fastfat - ok

16:34:41.0184 3856        fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

16:34:41.0220 3856        fdc - ok

16:34:41.0261 3856        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

16:34:41.0283 3856        FileInfo - ok

16:34:41.0306 3856        Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

16:34:41.0390 3856        Filetrace - ok

16:34:41.0429 3856        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

16:34:41.0464 3856        flpydisk - ok

16:34:41.0500 3856        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

16:34:41.0529 3856        FltMgr - ok

16:34:41.0559 3856        FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

16:34:41.0581 3856        FsDepends - ok

16:34:41.0605 3856        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

16:34:41.0626 3856        Fs_Rec - ok

16:34:41.0682 3856        fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

16:34:41.0714 3856        fvevol - ok

16:34:41.0744 3856        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

16:34:41.0767 3856        gagp30kx - ok

16:34:41.0859 3856        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

16:34:41.0919 3856        hcw85cir - ok

16:34:41.0985 3856        HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

16:34:42.0042 3856        HdAudAddService - ok

16:34:42.0083 3856        HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

16:34:42.0131 3856        HDAudBus - ok

16:34:42.0166 3856        HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

16:34:42.0206 3856        HidBatt - ok

16:34:42.0239 3856        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

16:34:42.0282 3856        HidBth - ok

16:34:42.0321 3856        HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

16:34:42.0368 3856        HidIr - ok

16:34:42.0419 3856        HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

16:34:42.0497 3856        HidUsb - ok

16:34:42.0541 3856        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

16:34:42.0564 3856        HpSAMD - ok

16:34:42.0622 3856        HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

16:34:42.0708 3856        HTTP - ok

16:34:42.0733 3856        hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

16:34:42.0754 3856        hwpolicy - ok

16:34:42.0784 3856        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

16:34:42.0812 3856        i8042prt - ok

16:34:42.0884 3856        iaStorV         (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys

16:34:42.0917 3856        iaStorV - ok

16:34:43.0148 3856        igfx            (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys

16:34:43.0427 3856        igfx - ok

16:34:43.0518 3856        iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

16:34:43.0539 3856        iirsp - ok

16:34:43.0586 3856        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

16:34:43.0616 3856        intelide - ok

16:34:43.0665 3856        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

16:34:43.0717 3856        intelppm - ok

16:34:43.0752 3856        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:34:43.0836 3856        IpFilterDriver - ok

16:34:43.0890 3856        IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

16:34:43.0925 3856        IPMIDRV - ok

16:34:43.0950 3856        IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

16:34:44.0011 3856        IPNAT - ok

16:34:44.0048 3856        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

16:34:44.0114 3856        IRENUM - ok

16:34:44.0145 3856        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

16:34:44.0167 3856        isapnp - ok

16:34:44.0219 3856        iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

16:34:44.0271 3856        iScsiPrt - ok

16:34:44.0310 3856        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

16:34:44.0332 3856        kbdclass - ok

16:34:44.0376 3856        kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

16:34:44.0419 3856        kbdhid - ok

16:34:44.0449 3856        KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

16:34:44.0472 3856        KSecDD - ok

16:34:44.0526 3856        KSecPkg         (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

16:34:44.0552 3856        KSecPkg - ok

16:34:44.0607 3856        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

16:34:44.0665 3856        lltdio - ok

16:34:44.0717 3856        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

16:34:44.0742 3856        LSI_FC - ok

16:34:44.0774 3856        LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

16:34:44.0800 3856        LSI_SAS - ok

16:34:44.0835 3856        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

16:34:44.0858 3856        LSI_SAS2 - ok

16:34:44.0884 3856        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

16:34:44.0908 3856        LSI_SCSI - ok

16:34:44.0961 3856        luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

16:34:45.0032 3856        luafv - ok

16:34:45.0087 3856        MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

16:34:45.0174 3856        MBAMProtector - ok

16:34:45.0206 3856        megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

16:34:45.0228 3856        megasas - ok

16:34:45.0276 3856        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

16:34:45.0310 3856        MegaSR - ok

16:34:45.0341 3856        Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

16:34:45.0395 3856        Modem - ok

16:34:45.0433 3856        monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

16:34:45.0476 3856        monitor - ok

16:34:45.0521 3856        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

16:34:45.0542 3856        mouclass - ok

16:34:45.0568 3856        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

16:34:45.0593 3856        mouhid - ok

16:34:45.0618 3856        mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

16:34:45.0640 3856        mountmgr - ok

16:34:45.0674 3856        mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

16:34:45.0699 3856        mpio - ok

16:34:45.0724 3856        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

16:34:45.0896 3856        mpsdrv - ok

16:34:45.0931 3856        MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

16:34:46.0000 3856        MRxDAV - ok

16:34:46.0052 3856        mrxsmb          (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys

16:34:46.0122 3856        mrxsmb - ok

16:34:46.0174 3856        mrxsmb10        (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:34:46.0216 3856        mrxsmb10 - ok

16:34:46.0251 3856        mrxsmb20        (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:34:46.0278 3856        mrxsmb20 - ok

16:34:46.0321 3856        msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

16:34:46.0342 3856        msahci - ok

16:34:46.0379 3856        msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

16:34:46.0404 3856        msdsm - ok

16:34:46.0438 3856        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

16:34:46.0493 3856        Msfs - ok

16:34:46.0513 3856        mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

16:34:46.0595 3856        mshidkmdf - ok

16:34:46.0701 3856        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

16:34:46.0722 3856        msisadrv - ok

16:34:46.0774 3856        MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

16:34:46.0837 3856        MSKSSRV - ok

16:34:46.0862 3856        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

16:34:46.0930 3856        MSPCLOCK - ok

16:34:46.0955 3856        MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

16:34:47.0027 3856        MSPQM - ok

16:34:47.0070 3856        MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

16:34:47.0096 3856        MsRPC - ok

16:34:47.0128 3856        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

16:34:47.0148 3856        mssmbios - ok

16:34:47.0180 3856        MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

16:34:47.0241 3856        MSTEE - ok

16:34:47.0273 3856        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

16:34:47.0308 3856        MTConfig - ok

16:34:47.0340 3856        Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

16:34:47.0362 3856        Mup - ok

16:34:47.0415 3856        NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

16:34:47.0468 3856        NativeWifiP - ok

16:34:47.0539 3856        NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

16:34:47.0608 3856        NDIS - ok

16:34:47.0653 3856        NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

16:34:47.0749 3856        NdisCap - ok

16:34:47.0804 3856        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

16:34:47.0865 3856        NdisTapi - ok

16:34:47.0898 3856        Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

16:34:47.0952 3856        Ndisuio - ok

16:34:47.0980 3856        NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

16:34:48.0061 3856        NdisWan - ok

16:34:48.0096 3856        NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

16:34:48.0151 3856        NDProxy - ok

16:34:48.0194 3856        NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

16:34:48.0266 3856        NetBIOS - ok

16:34:48.0300 3856        NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

16:34:48.0365 3856        NetBT - ok

16:34:48.0567 3856        netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys

16:34:48.0810 3856        netw5v32 - ok

16:34:48.0872 3856        nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

16:34:48.0894 3856        nfrd960 - ok

16:34:48.0978 3856        nmwcd           (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\Windows\system32\drivers\ccdcmb.sys

16:34:49.0048 3856        nmwcd - ok

16:34:49.0099 3856        nmwcdc          (60ef5f5621d7832f00a3f190a0c905e2) C:\Windows\system32\drivers\ccdcmbo.sys

16:34:49.0153 3856        nmwcdc - ok

16:34:49.0200 3856        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

16:34:49.0267 3856        Npfs - ok

16:34:49.0292 3856        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

16:34:49.0357 3856        nsiproxy - ok

16:34:49.0451 3856        Ntfs            (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys

16:34:49.0539 3856        Ntfs - ok

16:34:49.0563 3856        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

16:34:49.0648 3856        Null - ok

16:34:49.0701 3856        nvraid          (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys

16:34:49.0725 3856        nvraid - ok

16:34:49.0784 3856        nvstor          (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys

16:34:49.0810 3856        nvstor - ok

16:34:49.0848 3856        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

16:34:49.0874 3856        nv_agp - ok

16:34:49.0901 3856        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

16:34:49.0940 3856        ohci1394 - ok

16:34:49.0979 3856        Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

16:34:50.0018 3856        Parport - ok

16:34:50.0051 3856        partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

16:34:50.0080 3856        partmgr - ok

16:34:50.0101 3856        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

16:34:50.0148 3856        Parvdm - ok

16:34:50.0182 3856        pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

16:34:50.0208 3856        pci - ok

16:34:50.0239 3856        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

16:34:50.0260 3856        pciide - ok

16:34:50.0297 3856        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

16:34:50.0324 3856        pcmcia - ok

16:34:50.0361 3856        pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

16:34:50.0384 3856        pcw - ok

16:34:50.0423 3856        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

16:34:50.0497 3856        PEAUTH - ok

16:34:50.0553 3856        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

16:34:50.0628 3856        PptpMiniport - ok

16:34:50.0655 3856        Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

16:34:50.0700 3856        Processor - ok

16:34:50.0759 3856        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

16:34:50.0829 3856        Psched - ok

16:34:50.0916 3856        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

16:34:51.0021 3856        ql2300 - ok

16:34:51.0050 3856        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

16:34:51.0083 3856        ql40xx - ok

16:34:51.0120 3856        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

16:34:51.0155 3856        QWAVEdrv - ok

16:34:51.0187 3856        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

16:34:51.0264 3856        RasAcd - ok

16:34:51.0390 3856        RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

16:34:51.0446 3856        RasAgileVpn - ok

16:34:51.0490 3856        Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

16:34:51.0583 3856        Rasl2tp - ok

16:34:51.0634 3856        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

16:34:51.0710 3856        RasPppoe - ok

16:34:51.0741 3856        RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

16:34:51.0804 3856        RasSstp - ok

16:34:51.0833 3856        rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

16:34:51.0917 3856        rdbss - ok

16:34:51.0948 3856        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

16:34:51.0977 3856        rdpbus - ok

16:34:52.0005 3856        RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

16:34:52.0071 3856        RDPCDD - ok

16:34:52.0099 3856        RDPDR           (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

16:34:52.0158 3856        RDPDR - ok

16:34:52.0202 3856        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

16:34:52.0260 3856        RDPENCDD - ok

16:34:52.0285 3856        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

16:34:52.0349 3856        RDPREFMP - ok

16:34:52.0390 3856        RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

16:34:52.0450 3856        RDPWD - ok

16:34:52.0501 3856        rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

16:34:52.0528 3856        rdyboost - ok

16:34:52.0585 3856        rimmptsk        (7a6648b61661b1421ffab762e391e33f) C:\Windows\system32\DRIVERS\rimmptsk.sys

16:34:52.0629 3856        rimmptsk - ok

16:34:52.0661 3856        rimsptsk        (d0a35b7670aa3558eaab483f64446496) C:\Windows\system32\DRIVERS\rimsptsk.sys

16:34:52.0700 3856        rimsptsk - ok

16:34:52.0737 3856        rismxdp         (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys

16:34:52.0778 3856        rismxdp - ok

16:34:52.0848 3856        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

16:34:52.0915 3856        rspndr - ok

16:34:52.0945 3856        s3cap           (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys

16:34:52.0998 3856        s3cap - ok

16:34:53.0054 3856        sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

16:34:53.0078 3856        sbp2port - ok

16:34:53.0117 3856        scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

16:34:53.0187 3856        scfilter - ok

16:34:53.0268 3856        SCR33x USB Smart Card Reader (b0d9345b70c12e80738d72ce794bf616) C:\Windows\system32\DRIVERS\SCR33X2K.sys

16:34:53.0278 3856        SCR33x USB Smart Card Reader ( UnsignedFile.Multi.Generic ) - warning

16:34:53.0278 3856        SCR33x USB Smart Card Reader - detected UnsignedFile.Multi.Generic (1)

16:34:53.0318 3856        SCR3XX2K        (b590c6b740a85130e88d35d007691eb4) C:\Windows\system32\DRIVERS\SCR3XX2K.sys

16:34:53.0374 3856        SCR3XX2K - ok

16:34:53.0438 3856        sdbus           (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\drivers\sdbus.sys

16:34:53.0489 3856        sdbus - ok

16:34:53.0546 3856        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

16:34:53.0616 3856        secdrv - ok

16:34:53.0675 3856        Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

16:34:53.0721 3856        Serenum - ok

16:34:53.0779 3856        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

16:34:53.0809 3856        Serial - ok

16:34:53.0836 3856        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

16:34:53.0886 3856        sermouse - ok

16:34:53.0938 3856        sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

16:34:53.0981 3856        sffdisk - ok

16:34:54.0012 3856        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

16:34:54.0048 3856        sffp_mmc - ok

16:34:54.0083 3856        sffp_sd         (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys

16:34:54.0125 3856        sffp_sd - ok

16:34:54.0165 3856        sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

16:34:54.0207 3856        sfloppy - ok

16:34:54.0263 3856        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

16:34:54.0285 3856        sisagp - ok

16:34:54.0342 3856        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

16:34:54.0364 3856        SiSRaid2 - ok

16:34:54.0395 3856        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

16:34:54.0419 3856        SiSRaid4 - ok

16:34:54.0448 3856        Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

16:34:54.0520 3856        Smb - ok

16:34:54.0654 3856        SNP2UVC         (d79fe8ff4c1a11cd650a8bbeac62be9f) C:\Windows\system32\DRIVERS\snp2uvc.sys

16:34:54.0793 3856        SNP2UVC - ok

16:34:54.0826 3856        spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

16:34:54.0847 3856        spldr - ok

16:34:54.0932 3856        srv             (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys

16:34:55.0006 3856        srv - ok

16:34:55.0070 3856        srv2            (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys

16:34:55.0137 3856        srv2 - ok

16:34:55.0192 3856        SrvHsfHDA       (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

16:34:55.0238 3856        SrvHsfHDA - ok

16:34:55.0297 3856        SrvHsfV92       (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

16:34:55.0378 3856        SrvHsfV92 - ok

16:34:55.0422 3856        SrvHsfWinac     (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

16:34:55.0480 3856        SrvHsfWinac - ok

16:34:55.0524 3856        srvnet          (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys

16:34:55.0563 3856        srvnet - ok

16:34:55.0648 3856        STC2DFU         (594898b175b8b7d2897a71227d4bbda1) C:\Windows\system32\DRIVERS\Stc2Dfu.SYS

16:34:55.0655 3856        STC2DFU ( UnsignedFile.Multi.Generic ) - warning

16:34:55.0655 3856        STC2DFU - detected UnsignedFile.Multi.Generic (1)

16:34:55.0696 3856        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

16:34:55.0718 3856        stexstor - ok

16:34:55.0765 3856        storflt         (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys

16:34:55.0787 3856        storflt - ok

16:34:55.0823 3856        storvsc         (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys

16:34:55.0844 3856        storvsc - ok

16:34:55.0873 3856        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

16:34:55.0894 3856        swenum - ok

16:34:55.0988 3856        Tcpip           (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys

16:34:56.0081 3856        Tcpip - ok

16:34:56.0156 3856        TCPIP6          (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys

16:34:56.0216 3856        TCPIP6 - ok

16:34:56.0249 3856        tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

16:34:56.0319 3856        tcpipreg - ok

16:34:56.0350 3856        TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

16:34:56.0417 3856        TDPIPE - ok

16:34:56.0443 3856        TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

16:34:56.0512 3856        TDTCP - ok

16:34:56.0543 3856        tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

16:34:56.0613 3856        tdx - ok

16:34:56.0646 3856        TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

16:34:56.0668 3856        TermDD - ok

16:34:56.0730 3856        tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

16:34:56.0797 3856        tssecsrv - ok

16:34:56.0861 3856        tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

16:34:56.0933 3856        tunnel - ok

16:34:56.0967 3856        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

16:34:56.0989 3856        uagp35 - ok

16:34:57.0024 3856        udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

16:34:57.0085 3856        udfs - ok

16:34:57.0130 3856        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

16:34:57.0153 3856        uliagpkx - ok

16:34:57.0198 3856        umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

16:34:57.0250 3856        umbus - ok

16:34:57.0274 3856        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

16:34:57.0322 3856        UmPass - ok

16:34:57.0394 3856        upperdev        (bb16932a4189e82d6c455042c11849b6) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys

16:34:57.0472 3856        upperdev - ok

16:34:57.0520 3856        usbccgp         (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys

16:34:57.0578 3856        usbccgp - ok

16:34:57.0647 3856        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

16:34:57.0678 3856        usbcir - ok

16:34:57.0717 3856        usbehci         (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys

16:34:57.0741 3856        usbehci - ok

16:34:57.0783 3856        usbhub          (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys

16:34:57.0814 3856        usbhub - ok

16:34:57.0841 3856        usbohci         (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys

16:34:57.0882 3856        usbohci - ok

16:34:57.0936 3856        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

16:34:57.0983 3856        usbprint - ok

16:34:58.0022 3856        usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

16:34:58.0076 3856        usbscan - ok

16:34:58.0150 3856        usbser          (88701eca76145e2c011c0eeff0f7b70e) C:\Windows\system32\drivers\usbser.sys

16:34:58.0190 3856        usbser - ok

16:34:58.0226 3856        UsbserFilt      (e748d50b3b2ec7f40a2ba67fb094cf01) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys

16:34:58.0284 3856        UsbserFilt - ok

16:34:58.0332 3856        USBSTOR         (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\drivers\USBSTOR.SYS

16:34:58.0385 3856        USBSTOR - ok

16:34:58.0412 3856        usbuhci         (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys

16:34:58.0454 3856        usbuhci - ok

16:34:58.0523 3856        usbvideo        (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys

16:34:58.0587 3856        usbvideo - ok

16:34:58.0641 3856        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

16:34:58.0662 3856        vdrvroot - ok

16:34:58.0700 3856        vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

16:34:58.0751 3856        vga - ok

16:34:58.0783 3856        VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

16:34:58.0837 3856        VgaSave - ok

16:34:58.0874 3856        vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

16:34:58.0900 3856        vhdmp - ok

16:34:58.0943 3856        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

16:34:58.0965 3856        viaagp - ok

16:34:58.0982 3856        ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

16:34:59.0024 3856        ViaC7 - ok

16:34:59.0058 3856        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

16:34:59.0078 3856        viaide - ok

16:34:59.0109 3856        vmbus           (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys

16:34:59.0136 3856        vmbus - ok

16:34:59.0161 3856        VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys

16:34:59.0185 3856        VMBusHID - ok

16:34:59.0221 3856        volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

16:34:59.0244 3856        volmgr - ok

16:34:59.0272 3856        volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

16:34:59.0303 3856        volmgrx - ok

16:34:59.0340 3856        volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

16:34:59.0370 3856        volsnap - ok

16:34:59.0479 3856        vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

16:34:59.0504 3856        vsmraid - ok

16:34:59.0535 3856        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

16:34:59.0582 3856        vwifibus - ok

16:34:59.0615 3856        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

16:34:59.0640 3856        WacomPen - ok

16:34:59.0693 3856        WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

16:34:59.0762 3856        WANARP - ok

16:34:59.0769 3856        Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

16:34:59.0823 3856        Wanarpv6 - ok

16:34:59.0879 3856        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

16:34:59.0899 3856        Wd - ok

16:34:59.0939 3856        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

16:34:59.0983 3856        Wdf01000 - ok

16:35:00.0042 3856        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

16:35:00.0112 3856        WfpLwf - ok

16:35:00.0143 3856        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

16:35:00.0164 3856        WIMMount - ok

16:35:00.0229 3856        winbondcir      (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys

16:35:00.0292 3856        winbondcir - ok

16:35:00.0384 3856        WinUsb          (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys

16:35:00.0413 3856        WinUsb - ok

16:35:00.0436 3856        WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

16:35:00.0477 3856        WmiAcpi - ok

16:35:00.0539 3856        ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

16:35:00.0603 3856        ws2ifsl - ok

16:35:00.0640 3856        WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

16:35:00.0712 3856        WudfPf - ok

16:35:00.0754 3856        WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

16:35:00.0826 3856        WUDFRd - ok

16:35:00.0883 3856        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

16:35:01.0063 3856        \Device\Harddisk0\DR0 - ok

16:35:01.0065 3856        Boot (0x1200)   (71b98b2431301845f5704a4e2724ac3f) \Device\Harddisk0\DR0\Partition0

16:35:01.0067 3856        \Device\Harddisk0\DR0\Partition0 - ok

16:35:01.0086 3856        Boot (0x1200)   (d909d782afcce2c00f08dd4198967ffa) \Device\Harddisk0\DR0\Partition1

16:35:01.0088 3856        \Device\Harddisk0\DR0\Partition1 - ok

16:35:01.0089 3856        ============================================================

16:35:01.0089 3856        Scan finished

16:35:01.0089 3856        ============================================================

16:35:01.0116 3624        Detected object count: 3

16:35:01.0116 3624        Actual detected object count: 3

16:35:07.0587 3624        CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user

16:35:07.0587 3624        CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:35:07.0587 3624        SCR33x USB Smart Card Reader ( UnsignedFile.Multi.Generic ) - skipped by user

16:35:07.0587 3624        SCR33x USB Smart Card Reader ( UnsignedFile.Multi.Generic ) - User select action: Skip 

16:35:07.0588 3624        STC2DFU ( UnsignedFile.Multi.Generic ) - skipped by user

16:35:07.0588 3624        STC2DFU ( UnsignedFile.Multi.Generic ) - User select action: Skip

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

GMER hat leider nicht funktioniert

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 02:29:34 on 10.01.2012
 

OS: Windows 7 Ultimate Edition (Build 7600), 32-bit

Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"catchme" (catchme) - ? - C:\Users\Schaka\AppData\Local\Temp\catchme.sys  (File not found)

"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

"SCR33x USB Smart Card Reader" (SCR33x USB Smart Card Reader) - "SCM Microsystems Inc." - C:\Windows\System32\DRIVERS\SCR33X2K.sys

"STCII DFU Adapter" (STC2DFU) - "SCM Microsystems Inc." - C:\Windows\System32\DRIVERS\Stc2Dfu.SYS

"uwdiqpow" (uwdiqpow) - "GMER" - C:\uwdiqpow.sys  (Hidden registry entry, rootkit activity)
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} "PixiePack Codec Pack 1.1.1200.0" - ? - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{C080DC3F-9095-4E4B-95E6-D67D077130E8} "IconsHandlerNano Class" - ? - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL  (File not found)

{59850401-6664-101B-B21C-00AA004BA90B} "Microsoft Office Binder Unbind" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office\1031\UNBIND.DLL

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)

{80AEF606-7FFA-4EF6-86C4-0B86FEF4E0CD} "SimpleShlExt extension" - ? -   (File not found | COM-object registry key not found)

{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - "Simply Super Software" - C:\PROGRA~1\TROJAN~1\Trshlex.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10k.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{0B4350D1-055F-47A3-B112-5F2F2B0D6F08} "ClsidExtension" - "Google Inc." - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} "Google Gears Helper" - "Google Inc." - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office\OSA9.EXE  (Shortcut exists | File exists)

"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe  (Shortcut exists | File exists)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "D:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "D:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

"PLFSetI" - ? - C:\Windows\PLFSetI.exe

"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"TrojanScanner" - "Simply Super Software" - C:\Program Files\Trojan Remover\Trjscan.exe /boot
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - D:\Malwarebytes' Anti-Malware\mbamservice.exe
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software

Run date: 2012-01-10 02:32:16

-----------------------------

02:32:16.288    OS Version: Windows 6.1.7600 

02:32:16.289    Number of processors: 2 586 0xF0D

02:32:16.294    ComputerName: SCHAKA-PC  UserName: Schaka

02:32:17.219    Initialize success

02:35:10.804    AVAST engine defs: 12010901

02:35:37.070    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4

02:35:37.075    Disk 0 Vendor: WDC_WD1600BEVS-22RST0 04.01G04 Size: 152627MB BusType: 11

02:35:37.122    Disk 0 MBR read successfully

02:35:37.127    Disk 0 MBR scan

02:35:37.152    Disk 0 Windows 7 default MBR code

02:35:37.159    Disk 0 Partition 1 00     12  Compaq diag NTFS         9993 MB offset 63

02:35:37.196    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        71448 MB offset 20467712

02:35:37.224    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        67865 MB offset 166793216

02:35:37.256    Disk 0 Partition 4 00     12  Compaq diag NTFS         3319 MB offset 305780736

02:35:37.271    Disk 0 scanning sectors +312578048

02:35:37.324    Disk 0 scanning C:\Windows\system32\drivers

02:35:49.674    Service scanning

02:35:51.453    Modules scanning

02:36:03.567    Disk 0 trace - called modules:

02:36:03.604    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 

02:36:03.617    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a48030]

02:36:03.629    3 CLASSPNP.SYS[88d8c59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x85925030]

02:36:04.545    AVAST engine scan C:\Windows

02:36:06.424    File: C:\Windows\PEV.exe  **INFECTED** Win32:Rootkit-gen [Rtk]

02:36:08.297    AVAST engine scan C:\Windows\system32

02:38:31.074    AVAST engine scan C:\Windows\system32\drivers

02:38:43.506    AVAST engine scan C:\Users\Schaka

02:45:48.640    AVAST engine scan C:\ProgramData

02:46:34.883    Scan finished successfully

08:44:46.219    Disk 0 MBR has been saved successfully to "C:\Users\Schaka\Desktop\MBR.dat"

08:44:46.232    The log file has been saved successfully to "C:\Users\Schaka\Desktop\aswMBR.txt"

Zitat:

File: C:\Windows\PEV.exe **INFECTED** Win32:Rootkit-gen [Rtk]

Ist ein Fehlalarm PEV.exe kommt von CF

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Code:

Malwarebytes Anti-Malware (Test) 1.60.0.1800

www.malwarebytes.org
 

Datenbank Version: v2012.01.08.02
 

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

Schaka :: SCHAKA-PC [Administrator]
 

Schutz: Aktiviert
 

10.01.2012 18:00:56

mbam-log-2012-01-10 (18-00-56).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 316727

Laufzeit: 1 Stunde(n), 14 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 01/10/2012 at 10:13 PM
 

Application Version : 5.0.1142
 

Core Rules Database Version : 8118

Trace Rules Database Version: 5930
 

Scan type       : Complete Scan

Total Scan Time : 00:46:44
 

Operating System Information

Windows 7 Ultimate 32-bit (Build 6.01.7600)

UAC On - Administrator
 

Memory items scanned      : 639

Memory threats detected   : 0

Registry items scanned    : 36890

Registry threats detected : 0

File items scanned        : 49895

File threats detected     : 116
 

Adware.Tracking Cookie

        C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@ad3.adfarm1.adition[1].txt [ /ad3.adfarm1.adition ]

        C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@ad4.adfarm1.adition[1].txt [ /ad4.adfarm1.adition ]

        C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@adform[2].txt [ /adform ]

        C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@ads.creative-serving[2].txt [ /ads.creative-serving ]

        C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@adxpose[1].txt [ /adxpose ]

        C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@at.atwola[1].txt [ /at.atwola ]

        C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@content.yieldmanager[1].txt [ /content.yieldmanager ]

        C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@content.yieldmanager[3].txt [ /content.yieldmanager ]

        C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@imrworldwide[2].txt [ /imrworldwide ]

        C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@invitemedia[2].txt [ /invitemedia ]

        C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@media6degrees[2].txt [ /media6degrees ]

        C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@sevenoneintermedia.112.2o7[1].txt [ /sevenoneintermedia.112.2o7 ]

        C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@tacoda[1].txt [ /tacoda ]

        C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@track.adform[1].txt [ /track.adform ]

        C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@tracking.hannoversche[1].txt [ /tracking.hannoversche ]

        C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@tracking.quisma[2].txt [ /tracking.quisma ]

        C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\schaka@xm.xtendmedia[2].txt [ /xm.xtendmedia ]

        C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\MW071CC3.txt [ /ad.yieldmanager.com ]

        C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\MUB4YLDU.txt [ /adfarm1.adition.com ]

        C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\X303RQIU.txt [ /ad2.adfarm1.adition.com ]

        C:\Users\Schaka\AppData\Roaming\Microsoft\Windows\Cookies\MBEMF6SU.txt [ /specificclick.net ]

        C:\USERS\SCHAKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\GCLVHT1O.txt [ Cookie:schaka@2o7.net/ ]

        C:\USERS\SCHAKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\45YMD9ZD.txt [ Cookie:schaka@imrworldwide.com/cgi-bin ]

        C:\USERS\SCHAKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\RQ3OS25Y.txt [ Cookie:schaka@adfarm1.adition.com/ ]

        C:\USERS\SCHAKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2NNZ3E2U.txt [ Cookie:schaka@urbia.wwe-media.de/ ]

        C:\USERS\SCHAKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\F2BLZ7WY.txt [ Cookie:schaka@ad.zanox.com/ ]

        C:\USERS\SCHAKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\D6Z5L6M2.txt [ Cookie:schaka@amazon-adsystem.com/ ]

        C:\USERS\SCHAKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\RX5X3G5H.txt [ Cookie:schaka@de.sitestat.com/is24/is24/ ]

        C:\USERS\SCHAKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\DT9HNCCB.txt [ Cookie:schaka@invitemedia.com/ ]

        C:\USERS\SCHAKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\schaka@ww251.smartadserver[2].txt [ Cookie:schaka@ww251.smartadserver.com/ ]

        C:\USERS\SCHAKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\U0I3H3QH.txt [ Cookie:schaka@zanox.com/ ]

        C:\USERS\SCHAKA\Cookies\schaka@imrworldwide[2].txt [ Cookie:schaka@imrworldwide.com/cgi-bin ]

        C:\USERS\SCHAKA\Cookies\MUB4YLDU.txt [ Cookie:schaka@adfarm1.adition.com/ ]

        C:\USERS\SCHAKA\Cookies\schaka@content.yieldmanager[3].txt [ Cookie:schaka@content.yieldmanager.com/ak/ ]

        C:\USERS\SCHAKA\Cookies\schaka@sevenoneintermedia.112.2o7[1].txt [ Cookie:schaka@sevenoneintermedia.112.2o7.net/ ]

        C:\USERS\SCHAKA\Cookies\schaka@tracking.quisma[2].txt [ Cookie:schaka@tracking.quisma.com/ ]

        C:\USERS\SCHAKA\Cookies\schaka@tracking.hannoversche[1].txt [ Cookie:schaka@tracking.hannoversche.de/ ]

        C:\USERS\SCHAKA\Cookies\schaka@adxpose[1].txt [ Cookie:schaka@adxpose.com/ ]

        C:\USERS\SCHAKA\Cookies\schaka@tacoda[1].txt [ Cookie:schaka@tacoda.net/ ]

        C:\USERS\SCHAKA\Cookies\schaka@invitemedia[2].txt [ Cookie:schaka@invitemedia.com/ ]

        C:\USERS\SCHAKA\Cookies\schaka@xm.xtendmedia[2].txt [ Cookie:schaka@xm.xtendmedia.com/ ]

        C:\USERS\SCHAKA\Cookies\schaka@ad4.adfarm1.adition[1].txt [ Cookie:schaka@ad4.adfarm1.adition.com/ ]

        C:\USERS\SCHAKA\Cookies\schaka@content.yieldmanager[1].txt [ Cookie:schaka@content.yieldmanager.com/ ]

        C:\USERS\SCHAKA\Cookies\schaka@at.atwola[1].txt [ Cookie:schaka@at.atwola.com/ ]

        C:\USERS\SCHAKA\Cookies\schaka@ad3.adfarm1.adition[1].txt [ Cookie:schaka@ad3.adfarm1.adition.com/ ]

        C:\USERS\SCHAKA\Cookies\schaka@media6degrees[2].txt [ Cookie:schaka@media6degrees.com/ ]

        a.media.abcfamily.go.com [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]

        a.media.community.abcfamily.go.com [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]

        ad.de.doubleclick.net [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]

        astatic.weborama.fr [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]

        broadcast.piximedia.fr [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]

        cdn1.eyewonder.com [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]

        ds.serving-sys.com [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]

        googleads.g.doubleclick.net [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]

        interclick.com [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]

        m.de.2mdn.net [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]

        media.jambocast.com [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]

        media.moblyng.com [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]

        media.mtvnservices.com [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]

        media.scanscout.com [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]

        pornoprinzen.com [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]

        pornotube.com [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]

        spe.atdmt.com [ D:\RAMONA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MDNCYEZR ]

        D:\RAMONA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\RAMONA@AD.71I[1].TXT [ /AD.71I ]

        .adfarm1.adition.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        rotator.adjuggler.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        rotator.adjuggler.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        adsrv.admediate.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        adsrv.admediate.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .traffictrack.de [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .traffictrack.de [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .tto2.traffictrack.de [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .zanox.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .specificclick.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .specificclick.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .specificclick.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .specificclick.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .specificclick.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .specificclick.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .specificclick.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .specificclick.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        cdn5.specificclick.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        cdn5.specificclick.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .specificclick.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .de.at.atwola.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .meet-teens.de [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .meet-teens.de [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        ad.adition.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        ad.adition.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        ad.zanox.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .meet-teens.de [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .meet-teens.de [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .msnportal.112.2o7.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .cgm.adbureau.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .cgm.adbureau.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .adbureau.net [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .tracking.mindshare.de [ D:\RAMONA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NNQIYT70.DEFAULT\COOKIES.SQLITE ]

        .ad.adnet.de [ C:\USERS\SCHAKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .ad.adnet.de [ C:\USERS\SCHAKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        eas.apm.emediate.eu [ C:\USERS\SCHAKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        eas.apm.emediate.eu [ C:\USERS\SCHAKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .eaeacom.112.2o7.net [ C:\USERS\SCHAKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .adfarm1.adition.com [ C:\USERS\SCHAKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        ad2.adfarm1.adition.com [ C:\USERS\SCHAKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .adfarm1.adition.com [ C:\USERS\SCHAKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Code:

ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=bbfd7d58a35769479cc052ebf4b26a20

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-02 10:36:24

# local_time=2012-01-02 11:36:24 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7600 NT 

# compatibility_mode=1538 16774142 20 3 13236915 154091221 0 0

# compatibility_mode=5893 16776573 100 94 3773 77169322 0 0

# compatibility_mode=8192 67108863 100 0 4544 4544 0 0

# scanned=163874

# found=3

# cleaned=0

# scan_time=5673

C:\Qoobox\Quarantine\C\Users\Schaka\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe.vir        a variant of Win32/Kryptik.YHX trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Schaka\Downloads\RegistryReviverSetup.exe        a variant of Win32/RegistryReviver application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Schaka\Downloads\SoftonicDownloader_fuer_adobe-flash-player.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=bbfd7d58a35769479cc052ebf4b26a20

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-10 11:20:15

# local_time=2012-01-11 12:20:15 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7600 NT 

# compatibility_mode=5893 16776573 100 94 36128 77862664 0 0

# compatibility_mode=8192 67108863 100 0 697886 697886 0 0

# scanned=161624

# found=5

# cleaned=0

# scan_time=6247

C:\$RECYCLE.BIN\S-1-5-21-1172789165-356147891-2993760755-1000\$RBZ1J09.exe        probably a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I

C:\Qoobox\Quarantine\C\Users\Schaka\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe.vir        a variant of Win32/Kryptik.YNE trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Schaka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\45YJ47B6\youtubedownloaderToolbar[1].msi        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Schaka\Downloads\RegistryReviverSetup.exe        a variant of Win32/RegistryReviver application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Schaka\Downloads\SoftonicDownloader_fuer_adobe-flash-player.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

Entfernen wir den letzen Müll. Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" muss mitkopiert werden!!!)

Code:

:Files

C:\$RECYCLE.BIN\S-1-5-21-1172789165-356147891-2993760755-1000

C:\Users\Schaka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5

C:\Users\Schaka\Downloads\RegistryReviverSetup.exe

C:\Users\Schaka\Downloads\SoftonicDownloader*

:Commands

[emptytemp]

[resethosts]

Code:

All processes killed

========== FILES ==========

C:\$RECYCLE.BIN\S-1-5-21-1172789165-356147891-2993760755-1000 folder moved successfully.

C:\Users\Schaka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDHJG8EF folder moved successfully.

C:\Users\Schaka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SCI3VN2Y folder moved successfully.

C:\Users\Schaka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9U4O9UEO folder moved successfully.

C:\Users\Schaka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\45YJ47B6 folder moved successfully.

C:\Users\Schaka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 folder moved successfully.

C:\Users\Schaka\Downloads\RegistryReviverSetup.exe moved successfully.

C:\Users\Schaka\Downloads\SoftonicDownloader_fuer_adobe-flash-player.exe moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: Schaka

->Temp folder emptied: 56134608 bytes

->Temporary Internet Files folder emptied: 328057 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 168107145 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 2232 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 796044 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 215,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 01112012_121614
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Gut. Rechner wieder soweit im Lot?

Ja, alles wieder perfekt! Vielen tausend Dank! Echt super was ihr hier macht!
Hast du noch einen Tipp für mich für ein gutes Antivirenprogramm? Hatte bis jetzt PandaCloud.

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.