Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" (https://www.trojaner-board.de/109452-unsicherer-zustand-otl-anwendung-50-virus.html)

ch0ka 09.02.2012 13:23
Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus"
 
Hallo liebe Mitglieder des Trojaner-Boards!

Wie vielen Personen in jüngster Vergangenheit erging es vor ein paar Minuten auch mir so, dass mich der bekannte "50€-Virus" befiel und nach dem Systemstart mein System unbrauchbar machte.

Hektisch und etwas ratlos erkundigte ich mich hier und benutzte OTL, um der Lage Herr zu werden.
In meiner Hektik achtete ich jedoch nicht darauf, dass die Kommando-Parameter im OTL für jeden User spezifisch und individuell erstellt wurden, und nahm einen der vorgefertigten Befehle.
Nachdem ich anhand dessen OTL seinen Dienst verrichten ließ (von einem anderen Konto aus), und mein System erneut startete, scheint das Problem nun behoben zu sein.
Da ich mir nun nicht sicher bin, wie es um mein System steht, befinden sich im Anhang noch ein paar Logs (OTL, Hijackthis). Falls erwünscht, können andersweitige Logs noch nachgereicht werden.

Mit freundlichen Grüßen
Dennis

cosinus 09.02.2012 16:46
Bitte KEINE Hijackthis Log mehr posten!

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

ch0ka 10.02.2012 12:46
MBAM: (Es existieren keine älteren Scans)

Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.10.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Dennis :: DENNIS-PC [Administrator]

10.02.2012 09:15:44
mbam-log-2012-02-10 (09-15-44).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 558292
Laufzeit: 1 Stunde(n), 38 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
ESET:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7ad4fc2456799d4bb809c2f9f21158a0
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-10 11:43:48
# local_time=2012-02-10 12:43:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 88340 65409665 79943 0
# compatibility_mode=5893 16776573 100 94 14444 80502694 0 0
# compatibility_mode=8192 67108863 100 0 3691 3691 0 0
# scanned=21459
# found=0
# cleaned=0
# scan_time=1384

cosinus 10.02.2012 14:25
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

ch0ka 10.02.2012 14:48
OTL

OTL Logfile:
Code:
OTL logfile created on: 10.02.2012 14:33:31 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = H:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 56,65% Memory free
7,99 Gb Paging File | 6,19 Gb Available in Paging File | 77,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,59 Gb Total Space | 16,91 Gb Free Space | 28,86% Space Free | Partition Type: NTFS
Drive E: | 97,66 Gb Total Space | 16,71 Gb Free Space | 17,11% Space Free | Partition Type: NTFS
Drive F: | 97,66 Gb Total Space | 28,21 Gb Free Space | 28,89% Space Free | Partition Type: NTFS
Drive G: | 97,66 Gb Total Space | 0,12 Gb Free Space | 0,12% Space Free | Partition Type: NTFS
Drive H: | 101,10 Gb Total Space | 25,63 Gb Free Space | 25,36% Space Free | Partition Type: NTFS
 
Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.09 12:58:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
PRC - [2011.09.02 14:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- E:\AdAware\AAWService.exe
PRC - [2011.08.15 14:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- E:\AdAware\AAWTray.exe
PRC - [2011.06.29 13:57:55 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.20 04:56:48 | 000,234,792 | ---- | M] (CyberLink Corp.) -- H:\PowerDVD\PowerDVD11\PDVD11Serv.exe
PRC - [2011.04.20 04:56:47 | 000,083,240 | ---- | M] () -- H:\PowerDVD\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011.03.31 14:37:11 | 000,312,616 | ---- | M] (CyberLink) -- H:\PowerDVD\PowerDVD11\Common\MediaServer\CLMSServer.exe
PRC - [2011.03.31 14:37:06 | 000,070,952 | ---- | M] (CyberLink) -- H:\PowerDVD\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 15:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.01.03 01:48:49 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.08.10 10:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.08.10 10:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.08.10 10:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.06.09 17:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.06.09 17:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009.05.20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.11.26 03:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.09.26 17:16:22 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- E:\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2011.09.26 17:16:16 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- E:\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011.09.02 14:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- E:\AdAware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.06.29 13:57:55 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.20 04:56:47 | 000,083,240 | ---- | M] () [Auto | Running] -- H:\PowerDVD\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011.03.31 14:37:11 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- H:\PowerDVD\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011.03.31 14:37:06 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- H:\PowerDVD\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.01.11 18:04:04 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- E:\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2011.01.03 01:48:49 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.10.25 13:18:19 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.08.10 10:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.11 13:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.06.01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.15 22:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.06.29 13:57:56 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.29 13:57:56 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.06.08 12:06:32 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2011.04.29 11:12:00 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.11 18:04:04 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011.01.11 18:04:00 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010.12.25 20:11:09 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.12.25 16:16:09 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2010.11.26 05:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.11.26 03:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.16 16:24:16 | 000,015,672 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2010.09.14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010.09.14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010.09.14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010.09.14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010.07.21 16:58:50 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010.07.12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.06.17 10:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.05.15 13:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010.05.11 11:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.01.27 04:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.12.10 12:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.10.26 16:54:22 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.08.23 10:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011.08.22 22:18:31 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- E:\AdAware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2011.04.20 04:56:48 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- H:\PowerDVD\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2011.04.12 10:16:53 | 000,148,976 | ---- | M] (CyberLink Corp.) [2012/02/09 09:44:33] [Kernel | Auto | Running] -- H:\PowerDVD\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011.01.11 18:04:04 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- E:\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.7
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.14
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: E:\DivXWebPlayer\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: E:\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: E:\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.25 16:34:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: E:\Firefox\components [2012.02.10 13:27:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: E:\Firefox\plugins [2011.10.19 18:08:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: E:\Firefox\components [2012.02.10 13:27:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: E:\Firefox\plugins [2011.10.19 18:08:41 | 000,000,000 | ---D | M]
 
[2010.12.24 19:24:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions
[2012.01.26 09:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\wef4pq6t.default\extensions
[2011.03.16 23:36:45 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\wef4pq6t.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2011.12.24 15:56:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\wef4pq6t.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.01.26 09:07:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\wef4pq6t.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.10.21 13:02:03 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\wef4pq6t.default\extensions\LogMeInClient@logmein.com
() (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WEF4PQ6T.DEFAULT\EXTENSIONS\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.XPI
() (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WEF4PQ6T.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WEF4PQ6T.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WEF4PQ6T.DEFAULT\EXTENSIONS\SECURELOGIN@BLUEIMP.NET.XPI
() (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WEF4PQ6T.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
 
Hosts file not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] E:\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [RemoteControl11] H:\PowerDVD\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] E:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\ICQ\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\ICQ\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Dennis\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Dennis\Desktop\PartyPoker.lnk File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32EBF9C2-18F3-4502-8B1D-5DC6412F6EDE}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A2E9BA4-4171-4983-B472-E525B029C54D}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{435C03AB-BF0C-4DFB-9C9D-C282B4ED729A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C19A40CF-B54E-41CD-808E-C2E68611E58C}: DhcpNameServer = 10.44.37.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DivX Download Manager - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - E:\ICQ\ICQ7.4\ICQ.exe (ICQ, LLC.)
MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: VideoWebCamera - hkey= - key= - C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - E:\AdAware\AAWService.exe (Lavasoft Limited)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - E:\AdAware\AAWService.exe (Lavasoft Limited)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.10 12:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.02.09 13:43:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.02.09 13:41:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.02.09 09:44:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 11
[2012.02.08 16:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[2012.02.08 16:35:29 | 000,015,672 | ---- | C] (InterVideo) -- C:\Windows\SysNative\drivers\regi.sys
[2012.02.07 15:32:20 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\MediaShow
[2012.02.07 15:31:29 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Documents\CyberLink
[2012.02.07 15:27:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink
[2012.02.07 15:27:02 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\MediaServer
[2012.02.07 15:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\PDVD
[2012.02.07 15:26:44 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\CyberLink
[2012.02.07 15:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012.02.07 15:13:12 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\CyberLink
[2012.02.07 15:07:03 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2012.02.02 14:32:28 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\Data
[2012.01.30 00:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2012.01.29 19:25:25 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Avira
[2012.01.29 11:24:18 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Mozilla-Cache
[2012.01.29 11:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PartyPoker
[2012.01.26 13:19:15 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\FullTiltPoker
[2012.01.26 13:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
[2012.01.19 23:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MMI PHARMINDEX
[2012.01.19 23:47:32 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Gelbe Liste Pharmindex
[2012.01.19 19:14:13 | 000,000,000 | ---D | C] -- C:\med7net
[2012.01.16 15:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PassMark
[2012.01.16 15:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyboardTest
[2012.01.12 11:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.08.13 21:33:20 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Dennis\AppData\Roaming\pcouffin.sys
[2010.10.25 13:11:10 | 000,051,712 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.10 14:22:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.10 09:22:06 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.10 09:15:22 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.10 09:15:22 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.10 09:13:23 | 001,501,272 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.10 09:13:23 | 000,653,986 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.10 09:13:23 | 000,615,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.10 09:13:23 | 000,131,652 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.10 09:13:23 | 000,107,642 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.10 09:07:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.10 09:07:17 | 3217,211,392 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.09 14:20:59 | 000,299,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.08 16:36:05 | 000,000,040 | -H-- | M] () -- C:\Windows\SysNative\ivireg.ivr
[2012.02.07 16:42:24 | 000,006,144 | ---- | M] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.07 12:22:36 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.02.07 12:22:36 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.01.30 09:33:30 | 000,001,494 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.15 16:26:47 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.01.15 16:26:47 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.01.15 16:25:33 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
 
========== Files Created - No Company Name ==========
 
[2012.02.08 16:35:58 | 000,000,040 | -H-- | C] () -- C:\Windows\SysNative\ivireg.ivr
[2011.12.20 20:50:18 | 000,000,534 | ---- | C] () -- C:\Windows\eReg.dat
[2011.09.04 16:36:28 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.09.04 16:36:28 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.08.22 21:05:21 | 000,000,008 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\Me gone wild nude JPEG.exe
[2011.08.13 21:33:20 | 000,099,384 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\inst.exe
[2011.08.13 21:33:20 | 000,007,859 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\pcouffin.cat
[2011.08.13 21:33:20 | 000,001,167 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\pcouffin.inf
[2011.06.06 19:43:06 | 000,000,343 | ---- | C] () -- C:\Windows\ATB_Prec.Ini
[2011.04.14 11:27:50 | 000,006,144 | ---- | C] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.14 11:26:09 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.02.23 13:12:57 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI
[2011.02.16 20:02:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.11 15:07:04 | 000,001,057 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\vso_ts_preview.xml
[2011.01.29 20:45:53 | 000,000,000 | ---- | C] () -- C:\Windows\LiveBilliardsDemo.INI
[2011.01.14 11:04:40 | 001,528,202 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.05 14:21:21 | 000,007,605 | ---- | C] () -- C:\Users\Dennis\AppData\Local\Resmon.ResmonCfg
[2011.01.03 01:10:37 | 000,280,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.01.03 01:10:33 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.01.03 01:10:33 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.12.24 23:39:49 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.12.24 19:24:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.10.25 13:11:10 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.10.25 13:11:10 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2010.10.25 13:11:10 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2010.10.25 13:06:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.09.17 20:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005.07.14 15:22:22 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll
[2005.07.14 15:22:21 | 000,831,488 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
 
========== LOP Check ==========
 
[2010.12.25 20:28:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Atari
[2011.06.05 02:14:07 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Babylon
[2010.12.25 21:35:47 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DAEMON Tools Lite
[2011.06.01 11:09:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\EAC
[2010.12.25 02:58:36 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Foxit Software
[2012.01.20 00:10:34 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Gelbe Liste Pharmindex
[2011.12.15 16:31:14 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\GetFoldersize
[2012.02.01 15:11:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ
[2010.12.25 20:25:39 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Leadertech
[2011.04.14 10:31:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenOffice.org
[2012.01.26 14:52:17 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\SoftGrid Client
[2012.01.09 10:50:10 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\SpeedProject
[2011.09.04 16:58:11 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Stand O'Food 3
[2011.02.23 13:09:32 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Teleca
[2011.06.18 23:38:30 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\thriXXX
[2011.01.14 11:05:54 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TP
[2011.07.06 22:41:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TrueCrypt
[2011.10.12 09:52:57 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software
[2011.08.13 21:33:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Vso
[2011.08.06 22:28:41 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\wargaming.net
[2011.05.26 21:21:10 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.06.01 12:00:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\AccurateRip
[2011.10.19 18:11:46 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Adobe
[2010.12.25 20:28:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Atari
[2010.12.24 18:50:09 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ATI
[2012.01.29 19:25:25 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Avira
[2011.06.05 02:14:07 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Babylon
[2012.02.07 15:31:56 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\CyberLink
[2010.12.25 21:35:47 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DAEMON Tools Lite
[2012.02.04 22:02:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DivX
[2011.06.01 11:09:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\EAC
[2010.12.25 02:58:36 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Foxit Software
[2012.01.20 00:10:34 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Gelbe Liste Pharmindex
[2011.12.15 16:31:14 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\GetFoldersize
[2012.02.01 15:11:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ
[2010.12.24 18:48:33 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Identities
[2010.12.25 20:25:39 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Leadertech
[2010.12.24 18:48:57 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Macromedia
[2011.08.22 22:18:59 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Malwarebytes
[2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Media Center Programs
[2012.01.19 19:13:50 | 000,000,000 | --SD | M] -- C:\Users\Dennis\AppData\Roaming\Microsoft
[2010.12.24 19:24:52 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Mozilla
[2012.01.29 11:24:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Mozilla-Cache
[2011.12.03 11:32:22 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Nero
[2011.04.14 10:31:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenOffice.org
[2011.01.03 01:34:23 | 000,000,000 | RH-D | M] -- C:\Users\Dennis\AppData\Roaming\SecuROM
[2012.01.12 12:57:42 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Skype
[2012.01.12 11:55:09 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\skypePM
[2012.01.26 14:52:17 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\SoftGrid Client
[2012.01.09 10:50:10 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\SpeedProject
[2011.09.04 16:58:11 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Stand O'Food 3
[2011.02.23 13:09:32 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Teleca
[2011.06.18 23:38:30 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\thriXXX
[2011.01.14 11:05:54 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TP
[2011.07.06 22:41:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TrueCrypt
[2011.10.12 09:52:57 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software
[2011.08.14 13:13:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\vlc
[2011.08.13 21:33:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Vso
[2011.08.06 22:28:41 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\wargaming.net
[2011.01.28 13:27:48 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Winamp
[2010.12.25 21:49:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.08.13 21:33:20 | 000,099,384 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\inst.exe
[2011.08.22 21:05:21 | 000,000,008 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Me gone wild nude JPEG.exe
[2011.08.22 21:12:43 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2012.01.30 18:33:15 | 005,185,536 | R--- | M] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\RapeLay.exe
[2012.01.30 18:33:15 | 000,028,672 | R--- | M] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\_EB52FE80E75B_486E_9850_195DAB8E8D59.exe
[2010.12.27 08:24:04 | 000,010,134 | R--- | M] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011.05.19 10:06:56 | 000,374,160 | ---- | M] (LogMeIn, Inc.) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\wef4pq6t.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardian.exe
[2011.05.16 12:31:42 | 000,070,984 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\wef4pq6t.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.07.17 20:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.07.17 20:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:BC359956

< End of report >
--- --- ---

cosinus 10.02.2012 16:38
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://packardbell.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://packardbell.msn.com
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Dennis\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Dennis\Desktop\PartyPoker.lnk File not found
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:BC359956
:Files
C:\Users\Dennis\AppData\Roaming\*.exe
C:\Users\Dennis\AppData\Roaming\Babylon
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

ch0ka 12.02.2012 10:48
Hier die OTL-Logfile nach dem Fix:

Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
E:\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
ADS C:\ProgramData\Temp:BC359956 deleted successfully.
========== FILES ==========
C:\Users\Dennis\AppData\Roaming\inst.exe moved successfully.
C:\Users\Dennis\AppData\Roaming\Me gone wild nude JPEG.exe moved successfully.
C:\Users\Dennis\AppData\Roaming\Babylon folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: cHk
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1660502 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 456 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Dennis
->Temp folder emptied: 17678844 bytes
->Temporary Internet Files folder emptied: 3921171 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 644459455 bytes
->Flash cache emptied: 4327 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 256377 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 637,00 mb
 
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 02122012_103717

Files\Folders moved on Reboot...
C:\Users\Dennis\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Dennis\AppData\Local\Temp\~PI46E4.tmp moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 12.02.2012 14:43
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

ch0ka 12.02.2012 16:53
Code:
16:53:08.0824 1160        TDSS rootkit removing tool 2.7.11.0 Feb  9 2012 10:12:57
16:53:08.0906 1160        ============================================================
16:53:08.0906 1160        Current date / time: 2012/02/12 16:53:08.0906
16:53:08.0906 1160        SystemInfo:
16:53:08.0907 1160       
16:53:08.0907 1160        OS Version: 6.1.7601 ServicePack: 1.0
16:53:08.0907 1160        Product type: Workstation
16:53:08.0907 1160        ComputerName: DENNIS-PC
16:53:08.0907 1160        UserName: Dennis
16:53:08.0907 1160        Windows directory: C:\Windows
16:53:08.0907 1160        System windows directory: C:\Windows
16:53:08.0907 1160        Running under WOW64
16:53:08.0907 1160        Processor architecture: Intel x64
16:53:08.0907 1160        Number of processors: 2
16:53:08.0907 1160        Page size: 0x1000
16:53:08.0907 1160        Boot type: Normal boot
16:53:08.0907 1160        ============================================================
16:53:10.0110 1160        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:53:10.0115 1160        \Device\Harddisk0\DR0:
16:53:10.0115 1160        MBR used
16:53:10.0115 1160        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
16:53:10.0115 1160        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x7530000
16:53:10.0136 1160        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x8F63000, BlocksNum 0xC350000
16:53:10.0155 1160        \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x152B3800, BlocksNum 0xC350000
16:53:10.0176 1160        \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x21604000, BlocksNum 0xC350000
16:53:10.0194 1160        \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x2D954800, BlocksNum 0xCA31000
16:53:10.0425 1160        Initialize success
16:53:10.0425 1160        ============================================================
16:53:14.0221 1972        ============================================================
16:53:14.0221 1972        Scan started
16:53:14.0221 1972        Mode: Manual; SigCheck; TDLFS;
16:53:14.0221 1972        ============================================================
16:53:15.0662 1972        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:53:15.0719 1972        1394ohci - ok
16:53:15.0777 1972        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:53:15.0793 1972        ACPI - ok
16:53:15.0857 1972        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:53:15.0873 1972        AcpiPmi - ok
16:53:16.0054 1972        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:53:16.0072 1972        adp94xx - ok
16:53:16.0132 1972        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:53:16.0147 1972        adpahci - ok
16:53:16.0272 1972        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:53:16.0284 1972        adpu320 - ok
16:53:16.0417 1972        AFD            (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
16:53:16.0436 1972        AFD - ok
16:53:16.0549 1972        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:53:16.0560 1972        agp440 - ok
16:53:16.0663 1972        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:53:16.0677 1972        aliide - ok
16:53:16.0816 1972        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:53:16.0825 1972        amdide - ok
16:53:16.0877 1972        amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
16:53:16.0915 1972        amdiox64 - ok
16:53:17.0027 1972        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:53:17.0041 1972        AmdK8 - ok
16:53:17.0313 1972        amdkmdag        (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
16:53:17.0481 1972        amdkmdag - ok
16:53:17.0576 1972        amdkmdap        (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
16:53:17.0616 1972        amdkmdap - ok
16:53:17.0694 1972        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:53:17.0708 1972        AmdPPM - ok
16:53:17.0765 1972        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:53:17.0776 1972        amdsata - ok
16:53:17.0828 1972        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:53:17.0845 1972        amdsbs - ok
16:53:17.0926 1972        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:53:17.0936 1972        amdxata - ok
16:53:18.0054 1972        AODDriver4.01  (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
16:53:18.0064 1972        AODDriver4.01 - ok
16:53:18.0175 1972        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:53:18.0211 1972        AppID - ok
16:53:18.0326 1972        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:53:18.0337 1972        arc - ok
16:53:18.0384 1972        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:53:18.0395 1972        arcsas - ok
16:53:18.0515 1972        ArcSec          (36661a0497d8ed2d07b82524df932ea3) C:\Windows\system32\drivers\ArcSec.sys
16:53:18.0528 1972        ArcSec - ok
16:53:18.0631 1972        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:53:18.0674 1972        AsyncMac - ok
16:53:18.0705 1972        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:53:18.0716 1972        atapi - ok
16:53:18.0851 1972        athr            (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
16:53:18.0900 1972        athr - ok
16:53:19.0034 1972        AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys
16:53:19.0044 1972        AtiHDAudioService - ok
16:53:19.0098 1972        AtiPcie        (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
16:53:19.0106 1972        AtiPcie - ok
16:53:19.0174 1972        avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
16:53:19.0183 1972        avgntflt - ok
16:53:19.0219 1972        avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
16:53:19.0229 1972        avipbb - ok
16:53:19.0317 1972        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:53:19.0336 1972        b06bdrv - ok
16:53:19.0389 1972        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:53:19.0405 1972        b57nd60a - ok
16:53:19.0511 1972        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:53:19.0549 1972        Beep - ok
16:53:19.0604 1972        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:53:19.0618 1972        blbdrive - ok
16:53:19.0664 1972        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:53:19.0677 1972        bowser - ok
16:53:19.0753 1972        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:53:19.0769 1972        BrFiltLo - ok
16:53:19.0921 1972        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:53:19.0937 1972        BrFiltUp - ok
16:53:20.0099 1972        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:53:20.0116 1972        Brserid - ok
16:53:20.0154 1972        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:53:20.0170 1972        BrSerWdm - ok
16:53:20.0249 1972        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:53:20.0268 1972        BrUsbMdm - ok
16:53:20.0280 1972        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:53:20.0294 1972        BrUsbSer - ok
16:53:20.0384 1972        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:53:20.0401 1972        BTHMODEM - ok
16:53:20.0512 1972        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:53:20.0551 1972        cdfs - ok
16:53:20.0657 1972        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:53:20.0672 1972        cdrom - ok
16:53:20.0726 1972        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:53:20.0742 1972        circlass - ok
16:53:20.0786 1972        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:53:20.0803 1972        CLFS - ok
16:53:20.0960 1972        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:53:20.0973 1972        CmBatt - ok
16:53:21.0001 1972        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:53:21.0011 1972        cmdide - ok
16:53:21.0097 1972        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:53:21.0120 1972        CNG - ok
16:53:21.0164 1972        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:53:21.0173 1972        Compbatt - ok
16:53:21.0209 1972        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:53:21.0234 1972        CompositeBus - ok
16:53:21.0344 1972        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:53:21.0354 1972        crcdisk - ok
16:53:21.0504 1972        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:53:21.0544 1972        DfsC - ok
16:53:21.0597 1972        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:53:21.0637 1972        discache - ok
16:53:21.0666 1972        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:53:21.0680 1972        Disk - ok
16:53:21.0813 1972        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:53:21.0828 1972        drmkaud - ok
16:53:21.0926 1972        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:53:21.0951 1972        DXGKrnl - ok
16:53:22.0066 1972        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:53:22.0116 1972        ebdrv - ok
16:53:22.0211 1972        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:53:22.0229 1972        elxstor - ok
16:53:22.0283 1972        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:53:22.0296 1972        ErrDev - ok
16:53:22.0379 1972        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:53:22.0419 1972        exfat - ok
16:53:22.0439 1972        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:53:22.0483 1972        fastfat - ok
16:53:22.0563 1972        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:53:22.0576 1972        fdc - ok
16:53:22.0606 1972        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:53:22.0618 1972        FileInfo - ok
16:53:22.0628 1972        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:53:22.0666 1972        Filetrace - ok
16:53:22.0752 1972        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:53:22.0768 1972        flpydisk - ok
16:53:22.0825 1972        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:53:22.0839 1972        FltMgr - ok
16:53:22.0876 1972        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:53:22.0886 1972        FsDepends - ok
16:53:22.0897 1972        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:53:22.0907 1972        Fs_Rec - ok
16:53:22.0965 1972        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:53:22.0981 1972        fvevol - ok
16:53:23.0010 1972        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:53:23.0021 1972        gagp30kx - ok
16:53:23.0146 1972        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:53:23.0163 1972        hcw85cir - ok
16:53:23.0219 1972        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:53:23.0238 1972        HdAudAddService - ok
16:53:23.0329 1972        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:53:23.0346 1972        HDAudBus - ok
16:53:23.0385 1972        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:53:23.0400 1972        HidBatt - ok
16:53:23.0419 1972        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:53:23.0437 1972        HidBth - ok
16:53:23.0458 1972        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:53:23.0476 1972        HidIr - ok
16:53:23.0578 1972        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:53:23.0592 1972        HidUsb - ok
16:53:23.0649 1972        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:53:23.0660 1972        HpSAMD - ok
16:53:23.0754 1972        HTCAND64        (cf44b25ae808765d7308f412ad492ddb) C:\Windows\system32\Drivers\ANDROIDUSB.sys
16:53:23.0767 1972        HTCAND64 - ok
16:53:23.0815 1972        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:53:23.0862 1972        HTTP - ok
16:53:23.0891 1972        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:53:23.0901 1972        hwpolicy - ok
16:53:23.0970 1972        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:53:23.0984 1972        i8042prt - ok
16:53:24.0049 1972        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:53:24.0065 1972        iaStorV - ok
16:53:24.0188 1972        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:53:24.0199 1972        iirsp - ok
16:53:24.0295 1972        IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
16:53:24.0345 1972        IntcAzAudAddService - ok
16:53:24.0376 1972        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:53:24.0386 1972        intelide - ok
16:53:24.0472 1972        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:53:24.0486 1972        intelppm - ok
16:53:24.0541 1972        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:53:24.0579 1972        IpFilterDriver - ok
16:53:24.0618 1972        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:53:24.0632 1972        IPMIDRV - ok
16:53:24.0673 1972        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:53:24.0716 1972        IPNAT - ok
16:53:24.0776 1972        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:53:24.0796 1972        IRENUM - ok
16:53:24.0841 1972        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:53:24.0851 1972        isapnp - ok
16:53:24.0903 1972        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:53:24.0917 1972        iScsiPrt - ok
16:53:24.0980 1972        k57nd60a        (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys
16:53:24.0994 1972        k57nd60a - ok
16:53:25.0060 1972        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:53:25.0070 1972        kbdclass - ok
16:53:25.0189 1972        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:53:25.0203 1972        kbdhid - ok
16:53:25.0241 1972        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:53:25.0252 1972        KSecDD - ok
16:53:25.0298 1972        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:53:25.0310 1972        KSecPkg - ok
16:53:25.0388 1972        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:53:25.0429 1972        ksthunk - ok
16:53:25.0542 1972        Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) E:\AdAware\KernExplorer64.sys
16:53:25.0551 1972        Lavasoft Kernexplorer - ok
16:53:25.0686 1972        Lbd            (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
16:53:25.0695 1972        Lbd - ok
16:53:25.0763 1972        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:53:25.0804 1972        lltdio - ok
16:53:25.0900 1972        LMIInfo        (0317335b15ff3bda8e10197e3434cfc0) E:\LogMeIn\x64\RaInfo.sys
16:53:25.0908 1972        LMIInfo - ok
16:53:26.0012 1972        lmimirr        (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
16:53:26.0021 1972        lmimirr - ok
16:53:26.0085 1972        LMIRfsClientNP - ok
16:53:26.0140 1972        LMIRfsDriver    (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
16:53:26.0149 1972        LMIRfsDriver - ok
16:53:26.0253 1972        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:53:26.0265 1972        LSI_FC - ok
16:53:26.0295 1972        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:53:26.0306 1972        LSI_SAS - ok
16:53:26.0334 1972        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:53:26.0344 1972        LSI_SAS2 - ok
16:53:26.0369 1972        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:53:26.0381 1972        LSI_SCSI - ok
16:53:26.0480 1972        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:53:26.0521 1972        luafv - ok
16:53:26.0568 1972        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:53:26.0580 1972        megasas - ok
16:53:26.0601 1972        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:53:26.0616 1972        MegaSR - ok
16:53:26.0647 1972        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:53:26.0688 1972        Modem - ok
16:53:26.0724 1972        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:53:26.0740 1972        monitor - ok
16:53:26.0786 1972        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:53:26.0796 1972        mouclass - ok
16:53:26.0845 1972        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:53:26.0858 1972        mouhid - ok
16:53:26.0918 1972        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:53:26.0929 1972        mountmgr - ok
16:53:26.0985 1972        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:53:26.0997 1972        mpio - ok
16:53:27.0022 1972        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:53:27.0063 1972        mpsdrv - ok
16:53:27.0128 1972        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:53:27.0148 1972        MRxDAV - ok
16:53:27.0185 1972        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:53:27.0200 1972        mrxsmb - ok
16:53:27.0236 1972        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:53:27.0251 1972        mrxsmb10 - ok
16:53:27.0281 1972        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:53:27.0295 1972        mrxsmb20 - ok
16:53:27.0337 1972        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:53:27.0347 1972        msahci - ok
16:53:27.0384 1972        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:53:27.0396 1972        msdsm - ok
16:53:27.0492 1972        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:53:27.0530 1972        Msfs - ok
16:53:27.0542 1972        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:53:27.0579 1972        mshidkmdf - ok
16:53:27.0608 1972        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:53:27.0618 1972        msisadrv - ok
16:53:27.0722 1972        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:53:27.0760 1972        MSKSSRV - ok
16:53:27.0793 1972        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:53:27.0830 1972        MSPCLOCK - ok
16:53:27.0884 1972        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:53:27.0923 1972        MSPQM - ok
16:53:27.0978 1972        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:53:27.0993 1972        MsRPC - ok
16:53:28.0029 1972        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:53:28.0041 1972        mssmbios - ok
16:53:28.0129 1972        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:53:28.0166 1972        MSTEE - ok
16:53:28.0180 1972        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:53:28.0194 1972        MTConfig - ok
16:53:28.0224 1972        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:53:28.0234 1972        Mup - ok
16:53:28.0296 1972        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:53:28.0317 1972        NativeWifiP - ok
16:53:28.0398 1972        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:53:28.0423 1972        NDIS - ok
16:53:28.0464 1972        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:53:28.0502 1972        NdisCap - ok
16:53:28.0587 1972        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:53:28.0626 1972        NdisTapi - ok
16:53:28.0666 1972        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:53:28.0702 1972        Ndisuio - ok
16:53:28.0735 1972        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:53:28.0773 1972        NdisWan - ok
16:53:28.0825 1972        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:53:28.0862 1972        NDProxy - ok
16:53:28.0965 1972        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:53:29.0003 1972        NetBIOS - ok
16:53:29.0042 1972        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:53:29.0082 1972        NetBT - ok
16:53:29.0190 1972        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:53:29.0200 1972        nfrd960 - ok
16:53:29.0238 1972        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:53:29.0279 1972        Npfs - ok
16:53:29.0447 1972        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:53:29.0487 1972        nsiproxy - ok
16:53:29.0579 1972        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:53:29.0616 1972        Ntfs - ok
16:53:29.0835 1972        ntk_PowerDVD12  (eaac965642ef5f818aed508cadf83e4b) E:\PowerDVD 12\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
16:53:29.0844 1972        ntk_PowerDVD12 - ok
16:53:29.0931 1972        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:53:29.0969 1972        Null - ok
16:53:30.0009 1972        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:53:30.0021 1972        nvraid - ok
16:53:30.0062 1972        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:53:30.0076 1972        nvstor - ok
16:53:30.0119 1972        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:53:30.0131 1972        nv_agp - ok
16:53:30.0167 1972        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:53:30.0182 1972        ohci1394 - ok
16:53:30.0476 1972        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:53:30.0490 1972        Parport - ok
16:53:30.0524 1972        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:53:30.0534 1972        partmgr - ok
16:53:30.0575 1972        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:53:30.0588 1972        pci - ok
16:53:30.0612 1972        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:53:30.0622 1972        pciide - ok
16:53:30.0659 1972        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:53:30.0673 1972        pcmcia - ok
16:53:30.0701 1972        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:53:30.0711 1972        pcw - ok
16:53:30.0729 1972        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:53:30.0776 1972        PEAUTH - ok
16:53:30.0872 1972        Point64        (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
16:53:30.0881 1972        Point64 - ok
16:53:30.0985 1972        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:53:31.0023 1972        PptpMiniport - ok
16:53:31.0050 1972        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:53:31.0064 1972        Processor - ok
16:53:31.0179 1972        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:53:31.0217 1972        Psched - ok
16:53:31.0248 1972        PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
16:53:31.0257 1972        PxHlpa64 - ok
16:53:31.0319 1972        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:53:31.0353 1972        ql2300 - ok
16:53:31.0375 1972        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:53:31.0387 1972        ql40xx - ok
16:53:31.0416 1972        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:53:31.0434 1972        QWAVEdrv - ok
16:53:31.0463 1972        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:53:31.0501 1972        RasAcd - ok
16:53:31.0613 1972        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:53:31.0652 1972        RasAgileVpn - ok
16:53:31.0787 1972        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:53:31.0825 1972        Rasl2tp - ok
16:53:31.0859 1972        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:53:31.0900 1972        RasPppoe - ok
16:53:31.0912 1972        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:53:31.0952 1972        RasSstp - ok
16:53:31.0996 1972        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:53:32.0037 1972        rdbss - ok
16:53:32.0065 1972        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:53:32.0081 1972        rdpbus - ok
16:53:32.0106 1972        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:53:32.0144 1972        RDPCDD - ok
16:53:32.0228 1972        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:53:32.0266 1972        RDPENCDD - ok
16:53:32.0291 1972        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:53:32.0331 1972        RDPREFMP - ok
16:53:32.0367 1972        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:53:32.0407 1972        RDPWD - ok
16:53:32.0504 1972        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:53:32.0517 1972        rdyboost - ok
16:53:32.0590 1972        regi            (84c83c7577407c4ff6ab1379ee944610) C:\Windows\system32\drivers\regi.sys
16:53:32.0600 1972        regi - ok
16:53:32.0727 1972        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:53:32.0767 1972        rspndr - ok
16:53:32.0866 1972        RSUSBSTOR      (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\system32\Drivers\RtsUStor.sys
16:53:32.0886 1972        RSUSBSTOR - ok
16:53:32.0923 1972        RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys
16:53:32.0934 1972        RTHDMIAzAudService - ok
16:53:33.0011 1972        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:53:33.0023 1972        sbp2port - ok
16:53:33.0099 1972        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:53:33.0137 1972        scfilter - ok
16:53:33.0200 1972        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:53:33.0241 1972        secdrv - ok
16:53:33.0304 1972        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:53:33.0316 1972        Serenum - ok
16:53:33.0352 1972        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:53:33.0366 1972        Serial - ok
16:53:33.0456 1972        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:53:33.0469 1972        sermouse - ok
16:53:33.0518 1972        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:53:33.0531 1972        sffdisk - ok
16:53:33.0552 1972        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:53:33.0566 1972        sffp_mmc - ok
16:53:33.0611 1972        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:53:33.0626 1972        sffp_sd - ok
16:53:33.0651 1972        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:53:33.0665 1972        sfloppy - ok
16:53:33.0792 1972        Sftfs          (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
16:53:33.0813 1972        Sftfs - ok
16:53:33.0865 1972        Sftplay        (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
16:53:33.0877 1972        Sftplay - ok
16:53:33.0906 1972        Sftredir        (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
16:53:33.0914 1972        Sftredir - ok
16:53:34.0018 1972        Sftvol          (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
16:53:34.0026 1972        Sftvol - ok
16:53:34.0141 1972        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:53:34.0152 1972        SiSRaid2 - ok
16:53:34.0194 1972        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:53:34.0206 1972        SiSRaid4 - ok
16:53:34.0256 1972        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:53:34.0307 1972        Smb - ok
16:53:34.0411 1972        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:53:34.0421 1972        spldr - ok
16:53:34.0496 1972        sptd            (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
16:53:34.0497 1972        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
16:53:34.0519 1972        sptd ( LockedFile.Multi.Generic ) - warning
16:53:34.0519 1972        sptd - detected LockedFile.Multi.Generic (1)
16:53:34.0565 1972        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:53:34.0597 1972        srv - ok
16:53:34.0672 1972        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:53:34.0692 1972        srv2 - ok
16:53:34.0732 1972        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:53:34.0748 1972        srvnet - ok
16:53:34.0895 1972        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:53:34.0905 1972        stexstor - ok
16:53:34.0953 1972        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:53:34.0963 1972        swenum - ok
16:53:35.0152 1972        SynTP          (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys
16:53:35.0166 1972        SynTP - ok
16:53:35.0253 1972        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:53:35.0298 1972        Tcpip - ok
16:53:35.0375 1972        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:53:35.0417 1972        TCPIP6 - ok
16:53:35.0498 1972        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:53:35.0536 1972        tcpipreg - ok
16:53:35.0592 1972        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:53:35.0629 1972        TDPIPE - ok
16:53:35.0648 1972        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:53:35.0687 1972        TDTCP - ok
16:53:35.0750 1972        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:53:35.0791 1972        tdx - ok
16:53:35.0826 1972        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:53:35.0836 1972        TermDD - ok
16:53:35.0949 1972        truecrypt      (ea43de1743c1ba0d2d17b8db90c91d88) C:\Windows\system32\drivers\truecrypt.sys
16:53:35.0962 1972        truecrypt - ok
16:53:36.0007 1972        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:53:36.0044 1972        tssecsrv - ok
16:53:36.0076 1972        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:53:36.0089 1972        TsUsbFlt - ok
16:53:36.0190 1972        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:53:36.0228 1972        tunnel - ok
16:53:36.0263 1972        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:53:36.0273 1972        uagp35 - ok
16:53:36.0322 1972        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:53:36.0361 1972        udfs - ok
16:53:36.0457 1972        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:53:36.0467 1972        uliagpkx - ok
16:53:36.0508 1972        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:53:36.0521 1972        umbus - ok
16:53:36.0560 1972        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:53:36.0573 1972        UmPass - ok
16:53:36.0610 1972        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:53:36.0624 1972        usbccgp - ok
16:53:36.0689 1972        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:53:36.0706 1972        usbcir - ok
16:53:36.0741 1972        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:53:36.0754 1972        usbehci - ok
16:53:36.0864 1972        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:53:36.0881 1972        usbhub - ok
16:53:36.0927 1972        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
16:53:36.0940 1972        usbohci - ok
16:53:37.0039 1972        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:53:37.0055 1972        usbprint - ok
16:53:37.0091 1972        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
16:53:37.0104 1972        USBSTOR - ok
16:53:37.0123 1972        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:53:37.0136 1972        usbuhci - ok
16:53:37.0231 1972        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:53:37.0249 1972        usbvideo - ok
16:53:37.0300 1972        usb_rndisx      (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
16:53:37.0316 1972        usb_rndisx - ok
16:53:37.0441 1972        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:53:37.0452 1972        vdrvroot - ok
16:53:37.0528 1972        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:53:37.0545 1972        vga - ok
16:53:37.0565 1972        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:53:37.0607 1972        VgaSave - ok
16:53:37.0663 1972        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:53:37.0677 1972        vhdmp - ok
16:53:37.0707 1972        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:53:37.0717 1972        viaide - ok
16:53:37.0785 1972        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:53:37.0796 1972        volmgr - ok
16:53:37.0859 1972        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:53:37.0875 1972        volmgrx - ok
16:53:37.0966 1972        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:53:37.0980 1972        volsnap - ok
16:53:38.0026 1972        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:53:38.0038 1972        vsmraid - ok
16:53:38.0059 1972        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:53:38.0075 1972        vwifibus - ok
16:53:38.0156 1972        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:53:38.0174 1972        vwififlt - ok
16:53:38.0269 1972        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:53:38.0286 1972        vwifimp - ok
16:53:38.0328 1972        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:53:38.0341 1972        WacomPen - ok
16:53:38.0435 1972        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:53:38.0472 1972        WANARP - ok
16:53:38.0491 1972        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:53:38.0529 1972        Wanarpv6 - ok
16:53:38.0601 1972        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:53:38.0612 1972        Wd - ok
16:53:38.0645 1972        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:53:38.0668 1972        Wdf01000 - ok
16:53:38.0796 1972        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:53:38.0836 1972        WfpLwf - ok
16:53:38.0858 1972        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:53:38.0868 1972        WIMMount - ok
16:53:39.0013 1972        WinUSB          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
16:53:39.0030 1972        WinUSB - ok
16:53:39.0087 1972        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:53:39.0102 1972        WmiAcpi - ok
16:53:39.0160 1972        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:53:39.0200 1972        ws2ifsl - ok
16:53:39.0297 1972        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:53:39.0335 1972        WudfPf - ok
16:53:39.0386 1972        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:53:39.0429 1972        WUDFRd - ok
16:53:39.0615 1972        {329F96B6-DF1E-4328-BFDA-39EA953C1312} (74983addca2d9618512c088d856d6615) E:\PowerDVD 12\PowerDVD12\Common\NavFilter\000.fcl
16:53:39.0626 1972        {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
16:53:39.0688 1972        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:53:39.0912 1972        \Device\Harddisk0\DR0 - ok
16:53:39.0919 1972        Boot (0x1200)  (4e3aef28cafcf33c4d429cfcec665d08) \Device\Harddisk0\DR0\Partition0
16:53:39.0920 1972        \Device\Harddisk0\DR0\Partition0 - ok
16:53:39.0936 1972        Boot (0x1200)  (f25242f33a915291ecdacca4a033b879) \Device\Harddisk0\DR0\Partition1
16:53:39.0939 1972        \Device\Harddisk0\DR0\Partition1 - ok
16:53:39.0980 1972        Boot (0x1200)  (d09cd79c54ec9eab0ae37d102cd56401) \Device\Harddisk0\DR0\Partition2
16:53:39.0982 1972        \Device\Harddisk0\DR0\Partition2 - ok
16:53:40.0000 1972        Boot (0x1200)  (f11e41c889f093fad6929d60c432bb0d) \Device\Harddisk0\DR0\Partition3
16:53:40.0002 1972        \Device\Harddisk0\DR0\Partition3 - ok
16:53:40.0021 1972        Boot (0x1200)  (9d4d2898fbe398f697f4e6bc6e83608a) \Device\Harddisk0\DR0\Partition4
16:53:40.0023 1972        \Device\Harddisk0\DR0\Partition4 - ok
16:53:40.0042 1972        Boot (0x1200)  (0d82256b5134d65ab8b52e3271cb2972) \Device\Harddisk0\DR0\Partition5
16:53:40.0044 1972        \Device\Harddisk0\DR0\Partition5 - ok
16:53:40.0044 1972        ============================================================
16:53:40.0044 1972        Scan finished
16:53:40.0045 1972        ============================================================
16:53:40.0063 4900        Detected object count: 1
16:53:40.0063 4900        Actual detected object count: 1
16:53:42.0802 4900        sptd ( LockedFile.Multi.Generic ) - skipped by user
16:53:42.0802 4900        sptd ( LockedFile.Multi.Generic ) - User select action: Skip
Seit kurzem steht im übrigen meine RAM-Auslastung durchgehend bei 95% ?!...sehr seltsam !

cosinus 12.02.2012 18:04
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

ch0ka 12.02.2012 20:18
War nach dem ComboFix schon ganz verzweifelt, als die von dir genannte Fehlermeldung erschien :crazy:

Aber hier nun der Log (welcher sich übrigens nicht unter "C:\ComboFix.txt" sondern unter "C:\ComboFix/ComboFix.txt" befand :confused:

Code:
ComboFix 12-02-12.01 - Dennis 12.02.2012  19:14:51.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4091.2616 [GMT 1:00]
ausgeführt von:: C:\Users\Dennis\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\Dennis\AppData\Roaming\vso_ts_preview.xml


(((((((((((((((((((((((  Dateien erstellt von 2012-01-12 bis 2012-02-12  ))))))))))))))))))))))))))))))


2012-02-12 18:24:58 . 2012-02-12 18:24:58        --------        d-----w-        C:\Users\Default\AppData\Local\temp
2012-02-12 18:24:58 . 2012-02-12 18:24:58        --------        d-----w-        C:\Users\cHk\AppData\Local\temp
2012-02-12 17:13:14 . 2011-05-20 12:49:22        34624        ----a-w-        C:\Windows\system32\TURegOpt.exe
2012-02-12 17:13:06 . 2011-05-20 12:43:32        25920        ----a-w-        C:\Windows\system32\authuitu.dll
2012-02-12 17:13:06 . 2011-05-20 12:43:26        36160        ----a-w-        C:\Windows\system32\uxtuneup.dll
2012-02-12 17:13:06 . 2011-05-20 12:43:18        29504        ----a-w-        C:\Windows\SysWow64\uxtuneup.dll
2012-02-12 17:13:02 . 2011-05-20 12:43:30        21312        ----a-w-        C:\Windows\SysWow64\authuitu.dll
2012-02-12 15:47:29 . 2012-02-12 15:47:29        --------        d-----w-        C:\Users\Dennis\AppData\Roaming\ArcSoft
2012-02-12 15:46:57 . 2012-02-12 15:46:58        --------        d-----w-        C:\Users\Dennis\AppData\Local\ArcSoft
2012-02-12 15:46:56 . 2012-02-12 15:46:58        --------        d-----w-        C:\ProgramData\ArcSoft
2012-02-12 15:46:56 . 2012-02-12 15:46:56        --------        d-----w-        C:\Program Files (x86)\Common Files\ArcSoft
2012-02-12 15:46:52 . 2011-11-10 10:14:14        311872        ----a-w-        C:\Windows\system32\drivers\ArcSec.sys
2012-02-12 15:46:52 . 2010-12-30 16:29:20        80448        ----a-w-        C:\Windows\system32\MMCEDT5.exe
2012-02-12 15:44:20 . 2012-02-12 15:44:20        --------        d-----w-        C:\Users\Dennis\AppData\Local\Downloaded Installations
2012-02-12 15:22:11 . 2012-02-12 15:22:11        --------        d-----w-        C:\Users\Dennis\AppData\Local\AMD
2012-02-12 15:21:28 . 2012-02-12 15:21:28        --------        d-----w-        C:\ProgramData\ATI
2012-02-12 15:13:42 . 2012-02-12 15:13:42        --------        d-----w-        C:\Program Files (x86)\AMD APP
2012-02-12 15:12:35 . 2012-02-12 15:12:35        --------        d-----w-        C:\ProgramData\AMD
2012-02-12 15:12:33 . 2010-02-18 08:18:24        46136        ----a-w-        C:\Windows\system32\drivers\amdiox64.sys
2012-02-12 09:40:45 . 2012-02-12 09:40:45        --------        d-----w-        C:\Windows\system32\%LOCALAPPDATA%
2012-02-10 11:19:13 . 2012-02-10 11:19:13        --------        d-----w-        C:\Program Files (x86)\ESET
2012-02-10 08:20:00 . 2012-01-06 05:15:20        8602168        ----a-w-        C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{73B97690-9A8A-484B-9F5A-D364843EC570}\mpengine.dll
2012-02-09 12:43:16 . 2012-02-09 12:43:16        --------        d-----w-        C:\Windows\system32\SPReview
2012-02-09 12:41:57 . 2012-02-09 12:41:58        --------        d-----w-        C:\Windows\system32\EventProviders
2012-02-09 11:55:02 . 2012-02-09 11:55:02        --------        d-----w-        C:\Users\cHk\AppData\Local\LogMeIn
2012-02-08 15:37:38 . 2012-02-08 15:39:35        --------        d-----w-        C:\ProgramData\Protexis
2012-02-08 15:35:29 . 2010-11-16 15:24:16        15672        ----a-w-        C:\Windows\system32\drivers\regi.sys
2012-02-07 14:32:20 . 2012-02-07 14:32:20        --------        d-----w-        C:\Users\Dennis\AppData\Local\MediaShow
2012-02-07 14:27:02 . 2012-02-07 14:27:02        --------        d-----w-        C:\Users\Dennis\AppData\Local\MediaServer
2012-02-07 14:26:59 . 2012-02-08 15:05:39        --------        d-----w-        C:\ProgramData\PDVD
2012-02-07 14:26:44 . 2012-02-12 16:25:31        --------        d-----w-        C:\Users\Public\CyberLink
2012-02-07 14:26:44 . 2012-02-12 16:25:31        --------        d-----w-        C:\Users\Dennis\AppData\Local\CyberLink
2012-02-07 14:13:13 . 2012-02-12 16:26:53        --------        d-----w-        C:\ProgramData\CyberLink
2012-02-07 14:13:12 . 2012-02-07 14:31:56        --------        d-----w-        C:\Users\Dennis\AppData\Roaming\CyberLink
2012-02-07 14:07:03 . 2012-02-07 14:23:05        --------        d-----w-        C:\ProgramData\install_clap
2012-01-30 17:33:15 . 2012-01-30 17:33:15        5185536        ----a-r-        C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\RapeLay.exe
2012-01-30 17:33:15 . 2012-01-30 17:33:15        28672        ----a-r-        C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\_EB52FE80E75B_486E_9850_195DAB8E8D59.exe
2012-01-29 18:25:25 . 2012-01-29 18:25:25        --------        d-----w-        C:\Users\Dennis\AppData\Roaming\Avira
2012-01-29 10:24:18 . 2012-01-29 10:24:18        --------        d-----w-        C:\Users\Dennis\AppData\Roaming\Mozilla-Cache
2012-01-26 12:19:15 . 2012-01-26 12:20:22        --------        d-----w-        C:\Users\Dennis\AppData\Local\FullTiltPoker
2012-01-19 22:47:32 . 2012-01-19 23:10:34        --------        d-----w-        C:\Users\Dennis\AppData\Roaming\Gelbe Liste Pharmindex
2012-01-19 18:14:13 . 2012-01-19 18:15:13        --------        d-----w-        C:\med7net
2012-01-19 18:13:51 . 2004-12-13 20:16:44        53248        ----a-w-        C:\Windows\SysWow64\foxtools.fll
2012-01-16 14:30:36 . 2012-01-16 14:30:36        --------        d-----w-        C:\ProgramData\PassMark
.


((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-02-09 12:59:29 . 2009-07-14 02:36:51        175616        ----a-w-        C:\Windows\system32\msclmd.dll
2012-02-09 12:59:29 . 2009-07-14 02:36:51        152576        ----a-w-        C:\Windows\SysWow64\msclmd.dll
2012-01-26 23:52:58 . 2011-02-24 15:18:26        279656        ------w-        C:\Windows\system32\MpSigStub.exe
2012-01-15 15:26:47 . 2011-01-03 00:34:46        280736        ----a-w-        C:\Windows\SysWow64\PnkBstrB.xtr
2012-01-15 15:26:47 . 2011-01-03 00:10:37        280736        ----a-w-        C:\Windows\SysWow64\PnkBstrB.exe
2012-01-15 15:25:33 . 2011-01-03 00:10:37        215128        ----a-w-        C:\Windows\SysWow64\PnkBstrB.ex0
2011-12-10 14:24:08 . 2011-08-22 21:18:46        23152        ----a-w-        C:\Windows\system32\drivers\mbam.sys
2011-12-06 03:45:40 . 2011-12-06 03:45:40        10720256        ----a-w-        C:\Windows\system32\drivers\atikmdag.sys
2011-12-06 03:18:38 . 2011-12-06 03:18:38        25371136        ----a-w-        C:\Windows\system32\atio6axx.dll
2011-12-06 03:17:50 . 2011-12-06 03:17:50        159744        ----a-w-        C:\Windows\system32\atiapfxx.exe
2011-12-06 03:17:36 . 2011-12-06 03:17:36        778752        ----a-w-        C:\Windows\SysWow64\aticfx32.dll
2011-12-06 03:16:00 . 2011-12-06 03:16:00        933888        ----a-w-        C:\Windows\system32\aticfx64.dll
2011-12-06 03:12:52 . 2011-12-06 03:12:52        466944        ----a-w-        C:\Windows\system32\ATIDEMGX.dll
2011-12-06 03:12:36 . 2011-12-06 03:12:36        494080        ----a-w-        C:\Windows\system32\atieclxx.exe
2011-12-06 03:11:56 . 2011-12-06 03:11:56        235520        ----a-w-        C:\Windows\system32\atiesrxx.exe
2011-12-06 03:10:38 . 2011-12-06 03:10:38        120320        ----a-w-        C:\Windows\system32\atitmm64.dll
2011-12-06 03:10:20 . 2011-12-06 03:10:20        423424        ----a-w-        C:\Windows\system32\atipdl64.dll
2011-12-06 03:10:12 . 2011-12-06 03:10:12        360448        ----a-w-        C:\Windows\SysWow64\atipdlxx.dll
2011-12-06 03:10:00 . 2011-12-06 03:10:00        278528        ----a-w-        C:\Windows\SysWow64\Oemdspif.dll
2011-12-06 03:09:56 . 2011-12-06 03:09:56        21504        ----a-w-        C:\Windows\system32\atimuixx.dll
2011-12-06 03:09:50 . 2011-12-06 03:09:50        59392        ----a-w-        C:\Windows\system32\atiedu64.dll
2011-12-06 03:09:44 . 2011-12-06 03:09:44        43520        ----a-w-        C:\Windows\SysWow64\ati2edxx.dll
2011-12-06 03:06:38 . 2011-12-06 03:06:38        6159872        ----a-w-        C:\Windows\SysWow64\atidxx32.dll
2011-12-06 02:56:40 . 2011-12-06 02:56:40        19125760        ----a-w-        C:\Windows\SysWow64\atioglxx.dll
2011-12-06 02:51:22 . 2011-12-06 02:51:22        7520768        ----a-w-        C:\Windows\system32\atidxx64.dll
2011-12-06 02:39:58 . 2011-12-06 02:39:58        1113088        ----a-w-        C:\Windows\system32\atiumd6v.dll
2011-12-06 02:39:24 . 2011-12-06 02:39:24        1828864        ----a-w-        C:\Windows\SysWow64\atiumdmv.dll
2011-12-06 02:39:12 . 2011-12-06 02:39:12        4072960        ----a-w-        C:\Windows\system32\atiumd6a.dll
2011-12-06 02:34:28 . 2011-12-06 02:34:28        51200        ----a-w-        C:\Windows\system32\aticalrt64.dll
2011-12-06 02:34:24 . 2011-12-06 02:34:24        46080        ----a-w-        C:\Windows\SysWow64\aticalrt.dll
2011-12-06 02:34:16 . 2011-12-06 02:34:16        44544        ----a-w-        C:\Windows\system32\aticalcl64.dll
2011-12-06 02:34:14 . 2011-12-06 02:34:14        44032        ----a-w-        C:\Windows\SysWow64\aticalcl.dll
2011-12-06 02:34:00 . 2011-12-06 02:34:00        13738496        ----a-w-        C:\Windows\system32\aticaldd64.dll
2011-12-06 02:33:36 . 2011-12-06 02:33:36        5919232        ----a-w-        C:\Windows\SysWow64\atiumdag.dll
2011-12-06 02:29:30 . 2011-12-06 02:29:30        11484672        ----a-w-        C:\Windows\SysWow64\aticaldd.dll
2011-12-06 02:28:50 . 2011-12-06 02:28:50        4206592        ----a-w-        C:\Windows\SysWow64\atiumdva.dll
2011-12-06 02:24:02 . 2011-12-06 02:24:02        7511040        ----a-w-        C:\Windows\system32\atiumd64.dll
2011-12-06 02:18:46 . 2011-12-06 02:18:46        58880        ----a-w-        C:\Windows\system32\coinst.dll
2011-12-06 02:13:02 . 2010-09-16 10:55:56        509952        ----a-w-        C:\Windows\system32\atiadlxx.dll
2011-12-06 02:12:52 . 2011-12-06 02:12:52        356352        ----a-w-        C:\Windows\SysWow64\atiadlxy.dll
2011-12-06 02:12:38 . 2011-12-06 02:12:38        17408        ----a-w-        C:\Windows\system32\atig6pxx.dll
2011-12-06 02:12:34 . 2011-12-06 02:12:34        14336        ----a-w-        C:\Windows\SysWow64\atiglpxx.dll
2011-12-06 02:12:34 . 2011-12-06 02:12:34        14336        ----a-w-        C:\Windows\system32\atiglpxx.dll
2011-12-06 02:12:30 . 2011-12-06 02:12:30        39936        ----a-w-        C:\Windows\system32\atig6txx.dll
2011-12-06 02:12:22 . 2011-12-06 02:12:22        33280        ----a-w-        C:\Windows\SysWow64\atigktxx.dll
2011-12-06 02:12:14 . 2011-12-06 02:12:14        327168        ----a-w-        C:\Windows\system32\drivers\atikmpag.sys
2011-12-06 02:11:24 . 2010-11-26 02:16:04        42496        ----a-w-        C:\Windows\system32\atiuxp64.dll
2011-12-06 02:11:16 . 2011-12-06 02:11:16        33280        ----a-w-        C:\Windows\SysWow64\atiuxpag.dll
2011-12-06 02:11:10 . 2011-12-06 02:11:10        39936        ----a-w-        C:\Windows\system32\atiu9p64.dll
2011-12-06 02:11:02 . 2011-12-06 02:11:02        29696        ----a-w-        C:\Windows\SysWow64\atiu9pag.dll
2011-12-06 02:10:48 . 2011-12-06 02:10:48        54784        ----a-w-        C:\Windows\system32\atimpc64.dll
2011-12-06 02:10:48 . 2011-12-06 02:10:48        54784        ----a-w-        C:\Windows\system32\amdpcom64.dll
2011-12-06 02:10:42 . 2011-12-06 02:10:42        53760        ----a-w-        C:\Windows\SysWow64\atimpc32.dll
2011-12-06 02:10:42 . 2011-12-06 02:10:42        53760        ----a-w-        C:\Windows\SysWow64\amdpcom32.dll
2011-12-06 02:10:24 . 2011-12-06 02:10:24        53248        ----a-w-        C:\Windows\system32\drivers\ati2erec.dll
2011-12-05 21:04:06 . 2011-12-05 21:04:06        69632        ----a-w-        C:\Windows\system32\OpenVideo64.dll
2011-12-05 21:04:00 . 2011-12-05 21:04:00        59904        ----a-w-        C:\Windows\SysWow64\OpenVideo.dll
2011-12-05 21:03:54 . 2011-12-05 21:03:54        61952        ----a-w-        C:\Windows\system32\OVDecode64.dll
2011-12-05 21:03:52 . 2011-12-05 21:03:52        54784        ----a-w-        C:\Windows\SysWow64\OVDecode.dll
2011-12-05 21:03:42 . 2011-12-05 21:03:42        17580544        ----a-w-        C:\Windows\system32\amdocl64.dll
2011-12-05 21:03:04 . 2011-12-05 21:03:04        14499328        ----a-w-        C:\Windows\SysWow64\amdocl.dll
2011-12-05 21:02:20 . 2011-12-05 21:02:20        51200        ----a-w-        C:\Windows\system32\OpenCL.dll
2011-12-05 21:02:16 . 2011-12-05 21:02:16        44032        ----a-w-        C:\Windows\SysWow64\OpenCL.dll
2011-12-05 19:47:30 . 2011-12-05 19:47:30        95248        ----a-w-        C:\Windows\system32\drivers\AtihdW76.sys
2011-11-24 04:52:09 . 2011-12-14 13:48:44        3145216        ----a-w-        C:\Windows\system32\win32k.sys
2011-11-19 14:58:00 . 2012-01-11 13:51:23        77312        ----a-w-        C:\Windows\system32\packager.dll
2011-11-19 14:01:00 . 2012-01-11 13:51:23        67072        ----a-w-        C:\Windows\SysWow64\packager.dll
2011-11-17 06:41:18 . 2012-01-11 13:51:24        1731920        ----a-w-        C:\Windows\system32\ntdll.dll
2011-11-17 05:38:39 . 2012-01-11 13:51:24        1292080        ----a-w-        C:\Windows\SysWow64\ntdll.dll
2011-11-15 16:58:56 . 2011-11-15 16:58:56        146432        ----a-w-        C:\Windows\system32\SlotMaximizerAg.dll
2011-11-15 16:58:54 . 2011-11-15 16:58:54        3507712        ----a-w-        C:\Windows\system32\SlotMaximizerBe.dll
2011-11-15 16:57:06 . 2011-11-15 16:57:06        2463744        ----a-w-        C:\Windows\SysWow64\SlotMaximizerBe.dll
2011-11-15 16:57:02 . 2011-11-15 16:57:02        122880        ----a-w-        C:\Windows\SysWow64\SlotMaximizerAg.dll
2006-05-03 09:06:54        163328        --sha-r-        C:\Windows\SysWOW64\flvDX.dll
2007-02-21 10:47:16        31232        --sha-r-        C:\Windows\SysWOW64\msfDX.dll
2008-03-16 12:30:52        216064        --sha-r-        C:\Windows\SysWOW64\nbDX.dll

cosinus 12.02.2012 20:50
Log ist leider unvollständig :(

ch0ka 12.02.2012 20:53
Mehr ist in der Datei leider nicht zu finden...
Soll ich ComboFix noch einmal neu durchlaufen lassen, oder hätte dies negative Auswirkungen ?

cosinus 13.02.2012 10:13
Ich brauch den Quarantäneordner von Combofix. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner Quarantine in C:\Qoobox in eine Datei zippen
3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

ch0ka 13.02.2012 17:54
Erfolgreich hochgeladen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:11 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131