Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.12.2011, 04:32   #1
Bexod
 
Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM) - Standard

Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM)



Hallo und guten Abend,

man versucht's zwar immer wieder alleine zu lösen und landet dann doch wieder hier.
Der Titel des Themas ist gerade nicht so aussagekräftig. Ich habe dabei aber mehr an andere Suchende gedacht. Das sind so die Informationen, die ich bis jetzt im Zusammenhang mit meinem Fall erkennen konnte.

Einleitung: Ich hatte in den Wochen vor Weihnachten einige Abstürze von Skype. Allerdings ohne erkennbares Muster oder schwerwiegende Konsequenzen. Auch der IE stürzte ab und zu ab, da aber selten genutzt, kann ich keine Angabe zur Häufigkeit machen.
Dann nun seit Montag stürzte auch der Firefox relativ häufig, aber nicht schwerwiegend ab. Manchmal eine Weile nichts, daher ebenfalls kein erkennbares Muster.
Nun meldete sich heute oder gestern Microsoft Security Essentials (das zuständige Virenprogramm) mit der Entdeckung und Entfernung von Trojanern, die mit Trojan:Win32/Bafi.A einmal auch .B angegeben sind. Ein vollständiger Scan brachte ein paar mehr Funde desselben Trojaners zu Tage. Alle nach dem Muster AppData/Roaming/[vierstellige Zahl]/components/AcroFF*****.dll.
Daraufhin ließ ich im FF den Panda ActiveScan2.0 laufen, der allerdings nicht beendet werden konnte, da Firefox abstürzte. (also kein Log)

Weitere Schritte in Kurzfassung:
- Cookies im FF komplett gelöscht
- neuste FF-Version installiert
- CCleaner alles säubern lassen
- Spamfighter gedownloadet und 10-12 Trojaner entfernen lassen (leider kein Log)

Dann habe ich mich endlich an Vorgaben hier aus dem Forum gehalten und Malewarebytes' Anti-Malware installiert und scannen lassen.
Wie empfohlen wurde dann gleich gesäubert:
Code:
ATTFilter
Datenbank Version: v2011.12.28.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bianco :: VICKY [Administrator]

Schutz: Aktiviert

28.12.2011 22:21:41
mbam-log-2011-12-28 (22-21-41).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 176323
Laufzeit: 2 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 7
HKCR\CLSID\{EFF39A40-C163-4d5d-B073-52FBB55C646A} (Trojan.Passwords) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFF39A40-C163-4D5D-B073-52FBB55C646A} (Trojan.Passwords) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EFF39A40-C163-4D5D-B073-52FBB55C646A} (Trojan.Passwords) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EFF39A40-C163-4D5D-B073-52FBB55C646A} (Trojan.Passwords) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\Bianco\AppData\Roaming\appconf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Bianco\AppData\Roaming\AcroIEHelpe068.dll (Trojan.Passwords) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Bianco\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Löschen bei Neustart.

(Ende)
         
Nun ja, da kam ja dann doch schon einiges zusammen, seh ich gerade. Ziemlich hässlichklingende Sachen sogar...

Nach dem Neustart gab dann MSE das erste Mal keine Warnungen mehr raus, was mich ja hoffen ließ. Auch ein weiterer vollständiger Scan mit MBAM machte Hoffnung:
Code:
ATTFilter
Datenbank Version: v2011.12.28.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bianco :: VICKY [Administrator]

Schutz: Aktiviert

28.12.2011 23:28:59
mbam-log-2011-12-28 (23-28-59).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 419969
Laufzeit: 1 Stunde(n), 5 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Allerdings fanden sich immer noch genug AcroFF-Dateien an den Ursprungsorten, also erneut den Panda ActiveScan2.0 gestartet, der leider folgendes vermeldete:
Code:
ATTFilter
;***********************************************************************************************************************************************************************************
ANALYSIS: 2011-12-29 02:32:56
PROTECTIONS: 1
MALWARE: 13
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description                                  Version                       Active    Updated
;===================================================================================================================================================================================
Microsoft Security Essentials                                              Yes       Yes
;===================================================================================================================================================================================
MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
;===================================================================================================================================================================================
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           c:\users\bianco\appdata\roaming\microsoft\windows\cookies\vr8x7ae9.txt
00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           c:\users\bianco\appdata\roaming\microsoft\windows\cookies\rmulbb68.txt
03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            No           c:\users\bianco\appdata\roaming\5060\components\acroff0606.dll
03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            No           c:\users\bianco\appdata\roaming\5062\components\acroff0620.dll
03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            No           c:\users\bianco\appdata\roaming\5064\components\acroff064.dll
09193703  Exploit/CVE-2010-0840              SecRisk             No        0         Yes            No           c:\users\bianco\appdata\locallow\sun\java\deployment\cache\6.0\62\6f9d807e-37a56584[support/attachment.class]
09193705  Exploit/CVE-2010-0840              SecRisk             No        0         Yes            No           c:\users\bianco\appdata\locallow\sun\java\deployment\cache\6.0\62\6f9d807e-37a56584[support/cid.class]
09612215  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\users\bianco\appdata\roaming\5052\components\acroff0528.dll
09659561  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\users\bianco\appdata\roaming\5052\components\acroff0526.dll
09661052  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\users\bianco\appdata\roaming\5060\components\acroff0605.dll
09666169  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\users\bianco\appdata\roaming\5064\components\acroff0648.dll
09666286  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\users\bianco\appdata\roaming\5064\components\acroff0645.dll
09666287  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\users\bianco\appdata\roaming\5064\components\acroff0646.dll
09666291  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\users\bianco\appdata\roaming\5061\components\acroff0617.dll
09666291  Generic Trojan                     Virus/Trojan        No        0         Yes            No           c:\users\bianco\appdata\roaming\5064\components\acroff0647.dll
09678068  Generic Malware                    Virus/Trojan        No        0         Yes            No           c:\users\bianco\appdata\roaming\5060\components\acroff0600.dll
;===================================================================================================================================================================================
SUSPECTS
Sent      Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id        Severity       Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
         

Nun scheine ich also noch einige inaktive, daher aber nicht mindergefährliche Trojaner an Bord zu haben, die sich sicher nach dem nächsten Neustart oder Ähnlichem bereit machen, was auch immer, zu tun.

In diesem Sinne: Hilfe!

PS: Ich hatte, nachdem ich gemerkt habe, dass die Fehler nicht am FF liegen, wieder eine ältere Version installiert.


OTF-Auswertungen noch:
Code:
ATTFilter
OTL logfile created on: 29.12.2011 03:56:55 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Bianco\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 57,69% Memory free
7,99 Gb Paging File | 6,28 Gb Available in Paging File | 78,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 555,55 Gb Total Space | 128,83 Gb Free Space | 23,19% Space Free | Partition Type: NTFS
Drive D: | 375,86 Gb Total Space | 375,76 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
 
Computer Name: VICKY | User Name: Bianco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.29 03:52:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bianco\Downloads\OTL.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Anti-Malware\mbamgui.exe
PRC - [2011.09.02 01:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bianco\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.07.29 17:57:34 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.11.20 12:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.04.27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011.04.27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.11.03 19:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.08.15 16:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.10.28 11:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.07.29 17:57:34 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.17 16:19:34 | 003,007,488 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\PC Share Manager\WiselinkPro.exe -- (WiselinkPro)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.07.20 08:46:06 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdm.sys -- (sscemdm)
DRV:64bit: - [2011.07.20 08:46:06 | 000,129,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssceserd.sys -- (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM)
DRV:64bit: - [2011.07.20 08:46:06 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV:64bit: - [2011.07.20 08:46:06 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdfl.sys -- (sscemdfl)
DRV:64bit: - [2011.07.20 08:45:58 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2011.07.20 08:45:58 | 000,128,000 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bserd.sys -- (ss_bserd)
DRV:64bit: - [2011.07.20 08:45:58 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV:64bit: - [2011.07.20 08:45:58 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV:64bit: - [2011.05.16 08:36:21 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.04.27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.21 15:11:04 | 000,097,552 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010.08.24 18:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010.08.24 18:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010.05.27 08:40:22 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.03.22 10:57:20 | 000,347,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.11.20 12:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.11.20 12:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.10.07 11:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.10.07 11:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 02:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2010.11.21 05:39:44 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010.11.21 05:39:10 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 A7 C1 E0 3B D0 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = www-cache.uni-halle.de:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledItems: gmailwatcher@sonthakit:1.47
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.10
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.2
FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.9
FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.29 00:43:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.29 00:43:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Bianco\AppData\Roaming\5064 [2011.12.22 15:03:55 | 000,000,000 | ---D | M]
 
[2011.08.24 10:42:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bianco\AppData\Roaming\mozilla\Extensions
[2011.12.28 16:52:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bianco\AppData\Roaming\mozilla\Firefox\Profiles\fs6947nh.default\extensions
[2011.12.22 05:07:33 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Bianco\AppData\Roaming\mozilla\Firefox\Profiles\fs6947nh.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.12.23 20:42:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Bianco\AppData\Roaming\mozilla\Firefox\Profiles\fs6947nh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.12.28 13:01:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Bianco\AppData\Roaming\mozilla\Firefox\Profiles\fs6947nh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.10.31 09:46:33 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Bianco\AppData\Roaming\mozilla\Firefox\Profiles\fs6947nh.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011.10.01 19:57:27 | 000,000,000 | ---D | M] (Adblock Plus Pop-up Addon) -- C:\Users\Bianco\AppData\Roaming\mozilla\Firefox\Profiles\fs6947nh.default\extensions\adblockpopups@jessehakanen.net
[2011.08.24 21:53:45 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Bianco\AppData\Roaming\mozilla\Firefox\Profiles\fs6947nh.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.12.17 02:18:54 | 000,000,000 | ---D | M] (Gmail Watcher) -- C:\Users\Bianco\AppData\Roaming\mozilla\Firefox\Profiles\fs6947nh.default\extensions\gmailwatcher@sonthakit
[2011.12.29 00:43:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011.12.22 15:03:55 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\BIANCO\APPDATA\ROAMING\5064
[2011.08.26 23:30:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.13 01:14:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.13 01:14:25 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.13 01:14:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.13 01:14:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.13 01:14:25 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - Startup: C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bianco\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\[Vimeo-12280336] Daisy Lowe for UK esquire HD - Verknüpfung.lnk = C:\Users\Bianco\Videos\Daisy Lowe for UK esquire HD.mp4 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32A44F64-7AAA-4B86-8DC3-FC1D757FDFAE}: DhcpNameServer = 192.168.25.10
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{14edffcb-7f7d-11e0-a1cd-1c6f6548819b}\Shell - "" = AutoRun
O33 - MountPoints2\{14edffcb-7f7d-11e0-a1cd-1c6f6548819b}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{307f1ce2-e67d-11e0-84d4-1c6f6548819b}\Shell - "" = AutoRun
O33 - MountPoints2\{307f1ce2-e67d-11e0-84d4-1c6f6548819b}\Shell\AutoRun\command - "" = G:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: KiesPDLR - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.29 00:58:55 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2011.12.28 23:19:55 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.12.28 23:19:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiJackThis
[2011.12.28 22:20:20 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\Malwarebytes
[2011.12.28 22:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.28 22:20:11 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.28 22:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anti-Malware
[2011.12.28 20:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\clp
[2011.12.28 15:16:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2011.12.22 15:03:55 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5064
[2011.12.22 14:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011.12.22 14:10:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2011.12.21 10:54:29 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5063
[2011.12.20 18:23:30 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5062
[2011.12.19 14:08:56 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5061
[2011.12.16 14:53:18 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5060
[2011.12.14 16:28:43 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5059
[2011.12.13 15:46:39 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5058
[2011.12.12 14:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.7
[2011.12.12 14:54:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.7
[2011.12.12 11:18:22 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5056
[2011.12.10 15:44:36 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5055
[2011.12.09 11:05:57 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5054
[2011.12.04 10:36:02 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5053
[2011.12.01 20:47:47 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5052
[2011.12.01 20:10:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2 C:\Users\Bianco\AppData\Roaming\*.tmp files -> C:\Users\Bianco\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.29 03:32:25 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.28 23:14:36 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.28 23:14:36 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.28 23:07:28 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.28 23:07:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.28 23:07:16 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.14 07:58:47 | 004,863,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.12 13:34:37 | 000,000,024 | ---- | M] () -- C:\Users\Bianco\AppData\Roaming\urhtps.dat
[2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.09 19:39:20 | 004,540,106 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.09 19:39:20 | 001,786,018 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.09 19:39:20 | 001,342,482 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.09 19:39:20 | 001,193,392 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.09 19:39:20 | 000,006,472 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.08 20:59:41 | 000,009,979 | ---- | M] () -- C:\Users\Public\Documents\MandyBewerbungTUB.pdf
[2 C:\Users\Bianco\AppData\Roaming\*.tmp files -> C:\Users\Bianco\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.11 14:47:31 | 000,000,024 | ---- | C] () -- C:\Users\Bianco\AppData\Roaming\urhtps.dat
[2011.12.10 14:03:33 | 000,009,979 | ---- | C] () -- C:\Users\Public\Documents\MandyBewerbungTUB.pdf
[2011.09.18 13:43:44 | 000,000,337 | ---- | C] () -- C:\Users\Bianco\AppData\Local\Perfmon.PerfmonCfg
[2011.07.26 16:26:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.07.26 16:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.07.26 16:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.07.26 16:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.07.26 16:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.07.19 21:06:07 | 000,006,454 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.09 09:24:59 | 000,000,132 | ---- | C] () -- C:\Users\Bianco\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.05.25 06:23:03 | 000,000,000 | ---- | C] () -- C:\Users\Bianco\AppData\Local\{951B364D-4355-4BFB-BA19-F499AA39035E}
[2010.11.21 08:33:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.21 05:12:12 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2010.11.21 04:06:25 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.08.05 11:15:30 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini
[2009.08.27 08:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2002.09.18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
 
========== LOP Check ==========
 
[2011.11.19 15:13:34 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5043
[2011.11.20 14:28:12 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5044
[2011.11.21 20:02:13 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5045
[2011.11.22 13:13:32 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5047
[2011.11.23 10:34:47 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5048
[2011.11.24 15:40:06 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5049
[2011.11.25 18:10:55 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5050
[2011.11.28 17:51:54 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5051
[2011.12.01 20:47:47 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5052
[2011.12.04 10:36:02 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5053
[2011.12.09 11:05:57 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5054
[2011.12.10 15:44:36 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5055
[2011.12.12 11:18:22 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5056
[2011.12.13 15:46:39 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5058
[2011.12.14 16:28:43 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5059
[2011.12.16 14:53:18 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5060
[2011.12.19 14:08:56 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5061
[2011.12.20 18:23:30 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5062
[2011.12.21 10:54:29 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5063
[2011.12.22 15:03:55 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\5064
[2011.07.18 07:32:36 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\Amazon
[2011.04.22 15:30:35 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.12.28 20:06:20 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\DAEMON Tools Lite
[2011.12.28 23:07:51 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\Dropbox
[2011.06.29 09:24:04 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\FreeFLVConverter
[2011.12.29 02:42:04 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\ICQ
[2011.11.19 04:20:05 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\kock
[2010.11.21 07:21:50 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\Leadertech
[2011.03.10 13:09:23 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\Meine Traffic
[2011.01.07 17:36:52 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\MotioninJoy
[2010.11.21 06:45:14 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\Mouse Recorder Pro
[2011.08.12 11:05:07 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\Samsung
[2011.08.11 19:30:48 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\TeamViewer
[2011.12.01 20:04:37 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\UAs
[2011.12.23 12:39:56 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\xmldm
[2011.12.02 09:44:34 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.12.28 11:22:51 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.12.28 23:19:55 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.11.21 04:02:20 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.11.21 07:14:26 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.11.21 06:06:29 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.11.22 15:21:02 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.12.28 23:19:54 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.12.28 22:20:15 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.11.21 04:02:20 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.11.21 04:02:20 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.09.16 09:15:52 | 000,000,000 | ---D | M] -- C:\Skins SP
[2011.12.29 03:57:50 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.11.22 15:18:01 | 000,000,000 | ---D | M] -- C:\Temp
[2010.11.21 04:02:32 | 000,000,000 | R--D | M] -- C:\Users
[2011.12.28 23:07:15 | 000,000,000 | ---D | M] -- C:\Windows
[2011.12.06 15:14:36 | 000,000,000 | ---D | M] -- C:\Zipster
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2010.11.20 10:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 29.12.2011 03:56:55 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Bianco\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 57,69% Memory free
7,99 Gb Paging File | 6,28 Gb Available in Paging File | 78,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 555,55 Gb Total Space | 128,83 Gb Free Space | 23,19% Space Free | Partition Type: NTFS
Drive D: | 375,86 Gb Total Space | 375,76 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
 
Computer Name: VICKY | User Name: Bianco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C862EC05-1C15-4327-B15D-C7788D6CFF73}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E0FE1E14-3A7A-4DB0-9FFA-0DD945AE84DB}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"MiKTeX 2.9" = MiKTeX 2.9
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"sp6" = Logitech SetPoint 6.20
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71BF8787-A67D-4CBC-9155-22927199F4BB}" = TP-LINK Wireless Client Utility
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{889E44CE-435C-4D37-B302-A7E43339E5FA}_is1" = Mouse Recorder Pro 2.0.6.0
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EDC842C6-5607-48B9-A0B2-7D8B9BC57333}" = AD_Install
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Black Prophecy_is1" = Black Prophecy
"DAEMON Tools Lite" = DAEMON Tools Lite
"Free FLV Converter_is1" = Free FLV Converter V 6.98.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImageJ_is1" = ImageJ 1.42q
"InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"TeamViewer 6" = TeamViewer 6
"TeXnicCenter Alpha_is1" = TeXnicCenter Version 2.0 Alpha 3
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.12.2011 20:03:57 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 26.12.2011 20:03:57 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 26.12.2011 20:03:57 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 26.12.2011 20:03:57 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 26.12.2011 20:04:28 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 26.12.2011 20:04:28 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 26.12.2011 20:04:28 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 26.12.2011 20:04:28 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 26.12.2011 20:04:28 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 26.12.2011 20:04:28 | Computer Name = Vicky | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ System Events ]
Error - 28.12.2011 19:27:49 | Computer Name = Vicky | Source = ipnathlp | ID = 31004
Description = 
 
Error - 28.12.2011 19:29:56 | Computer Name = Vicky | Source = ipnathlp | ID = 31004
Description = 
 
Error - 28.12.2011 19:40:12 | Computer Name = Vicky | Source = ipnathlp | ID = 31004
Description = 
 
Error - 28.12.2011 20:00:19 | Computer Name = Vicky | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\RkPavproc1.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 28.12.2011 20:00:19 | Computer Name = Vicky | Source = Service Control Manager | ID = 7000
Description = Der Dienst "RkPavproc1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 28.12.2011 20:23:21 | Computer Name = Vicky | Source = ipnathlp | ID = 31004
Description = 
 
Error - 28.12.2011 21:12:01 | Computer Name = Vicky | Source = ipnathlp | ID = 31004
Description = 
 
Error - 28.12.2011 21:28:38 | Computer Name = Vicky | Source = ipnathlp | ID = 31004
Description = 
 
Error - 28.12.2011 22:02:09 | Computer Name = Vicky | Source = ipnathlp | ID = 31004
Description = 
 
Error - 28.12.2011 22:32:22 | Computer Name = Vicky | Source = ipnathlp | ID = 31004
Description = 
 
 
< End of report >
         

Und so auf den ersten Blick, eine Prognose: Ist da was ernsthaft Gefährliches dabei und eine Neuaufsetzung unvermeidbar?

Alt 29.12.2011, 07:43   #2
Chris4You
 
Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM) - Standard

Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM)



Hi,

hey Du Nase, Du hast jede Menge Trojaner, Backdoors, Passwordstealer drauf, wenn das mal nichts ernsthaftes ist... ;o)..
Sofort von einem sauberen Rechner aus alle Passwörter ändern...

Dateien Online überprüfen lassen
  • Suche die Seite Virustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\Windows\MusiccityDownload.exe
C:\Windows\lsb_un20.exe
         
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Fix für OTL
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
[2011.12.22 15:03:55 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\BIANCO\APPDATA\ROAMING\5064
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O33 - MountPoints2\{14edffcb-7f7d-11e0-a1cd-1c6f6548819b}\Shell - "" = AutoRun
O33 - MountPoints2\{14edffcb-7f7d-11e0-a1cd-1c6f6548819b}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{307f1ce2-e67d-11e0-84d4-1c6f6548819b}\Shell - "" = AutoRun
O33 - MountPoints2\{307f1ce2-e67d-11e0-84d4-1c6f6548819b}\Shell\AutoRun\command - "" = G:\Startme.exe
[2011.12.12 11:18:22 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5056
[2011.12.10 15:44:36 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5055
[2011.12.09 11:05:57 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5054
[2011.12.04 10:36:02 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5053
[2011.12.01 20:47:47 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5052
[2011.12.21 10:54:29 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5063
[2011.12.20 18:23:30 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5062
[2011.12.19 14:08:56 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5061
[2011.12.16 14:53:18 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5060
[2011.12.14 16:28:43 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5059
[2011.12.13 15:46:39 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5058
[2011.12.22 15:03:55 | 000,000,000 | ---D | C] -- C:\Users\Bianco\AppData\Roaming\5064
[2011.12.11 14:47:31 | 000,000,024 | ---- | C] () -- C:\Users\Bianco\AppData\Roaming\urhtps.dat
[2011.04.22 15:30:35 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.11.19 04:20:05 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\kock
[2011.12.23 12:39:56 | 000,000,000 | ---D | M] -- C:\Users\Bianco\AppData\Roaming\xmldm

:Commands
[emptytemp]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

Superantispyware (SASW):
http://www.trojaner-board.de/51871-a...tispyware.html

chris
__________________

__________________

Alt 29.12.2011, 12:04   #3
Bexod
 
Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM) - Standard

Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM)



Na super, war ja klar. ^^
Nachdem MBAM nix mehr gefunden hatte, dachte ich, das Gröbste sei überstanden. Also nein.

Danke für die schnelle Antwort. Hier der Reihe nach: (da ist jetzt wirklich alles reinkopiert, aber eigentlich bräuchte man nur die "Additional information", oder?)

Code:
ATTFilter
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
MusiccityDownload.exe
Submission date:
2011-12-29 08:19:54 (UTC)
Current status:
queued (#5) queued analysing finished
Result:
0/ 43 (0.0%)
	
VT Community

not reviewed
 Safety score: - 
Compact
Print results
Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2011.12.28.03	2011.12.28	-
AntiVir	7.11.20.64	2011.12.29	-
Antiy-AVL	2.0.3.7	2011.12.29	-
Avast	6.0.1289.0	2011.12.28	-
AVG	10.0.0.1190	2011.12.29	-
BitDefender	7.2	2011.12.29	-
ByteHero	1.0.0.1	2011.12.07	-
CAT-QuickHeal	12.00	2011.12.29	-
ClamAV	0.97.3.0	2011.12.29	-
Commtouch	5.3.2.6	2011.12.29	-
Comodo	11126	2011.12.29	-
DrWeb	5.0.2.03300	2011.12.29	-
Emsisoft	5.1.0.11	2011.12.29	-
eSafe	7.0.17.0	2011.12.29	-
eTrust-Vet	37.0.9652	2011.12.29	-
F-Prot	4.6.5.141	2011.12.28	-
F-Secure	9.0.16440.0	2011.12.29	-
Fortinet	4.3.388.0	2011.12.29	-
GData	22.324/22.610	2011.12.29	-
Ikarus	T3.1.1.109.0	2011.12.29	-
Jiangmin	13.0.900	2011.12.28	-
K7AntiVirus	9.120.5796	2011.12.28	-
Kaspersky	9.0.0.837	2011.12.29	-
McAfee	5.400.0.1158	2011.12.29	-
McAfee-GW-Edition	2010.1E	2011.12.28	-
Microsoft	1.7903	2011.12.29	-
NOD32	6750	2011.12.29	-
Norman	6.07.13	2011.12.28	-
nProtect	2011-12-29.01	2011.12.29	-
Panda	10.0.3.5	2011.12.29	-
PCTools	8.0.0.5	2011.12.29	-
Prevx	3.0	2011.12.29	-
Rising	23.90.03.01	2011.12.29	-
Sophos	4.72.0	2011.12.29	-
SUPERAntiSpyware	4.40.0.1006	2011.12.28	-
Symantec	20111.2.0.82	2011.12.29	-
TheHacker	6.7.0.1.367	2011.12.29	-
TrendMicro	9.500.0.1008	2011.12.29	-
TrendMicro-HouseCall	9.500.0.1008	2011.12.29	-
VBA32	3.12.16.4	2011.12.29	-
VIPRE	11319	2011.12.29	-
ViRobot	2011.12.29.4852	2011.12.29	-
VirusBuster	14.1.138.0	2011.12.28	-
Additional information
Show all
MD5   : 35783ff1ccab7cfbfe799ef8d6476c0d
SHA1  : ad563aa5d439a32e085d657759d7d734b95d0d06
SHA256: 7f5e34f7f1376ef8e9137d3c2ddba192e2b9ca18e6e85298dbe99d5efe1658af
ssdeep: 192:PRRXHQIQ1+yte3fuUivuL1oynfY3/8YYsLwXozvyIl5x/THSyowJL/aMjGwP7XMK:JdtQkn
ic1RY3/z0ox5BWYJLWAhbj5n
File size : 30568 bytes
First seen: 2010-05-09 19:31:37
Last seen : 2011-12-29 08:19:54
TrID:
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....:
copyright....: Copyright (C) 2007
product......: NYEDownload __ ____
description..: NYEDownload MFC __ ____
original name: NYEDownload.EXE
internal name: NYEDownload
file version.: 1, 0, 2007, 927
comments.....:
signers......: MarkAny Inc.
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 10:54 16/11/2009
verified.....: -
PEiD: Armadillo v1.71
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x192E
timedatestamp....: 0x47C619E0 (Thu Feb 28 02:18:08 2008)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xBB2, 0x1000, 4.55, 96d0e663281dfa8971576b8aceced951
.rdata, 0x2000, 0xB20, 0x1000, 3.87, fb8447ef3496befaeca37c92debbadb7
.data, 0x3000, 0x188, 0x1000, 0.25, 635f6272ed391f39526f0cf578cd9ea4
.rsrc, 0x4000, 0x19F0, 0x2000, 3.98, 5b8122b5627eb6bdfc15a362d9bc43be

[[ 4 import(s) ]]
MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
MSVCRT.dll: _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, _onexit, __dllonexit, __CxxFrameHandler, strncpy, _mbscmp, _setmbcp, __setusermatherr
KERNEL32.dll: GetVersionExA, LoadLibraryA, MoveFileA, GetLastError, CreateMutexA, CloseHandle, GetModuleHandleA, GetStartupInfoA, GetProcAddress
USER32.dll: PostMessageA, EnableWindow
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 4096
Comments:
CompanyName:
EntryPoint: 0x192e
FileDescription: NYEDownload MFC
FileFlagsMask: 0x003f
FileOS: Win32
FileSize: 30 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 1, 0, 2007, 927
FileVersionNumber: 1.0.2007.927
ImageVersion: 0.0
InitializedDataSize: 16384
InternalName: NYEDownload
LanguageCode: Korean
LegalCopyright: Copyright (C) 2007
LegalTrademarks:
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Executable application
OriginalFilename: NYEDownload.EXE
PEType: PE32
PrivateBuild:
ProductName: NYEDownload
ProductVersion: 1, 0, 2007, 927
ProductVersionNumber: 1.0.2007.927
SpecialBuild:
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2008:02:28 03:18:08+01:00
UninitializedDataSize: 0

VT Community

0

    This file has never been reviewed by any VT Community member. Be the first one to comment on it! 

VirusTotal Team
         
Nächster:
Code:
ATTFilter
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
lsb_un20.exe
Submission date:
2011-12-29 08:25:45 (UTC)
Current status:
queued (#5) queued (#8) analysing finished
Result:
0/ 43 (0.0%)
	
VT Community

not reviewed
 Safety score: - 
Compact
Print results
Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2011.12.28.03	2011.12.28	-
AntiVir	7.11.20.64	2011.12.29	-
Antiy-AVL	2.0.3.7	2011.12.29	-
Avast	6.0.1289.0	2011.12.28	-
AVG	10.0.0.1190	2011.12.29	-
BitDefender	7.2	2011.12.29	-
ByteHero	1.0.0.1	2011.12.07	-
CAT-QuickHeal	12.00	2011.12.29	-
ClamAV	0.97.3.0	2011.12.29	-
Commtouch	5.3.2.6	2011.12.29	-
Comodo	11126	2011.12.29	-
DrWeb	5.0.2.03300	2011.12.29	-
Emsisoft	5.1.0.11	2011.12.29	-
eSafe	7.0.17.0	2011.12.29	-
eTrust-Vet	37.0.9652	2011.12.29	-
F-Prot	4.6.5.141	2011.12.28	-
F-Secure	9.0.16440.0	2011.12.29	-
Fortinet	4.3.388.0	2011.12.29	-
GData	22	2011.12.29	-
Ikarus	T3.1.1.109.0	2011.12.29	-
Jiangmin	13.0.900	2011.12.28	-
K7AntiVirus	9.120.5796	2011.12.28	-
Kaspersky	9.0.0.837	2011.12.29	-
McAfee	5.400.0.1158	2011.12.29	-
McAfee-GW-Edition	2010.1E	2011.12.28	-
Microsoft	1.7903	2011.12.29	-
NOD32	6750	2011.12.29	-
Norman	6.07.13	2011.12.28	-
nProtect	2011-12-29.01	2011.12.29	-
Panda	10.0.3.5	2011.12.29	-
PCTools	8.0.0.5	2011.12.29	-
Prevx	3.0	2011.12.29	-
Rising	23.90.03.01	2011.12.29	-
Sophos	4.72.0	2011.12.29	-
SUPERAntiSpyware	4.40.0.1006	2011.12.28	-
Symantec	20111.2.0.82	2011.12.29	-
TheHacker	6.7.0.1.367	2011.12.29	-
TrendMicro	9.500.0.1008	2011.12.29	-
TrendMicro-HouseCall	9.500.0.1008	2011.12.29	-
VBA32	3.12.16.4	2011.12.29	-
VIPRE	11319	2011.12.29	-
ViRobot	2011.12.29.4852	2011.12.29	-
VirusBuster	14.1.138.0	2011.12.28	-
Additional information
Show all
MD5   : cc192386468bd7faf7624155877a7d2a
SHA1  : ed7445dd32c224ae889957c8e6d551f5998818a3
SHA256: e881b88e0461fb4da8cc8a4a6d99a5b3be9e2095d8b7b14d98475dfd39e9d4ce
ssdeep: 3072:Pp62QlvbyT7XbXxIuTfM7CE1jK62Ay/neAQ:PohbyT7XFIujM7JjKmN
File size : 119808 bytes
First seen: 2006-05-23 17:25:04
Last seen : 2011-12-29 08:25:45
TrID:
Win32 Executable Delphi generic (39.8%)
Win32 Executable Generic (23.1%)
Win32 Dynamic Link Library (generic) (20.5%)
Win16/32 Executable Delphi generic (5.6%)
Generic Win/DOS Executable (5.4%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: 2.2.0.0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x19C78
timedatestamp....: 0x2A425E19 (Fri Jun 19 22:22:17 1992)
machinetype......: 0x14c (I386)

[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
CODE, 0x1000, 0x18C94, 0x18E00, 6.42, b162cb438439918f24e2f3740c814bae
DATA, 0x1A000, 0x648, 0x800, 2.46, 8a8607d9ea3e3ac47db174d76b360358
BSS, 0x1B000, 0xED1, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.idata, 0x1C000, 0x1282, 0x1400, 4.68, 7896e0b1dde4d1edd20e832c933b63b8
.tls, 0x1E000, 0x8, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.rdata, 0x1F000, 0x18, 0x200, 0.20, 95d7b101355c0c7bebac855893290c7d
.reloc, 0x20000, 0x1B2C, 0x1C00, 6.63, 17acf8fcf1411df23fb7f64c614d2d71
.rsrc, 0x22000, 0x800, 0x800, 4.09, 5d2ca4758dc8018ffb30edfccdf8a36e

[[ 14 import(s) ]]
kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, VirtualQuery, lstrlenA, lstrcpyA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, ExitProcess, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
user32.dll: GetKeyboardType, MessageBoxA
advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
oleaut32.dll: VariantCopyInd, VariantClear, SysFreeString, SysReAllocStringLen
kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, GetModuleFileNameA
advapi32.dll: RegSetValueExA, RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExA, RegCloseKey
kernel32.dll: WriteFile, WideCharToMultiByte, WaitForSingleObject, VirtualFree, VirtualAlloc, SetFilePointer, SetFileAttributesA, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReleaseSemaphore, ReadFile, MulDiv, MoveFileExA, LoadLibraryExA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalAlloc, GetWindowsDirectoryA, GetVersionExA, GetTickCount, GetThreadLocale, GetSystemDirectoryA, GetShortPathNameA, GetProcAddress, GetModuleHandleA, GetLocaleInfoA, GetLastError, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetCurrentThreadId, GetCommandLineW, FreeLibrary, FindFirstFileA, FindClose, ExpandEnvironmentStringsA, EnterCriticalSection, DeleteFileA, DeleteCriticalSection, CreateProcessA, CreateFileA, CloseHandle
gdi32.dll: SetViewportOrgEx, SetTextColor, SetBkMode, SetBkColor, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RestoreDC, RealizePalette, PtVisible, Polyline, IntersectClipRect, GetTextMetricsA, GetTextExtentPoint32A, GetTextCharacterExtra, GetStockObject, GetObjectA, GetDeviceCaps, GetCurrentObject, GetClipRgn, GetClipBox, GetCharWidthA, GetCharABCWidthsA, ExtTextOutA, ExcludeClipRect, DeleteObject, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePen, CreateHalftonePalette, CreateFontIndirectA, CreateCompatibleDC, CreateBitmap, BitBlt
user32.dll: VkKeyScanA, UpdateWindow, TranslateMessage, ShowWindow, SetWindowPos, SetWindowLongA, SetTimer, SetPropA, SetParent, SetForegroundWindow, SetFocus, SetCapture, SetActiveWindow, SendMessageA, RemovePropA, ReleaseDC, ReleaseCapture, RegisterClassA, RedrawWindow, PostQuitMessage, PostMessageA, PeekMessageA, MapWindowPoints, LoadIconA, LoadCursorA, KillTimer, IsWindowVisible, IsWindowEnabled, InvalidateRect, GetWindowRect, GetWindowLongA, GetSystemMetrics, GetSysColor, GetPropA, GetWindow, GetMessageA, GetIconInfo, GetFocus, GetDlgItem, GetDialogBaseUnits, GetDC, GetClientRect, GetActiveWindow, FillRect, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, DrawTextExA, DrawIconEx, DispatchMessageA, DestroyWindow, DestroyIcon, DestroyCursor, DefWindowProcA, CreateWindowExA, CopyImage, CallWindowProcA, BeginPaint, AdjustWindowRectEx
ole32.dll: OleUninitialize, OleInitialize
shell32.dll: ShellExecuteExA
shell32.dll: SHChangeNotify
comctl32.dll: InitCommonControls
user32.dll: GetUpdateRect
ExifTool:
file metadata
CharacterSet: Windows, Latin1
CodeSize: 101888
EntryPoint: 0x19c78
FileFlagsMask: 0x003f
FileOS: Win32
FileSize: 117 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 2.2.0.0
FileVersionNumber: 2.1.0.0
ImageVersion: 0.0
InitializedDataSize: 16896
LanguageCode: Italian
LinkerVersion: 2.25
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 1.0
ObjectFileType: Executable application
PEType: PE32
ProductVersionNumber: 2.1.0.0
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 1992:06:20 00:22:17+02:00
UninitializedDataSize: 0

VT Community

0

    This file has never been reviewed by any VT Community member. Be the first one to comment on it! 

VirusTotal Team
         
Okay und das Ergebnis des OTL-Fix' ist dann hier:
Code:
ATTFilter
All processes killed
========== OTL ==========
C:\USERS\BIANCO\APPDATA\ROAMING\5064\components folder moved successfully.
C:\USERS\BIANCO\APPDATA\ROAMING\5064 folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14edffcb-7f7d-11e0-a1cd-1c6f6548819b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14edffcb-7f7d-11e0-a1cd-1c6f6548819b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14edffcb-7f7d-11e0-a1cd-1c6f6548819b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14edffcb-7f7d-11e0-a1cd-1c6f6548819b}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{307f1ce2-e67d-11e0-84d4-1c6f6548819b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{307f1ce2-e67d-11e0-84d4-1c6f6548819b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{307f1ce2-e67d-11e0-84d4-1c6f6548819b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{307f1ce2-e67d-11e0-84d4-1c6f6548819b}\ not found.
File G:\Startme.exe not found.
C:\Users\Bianco\AppData\Roaming\5056\components folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5056 folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5055\components folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5055 folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5054\components folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5054 folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5053\components folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5053 folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5052\components folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5052 folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5063\components folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5063 folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5062\components folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5062 folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5061\components folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5061 folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5060\components folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5060 folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5059\components folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5059 folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5058\components folder moved successfully.
C:\Users\Bianco\AppData\Roaming\5058 folder moved successfully.
Folder C:\Users\Bianco\AppData\Roaming\5064\ not found.
C:\Users\Bianco\AppData\Roaming\urhtps.dat moved successfully.
C:\Users\Bianco\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\HelpCfg\de_DE folder moved successfully.
C:\Users\Bianco\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\HelpCfg folder moved successfully.
C:\Users\Bianco\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\#SharedObjects folder moved successfully.
C:\Users\Bianco\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\#ApplicationUpdater folder moved successfully.
C:\Users\Bianco\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store folder moved successfully.
C:\Users\Bianco\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 folder moved successfully.
C:\Users\Bianco\AppData\Roaming\kock folder moved successfully.
C:\Users\Bianco\AppData\Roaming\xmldm folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Bianco
->Temp folder emptied: 89173092 bytes
->Temporary Internet Files folder emptied: 12384606 bytes
->Java cache emptied: 9493219 bytes
->FireFox cache emptied: 44312739 bytes
->Flash cache emptied: 3949 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20280 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 148,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 12292011_093638

Files\Folders moved on Reboot...
C:\Users\Bianco\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         


So nun haben wir ein Problem mit dem TDSSKiller. Er initialisiert sich, aber nur bis 80%, dann geschieht minutenlang nichts. Läuft aktuell noch... ah jetzt aber:
Code:
ATTFilter
09:49:44.0780 3316	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
09:49:44.0842 3316	============================================================
09:49:44.0842 3316	Current date / time: 2011/12/29 09:49:44.0842
09:49:44.0842 3316	SystemInfo:
09:49:44.0842 3316	
09:49:44.0842 3316	OS Version: 6.1.7601 ServicePack: 1.0
09:49:44.0842 3316	Product type: Workstation
09:49:44.0842 3316	ComputerName: VICKY
09:49:44.0842 3316	UserName: Bianco
09:49:44.0842 3316	Windows directory: C:\Windows
09:49:44.0842 3316	System windows directory: C:\Windows
09:49:44.0842 3316	Running under WOW64
09:49:44.0842 3316	Processor architecture: Intel x64
09:49:44.0842 3316	Number of processors: 4
09:49:44.0842 3316	Page size: 0x1000
09:49:44.0842 3316	Boot type: Normal boot
09:49:44.0842 3316	============================================================
09:50:51.0579 3316	Initialize success
09:51:07.0616 4500	============================================================
09:51:07.0616 4500	Scan started
09:51:07.0616 4500	Mode: Manual; 
09:51:07.0616 4500	============================================================
09:51:08.0068 4500	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:51:08.0084 4500	1394ohci - ok
09:51:08.0146 4500	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:51:08.0162 4500	ACPI - ok
09:51:08.0193 4500	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:51:08.0193 4500	AcpiPmi - ok
09:51:08.0271 4500	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:51:08.0287 4500	adp94xx - ok
09:51:08.0318 4500	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:51:08.0318 4500	adpahci - ok
09:51:08.0334 4500	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:51:08.0349 4500	adpu320 - ok
09:51:08.0396 4500	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
09:51:08.0412 4500	AFD - ok
09:51:08.0427 4500	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:51:08.0427 4500	agp440 - ok
09:51:08.0443 4500	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:51:08.0443 4500	aliide - ok
09:51:08.0458 4500	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:51:08.0458 4500	amdide - ok
09:51:08.0474 4500	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:51:08.0474 4500	AmdK8 - ok
09:51:08.0490 4500	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:51:08.0490 4500	AmdPPM - ok
09:51:08.0521 4500	amdsata         (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
09:51:08.0521 4500	amdsata - ok
09:51:08.0552 4500	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:51:08.0552 4500	amdsbs - ok
09:51:08.0568 4500	amdxata         (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
09:51:08.0568 4500	amdxata - ok
09:51:08.0599 4500	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:51:08.0614 4500	AppID - ok
09:51:08.0646 4500	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:51:08.0646 4500	arc - ok
09:51:08.0661 4500	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:51:08.0661 4500	arcsas - ok
09:51:08.0692 4500	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:51:08.0692 4500	AsyncMac - ok
09:51:08.0724 4500	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:51:08.0724 4500	atapi - ok
09:51:08.0770 4500	athr            (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys
09:51:08.0786 4500	athr - ok
09:51:08.0817 4500	AtiPcie         (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
09:51:08.0817 4500	AtiPcie - ok
09:51:08.0833 4500	AVFSFilter - ok
09:51:08.0880 4500	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:51:08.0895 4500	b06bdrv - ok
09:51:08.0911 4500	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:51:08.0911 4500	b57nd60a - ok
09:51:08.0926 4500	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:51:08.0942 4500	Beep - ok
09:51:08.0958 4500	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:51:08.0958 4500	blbdrive - ok
09:51:09.0004 4500	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:51:09.0004 4500	bowser - ok
09:51:09.0020 4500	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:51:09.0020 4500	BrFiltLo - ok
09:51:09.0036 4500	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:51:09.0036 4500	BrFiltUp - ok
09:51:09.0067 4500	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:51:09.0067 4500	Brserid - ok
09:51:09.0082 4500	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:51:09.0082 4500	BrSerWdm - ok
09:51:09.0098 4500	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:51:09.0098 4500	BrUsbMdm - ok
09:51:09.0114 4500	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:51:09.0114 4500	BrUsbSer - ok
09:51:09.0176 4500	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
09:51:09.0176 4500	BthEnum - ok
09:51:09.0192 4500	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:51:09.0192 4500	BTHMODEM - ok
09:51:09.0238 4500	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
09:51:09.0238 4500	BthPan - ok
09:51:09.0285 4500	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
09:51:09.0301 4500	BTHPORT - ok
09:51:09.0316 4500	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
09:51:09.0332 4500	BTHUSB - ok
09:51:09.0348 4500	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:51:09.0348 4500	cdfs - ok
09:51:09.0410 4500	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
09:51:09.0410 4500	cdrom - ok
09:51:09.0441 4500	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:51:09.0441 4500	circlass - ok
09:51:09.0472 4500	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:51:09.0472 4500	CLFS - ok
09:51:09.0519 4500	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:51:09.0519 4500	CmBatt - ok
09:51:09.0550 4500	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:51:09.0550 4500	cmdide - ok
09:51:09.0597 4500	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
09:51:09.0597 4500	CNG - ok
09:51:09.0613 4500	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:51:09.0613 4500	Compbatt - ok
09:51:09.0660 4500	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
09:51:09.0660 4500	CompositeBus - ok
09:51:09.0691 4500	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:51:09.0691 4500	crcdisk - ok
09:51:09.0753 4500	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:51:09.0769 4500	DfsC - ok
09:51:09.0784 4500	dgderdrv - ok
09:51:09.0816 4500	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:51:09.0831 4500	discache - ok
09:51:09.0940 4500	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:51:09.0940 4500	Disk - ok
09:51:10.0034 4500	Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
09:51:10.0034 4500	Dot4 - ok
09:51:10.0081 4500	Dot4Print       (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
09:51:10.0096 4500	Dot4Print - ok
09:51:10.0112 4500	dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
09:51:10.0112 4500	dot4usb - ok
09:51:10.0143 4500	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:51:10.0143 4500	drmkaud - ok
09:51:10.0190 4500	dtsoftbus01     (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
09:51:10.0190 4500	dtsoftbus01 - ok
09:51:10.0237 4500	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:51:10.0237 4500	DXGKrnl - ok
09:51:10.0299 4500	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:51:10.0330 4500	ebdrv - ok
09:51:10.0377 4500	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:51:10.0377 4500	elxstor - ok
09:51:10.0424 4500	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:51:10.0424 4500	ErrDev - ok
09:51:10.0455 4500	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:51:10.0471 4500	exfat - ok
09:51:10.0486 4500	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:51:10.0486 4500	fastfat - ok
09:51:10.0502 4500	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:51:10.0502 4500	fdc - ok
09:51:10.0533 4500	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:51:10.0533 4500	FileInfo - ok
09:51:10.0549 4500	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:51:10.0549 4500	Filetrace - ok
09:51:10.0564 4500	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:51:10.0564 4500	flpydisk - ok
09:51:10.0611 4500	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:51:10.0627 4500	FltMgr - ok
09:51:10.0642 4500	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:51:10.0642 4500	FsDepends - ok
09:51:10.0658 4500	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
09:51:10.0658 4500	Fs_Rec - ok
09:51:10.0720 4500	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:51:10.0720 4500	fvevol - ok
09:51:10.0752 4500	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:51:10.0752 4500	gagp30kx - ok
09:51:10.0783 4500	gdrv            (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
09:51:10.0814 4500	gdrv - ok
09:51:10.0845 4500	GVTDrv64        (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
09:51:10.0861 4500	GVTDrv64 - ok
09:51:10.0908 4500	hamachi         (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
09:51:10.0908 4500	hamachi - ok
09:51:10.0939 4500	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:51:10.0939 4500	hcw85cir - ok
09:51:11.0001 4500	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
09:51:11.0017 4500	HdAudAddService - ok
09:51:11.0064 4500	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
09:51:11.0064 4500	HDAudBus - ok
09:51:11.0095 4500	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:51:11.0095 4500	HidBatt - ok
09:51:11.0110 4500	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:51:11.0110 4500	HidBth - ok
09:51:11.0126 4500	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:51:11.0126 4500	HidIr - ok
09:51:11.0173 4500	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
09:51:11.0173 4500	HidUsb - ok
09:51:11.0188 4500	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:51:11.0188 4500	HpSAMD - ok
09:51:11.0266 4500	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:51:11.0282 4500	HTTP - ok
09:51:11.0313 4500	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:51:11.0313 4500	hwpolicy - ok
09:51:11.0329 4500	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
09:51:11.0329 4500	i8042prt - ok
09:51:11.0376 4500	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:51:11.0376 4500	iaStorV - ok
09:51:11.0407 4500	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:51:11.0407 4500	iirsp - ok
09:51:11.0516 4500	IntcAzAudAddService (0adf714079ae174a39d69036143e4c50) C:\Windows\system32\drivers\RTKVHD64.sys
09:51:11.0532 4500	IntcAzAudAddService - ok
09:51:11.0563 4500	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:51:11.0563 4500	intelide - ok
09:51:11.0594 4500	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:51:11.0594 4500	intelppm - ok
09:51:11.0641 4500	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:51:11.0641 4500	IpFilterDriver - ok
09:51:11.0672 4500	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:51:11.0672 4500	IPMIDRV - ok
09:51:11.0688 4500	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:51:11.0688 4500	IPNAT - ok
09:51:11.0719 4500	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:51:11.0719 4500	IRENUM - ok
09:51:11.0734 4500	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:51:11.0734 4500	isapnp - ok
09:51:11.0750 4500	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:51:11.0750 4500	iScsiPrt - ok
09:51:11.0781 4500	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
09:51:11.0797 4500	kbdclass - ok
09:51:11.0812 4500	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
09:51:11.0812 4500	kbdhid - ok
09:51:11.0844 4500	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
09:51:11.0844 4500	KSecDD - ok
09:51:11.0875 4500	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
09:51:11.0875 4500	KSecPkg - ok
09:51:11.0890 4500	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:51:11.0890 4500	ksthunk - ok
09:51:11.0953 4500	LHidFilt        (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
09:51:11.0953 4500	LHidFilt - ok
09:51:11.0968 4500	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:51:11.0968 4500	lltdio - ok
09:51:12.0000 4500	LMouFilt        (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
09:51:12.0000 4500	LMouFilt - ok
09:51:12.0015 4500	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:51:12.0031 4500	LSI_FC - ok
09:51:12.0046 4500	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:51:12.0046 4500	LSI_SAS - ok
09:51:12.0062 4500	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:51:12.0062 4500	LSI_SAS2 - ok
09:51:12.0093 4500	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:51:12.0093 4500	LSI_SCSI - ok
09:51:12.0109 4500	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:51:12.0109 4500	luafv - ok
09:51:12.0171 4500	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
09:51:12.0171 4500	MBAMProtector - ok
09:51:12.0202 4500	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:51:12.0202 4500	megasas - ok
09:51:12.0218 4500	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:51:12.0218 4500	MegaSR - ok
09:51:12.0249 4500	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:51:12.0249 4500	Modem - ok
09:51:12.0265 4500	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:51:12.0265 4500	monitor - ok
09:51:12.0327 4500	MotioninJoyXFilter (16f9f464da6e02a020bce626c56a1797) C:\Windows\system32\DRIVERS\MijXfilt.sys
09:51:12.0343 4500	MotioninJoyXFilter - ok
09:51:12.0358 4500	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
09:51:12.0358 4500	mouclass - ok
09:51:12.0374 4500	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:51:12.0390 4500	mouhid - ok
09:51:12.0421 4500	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:51:12.0421 4500	mountmgr - ok
09:51:12.0452 4500	MpFilter        (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
09:51:12.0452 4500	MpFilter - ok
09:51:12.0514 4500	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:51:12.0514 4500	mpio - ok
09:51:12.0546 4500	MpNWMon         (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
09:51:12.0546 4500	MpNWMon - ok
09:51:12.0561 4500	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:51:12.0577 4500	mpsdrv - ok
09:51:12.0608 4500	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:51:12.0608 4500	MRxDAV - ok
09:51:12.0655 4500	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:51:12.0655 4500	mrxsmb - ok
09:51:12.0702 4500	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:51:12.0717 4500	mrxsmb10 - ok
09:51:12.0733 4500	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:51:12.0748 4500	mrxsmb20 - ok
09:51:12.0780 4500	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:51:12.0780 4500	msahci - ok
09:51:12.0795 4500	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:51:12.0795 4500	msdsm - ok
09:51:12.0842 4500	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:51:12.0842 4500	Msfs - ok
09:51:12.0873 4500	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:51:12.0889 4500	mshidkmdf - ok
09:51:12.0920 4500	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:51:12.0920 4500	msisadrv - ok
09:51:12.0951 4500	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:51:12.0951 4500	MSKSSRV - ok
09:51:12.0998 4500	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:51:12.0998 4500	MSPCLOCK - ok
09:51:13.0014 4500	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:51:13.0029 4500	MSPQM - ok
09:51:13.0076 4500	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:51:13.0076 4500	MsRPC - ok
09:51:13.0092 4500	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
09:51:13.0092 4500	mssmbios - ok
09:51:13.0123 4500	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:51:13.0123 4500	MSTEE - ok
09:51:13.0123 4500	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:51:13.0123 4500	MTConfig - ok
09:51:13.0154 4500	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:51:13.0154 4500	Mup - ok
09:51:13.0185 4500	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:51:13.0185 4500	NativeWifiP - ok
09:51:13.0248 4500	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
09:51:13.0279 4500	NDIS - ok
09:51:13.0294 4500	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:51:13.0294 4500	NdisCap - ok
09:51:13.0310 4500	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:51:13.0310 4500	NdisTapi - ok
09:51:13.0357 4500	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:51:13.0357 4500	Ndisuio - ok
09:51:13.0388 4500	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:51:13.0388 4500	NdisWan - ok
09:51:13.0435 4500	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:51:13.0435 4500	NDProxy - ok
09:51:13.0466 4500	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:51:13.0466 4500	NetBIOS - ok
09:51:13.0482 4500	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:51:13.0497 4500	NetBT - ok
09:51:13.0560 4500	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:51:13.0560 4500	nfrd960 - ok
09:51:13.0606 4500	NisDrv          (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:51:13.0606 4500	NisDrv - ok
09:51:13.0622 4500	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:51:13.0638 4500	Npfs - ok
09:51:13.0653 4500	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:51:13.0653 4500	nsiproxy - ok
09:51:13.0716 4500	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:51:13.0731 4500	Ntfs - ok
09:51:13.0747 4500	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:51:13.0747 4500	Null - ok
09:51:13.0778 4500	nusb3hub        (785298579b5f9b4032152dfbb992fdb6) C:\Windows\system32\DRIVERS\nusb3hub.sys
09:51:13.0778 4500	nusb3hub - ok
09:51:13.0809 4500	nusb3xhc        (df2750481b4964814467c974f2b0eef1) C:\Windows\system32\DRIVERS\nusb3xhc.sys
09:51:13.0809 4500	nusb3xhc - ok
09:51:13.0809 4500	NVHDA - ok
09:51:14.0028 4500	nvlddmkm        (10ad52b18792420e27bd5a0e912b1891) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:51:14.0090 4500	nvlddmkm - ok
09:51:14.0121 4500	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:51:14.0121 4500	nvraid - ok
09:51:14.0152 4500	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:51:14.0152 4500	nvstor - ok
09:51:14.0215 4500	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:51:14.0215 4500	nv_agp - ok
09:51:14.0246 4500	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:51:14.0246 4500	ohci1394 - ok
09:51:14.0293 4500	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:51:14.0293 4500	Parport - ok
09:51:14.0324 4500	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
09:51:14.0340 4500	partmgr - ok
09:51:14.0386 4500	pavboot         (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys
09:51:14.0386 4500	pavboot - ok
09:51:14.0402 4500	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:51:14.0402 4500	pci - ok
09:51:14.0433 4500	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:51:14.0433 4500	pciide - ok
09:51:14.0464 4500	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:51:14.0464 4500	pcmcia - ok
09:51:14.0480 4500	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:51:14.0480 4500	pcw - ok
09:51:14.0511 4500	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:51:14.0511 4500	PEAUTH - ok
09:51:14.0589 4500	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:51:14.0589 4500	PptpMiniport - ok
09:51:14.0605 4500	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:51:14.0605 4500	Processor - ok
09:51:14.0667 4500	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:51:14.0667 4500	Psched - ok
09:51:14.0714 4500	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:51:14.0745 4500	ql2300 - ok
09:51:14.0761 4500	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:51:14.0761 4500	ql40xx - ok
09:51:14.0792 4500	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:51:14.0792 4500	QWAVEdrv - ok
09:51:14.0792 4500	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:51:14.0792 4500	RasAcd - ok
09:51:14.0823 4500	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:51:14.0823 4500	RasAgileVpn - ok
09:51:14.0870 4500	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:51:14.0870 4500	Rasl2tp - ok
09:51:14.0886 4500	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:51:14.0886 4500	RasPppoe - ok
09:51:14.0917 4500	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:51:14.0917 4500	RasSstp - ok
09:51:14.0979 4500	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:51:14.0979 4500	rdbss - ok
09:51:14.0995 4500	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:51:15.0010 4500	rdpbus - ok
09:51:15.0026 4500	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:51:15.0026 4500	RDPCDD - ok
09:51:15.0042 4500	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:51:15.0042 4500	RDPENCDD - ok
09:51:15.0073 4500	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:51:15.0073 4500	RDPREFMP - ok
09:51:15.0104 4500	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
09:51:15.0104 4500	RDPWD - ok
09:51:15.0151 4500	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:51:15.0151 4500	rdyboost - ok
09:51:15.0213 4500	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
09:51:15.0229 4500	RFCOMM - ok
09:51:15.0260 4500	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:51:15.0260 4500	rspndr - ok
09:51:15.0307 4500	RTL8167         (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
09:51:15.0307 4500	RTL8167 - ok
09:51:15.0338 4500	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:51:15.0338 4500	sbp2port - ok
09:51:15.0385 4500	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:51:15.0385 4500	scfilter - ok
09:51:15.0416 4500	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:51:15.0416 4500	secdrv - ok
09:51:15.0447 4500	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:51:15.0447 4500	Serenum - ok
09:51:15.0463 4500	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:51:15.0463 4500	Serial - ok
09:51:15.0478 4500	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:51:15.0478 4500	sermouse - ok
09:51:15.0525 4500	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:51:15.0525 4500	sffdisk - ok
09:51:15.0541 4500	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:51:15.0541 4500	sffp_mmc - ok
09:51:15.0572 4500	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:51:15.0572 4500	sffp_sd - ok
09:51:15.0572 4500	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:51:15.0572 4500	sfloppy - ok
09:51:15.0603 4500	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:51:15.0603 4500	SiSRaid2 - ok
09:51:15.0619 4500	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:51:15.0619 4500	SiSRaid4 - ok
09:51:15.0634 4500	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:51:15.0634 4500	Smb - ok
09:51:15.0666 4500	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:51:15.0666 4500	spldr - ok
09:51:15.0712 4500	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:51:15.0728 4500	srv - ok
09:51:15.0744 4500	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:51:15.0759 4500	srv2 - ok
09:51:15.0775 4500	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:51:15.0775 4500	srvnet - ok
09:51:15.0806 4500	sscebus         (f74634f46692c8315e7f37f698af3225) C:\Windows\system32\DRIVERS\sscebus.sys
09:51:15.0822 4500	sscebus - ok
09:51:15.0868 4500	sscemdfl        (82732b391efd69b0548044be9cb37bfc) C:\Windows\system32\DRIVERS\sscemdfl.sys
09:51:15.0868 4500	sscemdfl - ok
09:51:15.0884 4500	sscemdm         (43d56ace4469d90f9790e8352d87d9b5) C:\Windows\system32\DRIVERS\sscemdm.sys
09:51:15.0884 4500	sscemdm - ok
09:51:15.0900 4500	ssceserd        (db504ef6d73f6b8ab5cf8a18560c4e2a) C:\Windows\system32\DRIVERS\ssceserd.sys
09:51:15.0915 4500	ssceserd - ok
09:51:15.0946 4500	ss_bbus         (ef806d212d34b0e173baeb3564d53e37) C:\Windows\system32\DRIVERS\ss_bbus.sys
09:51:15.0962 4500	ss_bbus - ok
09:51:15.0993 4500	ss_bmdfl        (08b1b34abebeb6ac2dea06900c56411e) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
09:51:15.0993 4500	ss_bmdfl - ok
09:51:16.0009 4500	ss_bmdm         (71a9da6beaa4cb54dfb827fb78600a5d) C:\Windows\system32\DRIVERS\ss_bmdm.sys
09:51:16.0009 4500	ss_bmdm - ok
09:51:16.0024 4500	ss_bserd        (677cdc98f8363accaae783fde1599c2a) C:\Windows\system32\DRIVERS\ss_bserd.sys
09:51:16.0024 4500	ss_bserd - ok
09:51:16.0056 4500	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:51:16.0056 4500	stexstor - ok
09:51:16.0102 4500	StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
09:51:16.0102 4500	StillCam - ok
09:51:16.0149 4500	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
09:51:16.0149 4500	swenum - ok
09:51:16.0243 4500	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
09:51:16.0274 4500	Tcpip - ok
09:51:16.0305 4500	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
09:51:16.0321 4500	TCPIP6 - ok
09:51:16.0352 4500	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:51:16.0352 4500	tcpipreg - ok
09:51:16.0383 4500	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:51:16.0383 4500	TDPIPE - ok
09:51:16.0399 4500	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
09:51:16.0399 4500	TDTCP - ok
09:51:16.0446 4500	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:51:16.0446 4500	tdx - ok
09:51:16.0477 4500	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
09:51:16.0477 4500	TermDD - ok
09:51:16.0524 4500	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:51:16.0524 4500	tssecsrv - ok
09:51:16.0602 4500	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:51:16.0602 4500	TsUsbFlt - ok
09:51:16.0648 4500	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:51:16.0648 4500	tunnel - ok
09:51:16.0680 4500	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:51:16.0680 4500	uagp35 - ok
09:51:16.0726 4500	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:51:16.0742 4500	udfs - ok
09:51:16.0789 4500	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:51:16.0789 4500	uliagpkx - ok
09:51:16.0804 4500	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
09:51:16.0820 4500	umbus - ok
09:51:16.0836 4500	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:51:16.0836 4500	UmPass - ok
09:51:16.0882 4500	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
09:51:16.0882 4500	usbccgp - ok
09:51:16.0914 4500	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:51:16.0914 4500	usbcir - ok
09:51:16.0929 4500	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
09:51:16.0945 4500	usbehci - ok
09:51:16.0960 4500	usbfilter       (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
09:51:16.0960 4500	usbfilter - ok
09:51:16.0976 4500	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
09:51:16.0992 4500	usbhub - ok
09:51:17.0007 4500	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
09:51:17.0007 4500	usbohci - ok
09:51:17.0023 4500	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:51:17.0023 4500	usbprint - ok
09:51:17.0070 4500	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
09:51:17.0070 4500	usbscan - ok
09:51:17.0101 4500	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:51:17.0101 4500	USBSTOR - ok
09:51:17.0132 4500	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
09:51:17.0132 4500	usbuhci - ok
09:51:17.0163 4500	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:51:17.0163 4500	vdrvroot - ok
09:51:17.0179 4500	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:51:17.0179 4500	vga - ok
09:51:17.0194 4500	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:51:17.0194 4500	VgaSave - ok
09:51:17.0226 4500	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:51:17.0226 4500	vhdmp - ok
09:51:17.0272 4500	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:51:17.0272 4500	viaide - ok
09:51:17.0288 4500	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:51:17.0288 4500	volmgr - ok
09:51:17.0335 4500	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:51:17.0350 4500	volmgrx - ok
09:51:17.0366 4500	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:51:17.0382 4500	volsnap - ok
09:51:17.0397 4500	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:51:17.0413 4500	vsmraid - ok
09:51:17.0444 4500	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:51:17.0444 4500	vwifibus - ok
09:51:17.0475 4500	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:51:17.0475 4500	vwififlt - ok
09:51:17.0506 4500	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
09:51:17.0506 4500	vwifimp - ok
09:51:17.0538 4500	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:51:17.0538 4500	WacomPen - ok
09:51:17.0569 4500	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:51:17.0569 4500	WANARP - ok
09:51:17.0569 4500	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:51:17.0569 4500	Wanarpv6 - ok
09:51:17.0600 4500	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:51:17.0600 4500	Wd - ok
09:51:17.0616 4500	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:51:17.0631 4500	Wdf01000 - ok
09:51:17.0678 4500	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:51:17.0678 4500	WfpLwf - ok
09:51:17.0694 4500	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:51:17.0694 4500	WIMMount - ok
09:51:17.0756 4500	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
09:51:17.0756 4500	WinUsb - ok
09:51:17.0818 4500	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
09:51:17.0818 4500	WmiAcpi - ok
09:51:17.0865 4500	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:51:17.0865 4500	ws2ifsl - ok
09:51:17.0896 4500	WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
09:51:17.0896 4500	WSDPrintDevice - ok
09:51:17.0943 4500	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:51:17.0943 4500	WudfPf - ok
09:51:17.0974 4500	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:51:17.0974 4500	WUDFRd - ok
09:51:18.0021 4500	xusb21          (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
09:51:18.0037 4500	xusb21 - ok
09:51:18.0084 4500	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:51:18.0130 4500	\Device\Harddisk0\DR0 - ok
09:51:18.0130 4500	Boot (0x1200)   (11965ca34b912550c4758c39e92d6752) \Device\Harddisk0\DR0\Partition0
09:51:18.0130 4500	\Device\Harddisk0\DR0\Partition0 - ok
09:51:18.0146 4500	Boot (0x1200)   (88bf45dc91eeb7cc1d8580a737f7fca7) \Device\Harddisk0\DR0\Partition1
09:51:18.0146 4500	\Device\Harddisk0\DR0\Partition1 - ok
09:51:18.0177 4500	Boot (0x1200)   (794f4511f0b1dd54e2326d0d7f5ba244) \Device\Harddisk0\DR0\Partition2
09:51:18.0177 4500	\Device\Harddisk0\DR0\Partition2 - ok
09:51:18.0177 4500	============================================================
09:51:18.0177 4500	Scan finished
09:51:18.0177 4500	============================================================
09:51:18.0193 1436	Detected object count: 0
09:51:18.0193 1436	Actual detected object count: 0
         
Hat zumindest schon mal nichts gefunden.

Letzter Punkt folgt. ...hat auch nur schlappe 2 Stunden gedauert.


Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/29/2011 at 11:45 AM

Application Version : 5.0.1142

Core Rules Database Version : 8089
Trace Rules Database Version: 5901

Scan type       : Complete Scan
Total Scan Time : 01:45:52

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 598
Memory threats detected   : 0
Registry items scanned    : 71568
Registry threats detected : 0
File items scanned        : 240599
File threats detected     : 17

Adware.Tracking Cookie
	C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Cookies\PY0B03YG.txt [ /adform.net ]
	C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Cookies\1FU88O4L.txt [ /ad4.adfarm1.adition.com ]
	C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Cookies\N5GHHQWE.txt [ /track.adform.net ]
	C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Cookies\VR8X7AE9.txt [ /doubleclick.net ]
	C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Cookies\FSRXRTWN.txt [ /ad2.adfarm1.adition.com ]
	C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Cookies\RMULBB68.txt [ /ad.yieldmanager.com ]
	C:\Users\Bianco\AppData\Roaming\Microsoft\Windows\Cookies\GHW0ZUFW.txt [ /adfarm1.adition.com ]
	C:\USERS\BIANCO\AppData\Roaming\Microsoft\Windows\Cookies\7R4J6YVT.txt [ Cookie:bianco@google.com/accounts/ ]
	C:\USERS\BIANCO\AppData\Roaming\Microsoft\Windows\Cookies\Low\8V716J61.txt [ Cookie:bianco@google.com/accounts/ ]
	C:\USERS\BIANCO\AppData\Roaming\Microsoft\Windows\Cookies\Low\OVH30P1Z.txt [ Cookie:bianco@www.google.com/accounts ]
	C:\USERS\BIANCO\Cookies\7R4J6YVT.txt [ Cookie:bianco@google.com/accounts/ ]
	C:\USERS\BIANCO\Cookies\PY0B03YG.txt [ Cookie:bianco@adform.net/ ]
	C:\USERS\BIANCO\Cookies\N5GHHQWE.txt [ Cookie:bianco@track.adform.net/ ]
	C:\USERS\BIANCO\Cookies\VR8X7AE9.txt [ Cookie:bianco@doubleclick.net/ ]
	C:\USERS\BIANCO\Cookies\RMULBB68.txt [ Cookie:bianco@ad.yieldmanager.com/ ]
	C:\USERS\BIANCO\Cookies\GHW0ZUFW.txt [ Cookie:bianco@adfarm1.adition.com/ ]

Heuristic.Agent/Gen-Dropper
	C:\PROGRAM FILES (X86)\NEED FOR SPEED - MOST WANTED\CRACK\SD4HIDE\SD4HIDE.EXE
         
Ich weiß, gecrackte Software ist nicht erlaubt. Das NfS ist aber auch das Einzige was ein Kumpel vor Jahren mal drauf gemacht hat.
Mir war nicht klar, dass ich das noch hier habe. Denke aber auch nicht, dass das der Urheber sämtlicher Quellen ist, weil es schon seit fast 6 Jahren da ist. Und außerdem hab ich es meines Wissens seit 1-2 Jahren nicht mehr ausgeführt.
(Da ich es sowieso nicht nutze und ja sowieso illegal ist, würde ich es löschen. Geht das gefahrlos? Ich nehme mal an, ja?)

Vielen Dank schon und nochmals für die Hilfe,

mit freundlichem Gruß


//Edit#1: Kann ich SUPERAntiSpyware auflassen und nachher wenn die "Freigabe" kommt die Gefahren einfach beseitigen lassen?
//Edit#2: Ich habe übrigens die OTL auf den Desktop verschoben, das hatte ich beim ersten Scan vergessen. Ich weiß nicht, inwiefern das bei eventuell weiteren Fixes relevant ist.
__________________

Geändert von Bexod (29.12.2011 um 12:06 Uhr) Grund: Nachtrag

Alt 29.12.2011, 13:18   #4
Chris4You
 
Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM) - Standard

Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM)



Hi,

SASW alles löschen lassen, MAM updaten und nochmal Fullscan...

Wegen dem Crack ist das mein letztes posting...

chris&out
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 29.12.2011, 19:56   #5
Bexod
 
Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM) - Standard

Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM)



Guten Abend,

leider fürchte ich, dass Chris dies nicht mehr liest. Nichtsdestotrotz möchte ich mich für die (scheinbar) erfolgreiche Hilfe bedanken. Und um Entschuldigung bitten, falls du dich jetzt ärgerst, mir geholfen zu haben.
Es mag zwar keine Rolle mehr spielen und ihr könnt mir das nun auch glauben oder nicht, aber dieser Bezug oben war die einzig illegale Software, die meines Wissens jemals auf einem meiner Systeme gelandet war. Und ich hätte sie ganz sicher gelöscht, wenn ich gewusst hätte, dass sie noch da ist.
Nachdem ich sie dann beim Scan entdeckt habe, hatte ich überlegt das Log entsprechend abzuändern, wollte aber getreu dem Motto „Ehrlich währt am Längsten“, diesen Fehler eingestehen und hatte gehofft mit offenkundiger Reue und Versuch der Korrektur zur milde gestimmt zu haben. Dass dies nicht der Fall ist, kann ich allerdings auch nachvollziehen und es tut mir Leid, falls damit mehr als Unannehmlichkeiten entstanden sein sollten.


Da ich sehr zufrieden mit der kompetenten Hilfe war und auch in Zukunft auf die Unterstützung des Trojaner-Boards gehofft hatte, würde mich noch interessieren, ob ich hiermit unwiderruflich mein Privileg auf Hilfe verwirkt habe, trotz in Zukunft legal gehaltenem Systems?

Um noch zum zwangsweisen Abschluss der Sache zu kommen:
SASW hat noch mal ein paar TrackingCookies gefunden, allerdings nichts Gravierenderes (so scheint es). MBAM hat wie schon heute Morgen überhaupt nicht mehr angeschlagen. Lediglich der ESET Online Scanner hat die von OTL gefixten Schädlinge im Ordner _OTL gefunden. Falls sich noch jemand erbarmen lässt, hätte ich dazu die Frage, ob ich den Ordner nun gefahrlos löschen kann oder die da halt drin bleiben.

Ansonsten nochmals vielen Dank und sorry.
Einen angenehmen Abend noch & einen guten Rutsch ins neue Jahr,

mit freundlichen Grüßen
Bexod


Antwort

Themen zu Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM)
64-bit, 7-zip, acroiehelpe, adobe, autorun, backdoor.agent, bereit, bho, black, browser, c:\windows\system32\rundll32.exe, dateisystem, entfernen, error, erste mal, fehler, firefox, flash player, google earth, helper, heuristiks/extra, heuristiks/shuriken, hijack, home, install.exe, kein log, langs, logfile, microsoft office word, microsoft security, microsoft security essentials, office 2007, officejet, plug-in, programm, realtek, registry, required, rundll, scan, security, security update, senden, server, software, trj/ci.a, trojan.passwords, trojaner, usb, usb 3.0, webcheck



Ähnliche Themen: Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM)


  1. Windows Vista - MS Essentials - Bumat!rts, Bafi.A, Bafi.D, Brantall.C - acro*.dll
    Log-Analyse und Auswertung - 04.06.2014 (11)
  2. Dualboot XP/Vista; MBAM-Fund, Dateien verschwinden & tauchen wieder auf, 1 MBAM-log weg
    Log-Analyse und Auswertung - 24.10.2013 (9)
  3. TR/Spy.Banker.Gen' in 'C:\Users\***\AppData\Roaming\01040\components\AcroFF.dll
    Plagegeister aller Art und deren Bekämpfung - 12.03.2013 (6)
  4. C:\Users\*\AppData\Roaming\14001.019\components->AcroFF seit längerem auf den Pc ?
    Plagegeister aller Art und deren Bekämpfung - 05.09.2012 (7)
  5. Polizei Trojaner Österreich (Bafi.G & Banker.AGE)
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (10)
  6. Bafi.H / acroFF.dll - trotz Löschens immer wieder neuer Befall
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (1)
  7. Wind/32 bafi.F
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (3)
  8. Virus in acroff.dll
    Log-Analyse und Auswertung - 13.06.2012 (7)
  9. Trojaner - Onlinebanking gesperrt TR/bafi.A.X
    Plagegeister aller Art und deren Bekämpfung - 12.01.2012 (9)
  10. Trojaner "TR/bafi.A.2 Im Windows System32 Ordner
    Plagegeister aller Art und deren Bekämpfung - 30.12.2011 (1)
  11. AcroFF.dll von Avira gefunden, wie entfernen?
    Log-Analyse und Auswertung - 12.12.2011 (21)
  12. Malwarebytes Fehlerberichtauslese. acroff.dll, Spy_banker, Trojaner,...
    Log-Analyse und Auswertung - 09.12.2011 (9)
  13. sehr häufige spyware-meldungen in AcroFF.dll
    Plagegeister aller Art und deren Bekämpfung - 02.12.2011 (1)
  14. acroff.dl im appdata/roaming verzeichnis
    Log-Analyse und Auswertung - 01.12.2011 (3)
  15. Trojan.Generic in Dateien acroFF.dll
    Plagegeister aller Art und deren Bekämpfung - 29.11.2011 (52)
  16. Malware gefunden, acroFF.dll
    Log-Analyse und Auswertung - 28.11.2011 (27)
  17. Datei acroff.dll nach Update erhalten
    Plagegeister aller Art und deren Bekämpfung - 23.10.2011 (5)

Zum Thema Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM) - Hallo und guten Abend, man versucht's zwar immer wieder alleine zu lösen und landet dann doch wieder hier. Der Titel des Themas ist gerade nicht so aussagekräftig. Ich habe dabei - Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM)...
Archiv
Du betrachtest: Trojaner in AcroFF*.dll / Bafi.A (MSE) / CI.A (MBAM) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.