Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 17.01.2012, 20:36   #1
SokraX
 
Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden - Standard

Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden



Hallo,

Avira hat mir gestern Abend die Meldung gegeben dass es den HTML/Infected.WebPage.Gen2 gefunden hat beim anschließenden Scan hat es dann mehrere versteckte Dateien gefunden und folgende Mitteilung ausgegeben:

Es wurden ein oder mehrere versteckte Objekte gefunden, die auf eine versteckten Virus oder unerwünschtes Programm hindeuten.

Zur genauen Identifikation und Reparatur ist eine Überprüfung Ihres Computers mit der Avira Rescue-CD erforderlich.

Wollen Sie hierzu den Suchlauf abbrechen?

Daraufhin habe ich mit der AviraRescue Disk gebootet und ein Scan durchgeführt diese fand allerdings nichts bis auf 2 Images von der Ultimate BootCD und ein Progie das seit mehreren Jahren ungenutz auf der Platte liegt.

Nach dem Neustart und erneuten Scan mit Avira unter Windows kommt lllerdings immer noch die Warnung mit den versteckten Objekten.

Daher hoffe ich sehr auf Hilfe kann mir nähmlich keinen Reim darauf machen die Logfiles befinden sich im Anhang.

Mein System ist ein Windows 7 64 Bit System mit Avira Antivir Free.

Schon mal danke im vorraus.

Alt 18.01.2012, 20:49   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden - Standard

Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 19.01.2012, 09:10   #3
SokraX
 
Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden - Standard

Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden



Hi hab zwischenzeitlich auch nicht still gesessen. Hab nochmal mit der Kaspersky Notfall CD gecheckt diese hat auch nichts gefunden. Des weiteren habe ich den MBR mit MBRCheck geprüft auch hier ist alles in Ordnung.

So hier die Logs:

MalwareBytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.18.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Windows User :: WINDOWSUSER-PC [Administrator]

19.01.2012 02:54:06
mbam-log-2012-01-19 (02-54-06).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 518543
Laufzeit: 1 Stunde(n), 27 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
D:\My Documents\Downloads\Auto_Xbins_2008_by_Ground_Zero\Auto Xbins 2008 by Ground Zero.exe (HackTool.IRCBrute) -> Keine Aktion durchgeführt.
D:\My Documents\Downloads\bw4setup.exe (PUP.SpyBoss) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Eset Log:

Code:
ATTFilter
 ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3f5adaf6adb975458371f82b7fc68d71
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-19 07:55:53
# local_time=2012-01-19 08:55:53 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 8210429 8210429 0 0
# compatibility_mode=5893 16776574 100 94 20692092 78576996 0 0
# compatibility_mode=8192 67108863 100 0 3927 3927 0 0
# scanned=337803
# found=2
# cleaned=0
# scan_time=12649
D:\My Documents\Downloads\SoftonicDownloader60361.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
D:\My Documents\Downloads\Diverses\-== SORT ==-\Performance\Tweak-XP.Pro.v4.0.6.rar	multiple threats (unable to clean)	00000000000000000000000000000000	I
         
Hoffe das hilft weiter
__________________

Alt 19.01.2012, 10:50   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden - Standard

Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden



Zitat:
Auto_Xbins_2008_by_Ground_Zero\Auto Xbins 2008 by Ground Zero.exe
Was machst du denn damit?

Zitat:
Downloads\Diverses\-== SORT ==-\Performance\Tweak-XP.Pro.v4.0.6.rar
Hm und was ist das und aus welcher Quelle?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.01.2012, 11:51   #5
SokraX
 
Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden - Standard

Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden



Das sind beides Datein die schon seit Windows XP ungenutzt auf dem Rechner liegen. Ich habe einfach immer die eigenen Dateien von einem System zum nächsten kopiert bzw die entsprechende Datenpartiton geklont. Beide Datein sind schon seit Jahren nicht mehr geöffnet/ausgeführt worden also selbst wenn da was drinne wäre hätte das höchstwahrscheinlich nichts mit meinem aktuellen Problem zu tun. Aber um auf deine Frage zurückzukommen Autoxbins hab ich dazu genutzt mir immer das neueste XBMC (Xbox Mediacenter) runterzuladen das war zu XBOX (1) zeiten und woher das Tweak XP Pro stammt weiß ich leider nicht mehr das ist wahrscheinlich nur mal zum Testen vor Jahren installiert worden und dann hab ich es wohl vergessen zu löschen (wie vieles andere auch) und ausführen zum Nachschauen will ich es jetzt eigentlich auch nicht falls wirklich was drin sein sollte liegt vermutlich schon seit 2005 auf der Platte damals kam das Prog raus. Soll ich es einfach löschen ?

Gruß
SokraX


Alt 19.01.2012, 12:07   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden - Standard

Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden

Alt 19.01.2012, 12:34   #7
SokraX
 
Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden - Standard

Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden



Hi,

hab vorhin aus neugierde Avira laufen lassen es scheint so seit Defrogger die Virtuellen-Laufwerke deaktiviert läuft Antivir normal durch. Kann diese Warnung an den Daemon Tools gelegen habe kann mich dunkel erinner in diesem zusammenhang schonmal was gelesen zu haben? So muss jetzt zur Arbeit und bin mal für ein paar Stunden weg also nicht wundern wenn ich nicht gleich zurückschreibe.

So hier das OTL Log:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.01.2012 12:11:32 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Windows User\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 58,53% Memory free
8,00 Gb Paging File | 6,56 Gb Available in Paging File | 82,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 102,61 Gb Total Space | 29,00 Gb Free Space | 28,27% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 21,75 Gb Free Space | 21,75% Space Free | Partition Type: NTFS
Drive E: | 263,05 Gb Total Space | 29,28 Gb Free Space | 11,13% Space Free | Partition Type: NTFS
 
Computer Name: WINDOWSUSER-PC | User Name: Windows User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.17 19:44:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Windows User\Desktop\OTL.exe
PRC - [2011.12.12 23:20:56 | 003,305,760 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Windows User\AppData\Local\Akamai\netsession_win.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:39 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.08 05:37:11 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.06.25 11:30:46 | 000,884,696 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010.02.08 15:04:00 | 000,143,360 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\fjscan32\SOP\FtLnSOP.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.03.24 12:24:58 | 000,095,976 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.01.06 10:29:42 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.12.14 22:22:01 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:39 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.08 05:37:11 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.04.24 21:55:00 | 004,066,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.08 17:03:58 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.11.04 12:37:00 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.16 21:35:22 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.04.24 23:14:22 | 000,273,088 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.10.13 01:15:52 | 000,061,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\l160x64.sys -- (AtcL001)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006.12.12 02:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)
DRV:64bit: - [2005.03.29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011.03.24 12:24:54 | 000,148,072 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.01 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 45 7A 45 84 12 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: counterpixel@jabubo.de:1.15
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.7
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.2.7rc1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704
FF - prefs.js..extensions.enabledItems: externalip@erik.morlin:0.9.9.6
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.66
FF - prefs.js..extensions.enabledItems: {f36c6cd1-da73-491d-b290-8fc9115bfa55}:2.2.0
FF - prefs.js..extensions.enabledItems: vtzilla@virustotal.com:1.1
FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.8.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8118
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.08 13:14:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.18 04:09:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.17 15:33:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.09.05 22:15:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows User\AppData\Roaming\mozilla\Extensions
[2011.05.18 08:07:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows User\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.09.05 22:15:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows User\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.05.18 07:57:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows User\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable
[2011.05.18 08:07:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows User\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012.01.15 15:14:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows User\AppData\Roaming\mozilla\Firefox\Profiles\f0j4dsun.default\extensions
[2011.11.18 16:21:43 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Windows User\AppData\Roaming\mozilla\Firefox\Profiles\f0j4dsun.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.11.20 02:42:56 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Windows User\AppData\Roaming\mozilla\Firefox\Profiles\f0j4dsun.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.24 14:39:49 | 000,000,000 | ---D | M] (WorldIP) -- C:\Users\Windows User\AppData\Roaming\mozilla\Firefox\Profiles\f0j4dsun.default\extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}
[2011.05.18 07:57:20 | 000,000,000 | ---D | M] ("Counterpixel") -- C:\Users\Windows User\AppData\Roaming\mozilla\Firefox\Profiles\f0j4dsun.default\extensions\counterpixel@jabubo.de
[2011.05.18 07:57:20 | 000,000,000 | ---D | M] (external IP) -- C:\Users\Windows User\AppData\Roaming\mozilla\Firefox\Profiles\f0j4dsun.default\extensions\externalip@erik.morlin
[2011.07.13 06:35:20 | 000,000,000 | ---D | M] (VTzilla) -- C:\Users\Windows User\AppData\Roaming\mozilla\Firefox\Profiles\f0j4dsun.default\extensions\vtzilla@virustotal.com
[2012.01.08 13:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\WINDOWS USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F0J4DSUN.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\WINDOWS USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F0J4DSUN.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\WINDOWS USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F0J4DSUN.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\USERS\WINDOWS USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F0J4DSUN.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\WINDOWS USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F0J4DSUN.DEFAULT\EXTENSIONS\{EDA7B1D7-F793-4E03-B074-E6F303317FB0}.XPI
[2012.01.08 13:14:05 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.04.12 08:55:08 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011.10.01 20:43:06 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.01 20:43:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.01 20:43:06 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.01 20:43:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.01 20:43:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.01 20:43:06 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.10.19 20:14:05 | 000,438,080 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 15065 more lines...
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [FtLnSOP_setup] C:\Windows\twain_32\fjscan32\SOP\FtLnSOP.exe (PFU LIMITED)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Windows User\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"  /MINIMIZED File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Windows User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Windows User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E06576D6-A338-4B4A-A0A8-913DA3394EB8}: NameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Biet-O-Matic.lnk - C:\PROGRA~2\BIET-O~1\BIET-O~1.EXE - (www.bid-o-matic.org)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: Eraser - hkey= - key= - C:\Programme\Eraser\Eraser.exe (The Eraser Project)
MsConfig:64bit - StartUpReg: RGSC - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SandboxieControl - hkey= - key= - C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - E:\Games\Steam\steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\SysWow64\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.19 05:20:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.01.18 22:20:42 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.01.18 20:35:17 | 000,000,000 | ---D | C] -- C:\Users\Windows User\AppData\Roaming\Malwarebytes
[2012.01.18 20:35:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.18 20:35:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.18 20:35:09 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.01.18 20:35:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.01.17 19:44:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Windows User\Desktop\OTL.exe
[2012.01.14 12:44:43 | 000,000,000 | R--D | C] -- C:\Users\Windows User\AppData\Roaming\Brother
[2012.01.14 00:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.01.14 00:28:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012.01.14 00:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.01.14 00:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.01.13 23:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2012.01.13 23:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2012.01.13 23:40:16 | 000,000,000 | ---D | C] -- C:\Users\Windows User\Documents\gegl-0.0
[2012.01.13 23:40:16 | 000,000,000 | ---D | C] -- C:\Users\Windows User\.gimp-2.6
[2012.01.13 23:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2012.01.13 23:07:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BrFaxRx
[2012.01.13 23:06:53 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\Windows\SysWow64\BRCrypt.dll
[2012.01.13 23:06:42 | 000,179,712 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrfxDA5b.dll
[2012.01.13 23:06:42 | 000,118,784 | ---- | C] (Brother Industries,LTD.) -- C:\Windows\SysWow64\BrMfNt.dll
[2012.01.13 23:06:41 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BroSNMP.dll
[2012.01.13 23:06:41 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll
[2012.01.13 23:06:41 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll
[2012.01.13 23:06:41 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll
[2012.01.13 23:06:40 | 001,560,064 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWia09b.dll
[2012.01.13 23:06:40 | 000,050,176 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrUsi09a.dll
[2012.01.13 23:06:38 | 000,167,936 | ---- | C] (brother) -- C:\Windows\SysWow64\NSSearch.dll
[2012.01.13 23:06:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2012.01.13 23:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2012.01.13 23:05:58 | 000,000,000 | ---D | C] -- C:\Users\Windows User\AppData\Roaming\InstallShield
[2012.01.09 17:45:19 | 000,000,000 | ---D | C] -- C:\Users\Windows User\Documents\Vuze Downloads
[2012.01.09 17:41:24 | 000,000,000 | ---D | C] -- C:\Users\Windows User\.swt
[2012.01.09 17:41:17 | 000,000,000 | ---D | C] -- C:\Users\Windows User\AppData\Roaming\Azureus
[2012.01.09 17:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2011.12.31 11:01:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2011.12.31 08:41:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.12.31 08:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.12.30 07:14:25 | 000,000,000 | ---D | C] -- C:\Users\Windows User\AppData\Roaming\Auslogics
[2011.12.30 07:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2011.12.30 07:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2011.12.25 22:32:59 | 000,000,000 | ---D | C] -- C:\Users\Windows User\Documents\Hard Reset
[2011.12.24 07:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011.12.24 07:43:20 | 000,530,488 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2011.12.24 07:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011.12.21 05:06:18 | 000,000,000 | ---D | C] -- C:\Users\Windows User\AppData\Roaming\dvdcss
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.19 05:20:11 | 000,015,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.19 05:20:11 | 000,015,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.19 05:17:17 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.19 05:17:17 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.19 05:17:17 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.19 05:17:17 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.19 05:17:17 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.19 05:12:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.19 05:12:43 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.18 20:54:50 | 000,000,188 | ---- | M] () -- C:\Users\Windows User\defogger_reenable
[2012.01.18 20:35:10 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.17 20:33:32 | 000,031,389 | ---- | M] () -- C:\Users\Windows User\Desktop\Logfiles.zip
[2012.01.17 19:44:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Windows User\Desktop\OTL.exe
[2012.01.17 19:38:39 | 000,050,477 | ---- | M] () -- C:\Users\Windows User\Desktop\Defogger.exe
[2012.01.14 13:19:43 | 004,857,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.01.13 23:48:00 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2012.01.13 23:08:58 | 000,002,157 | ---- | M] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2012.01.13 23:08:38 | 000,000,256 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2012.01.13 23:08:38 | 000,000,093 | ---- | M] () -- C:\Windows\brpcfx.ini
[2012.01.13 23:08:05 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012.01.13 23:08:05 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2012.01.13 23:07:01 | 000,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini
[2012.01.13 23:07:01 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bridf08a.dat
[2012.01.09 17:40:40 | 000,259,652 | ---- | M] () -- C:\Users\Windows User\Desktop\How to Crack a Wi-Fi Network's WPA Password with Reaver.pdf
[2012.01.09 17:40:09 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011.12.31 11:01:39 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2011.12.31 08:41:27 | 000,000,835 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.30 07:14:23 | 000,001,263 | ---- | M] () -- C:\Users\Windows User\Desktop\Auslogics Disk Defrag.lnk
[2011.12.30 06:37:59 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.24 07:43:43 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011.12.24 07:43:20 | 000,530,488 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2011.12.23 03:36:54 | 001,214,812 | ---- | M] () -- C:\Users\Windows User\Desktop\Arcaze - The Arcade Retro Game Station - Komplettsystem _ eBay1.pdf
[2011.12.23 03:36:01 | 000,567,898 | ---- | M] () -- C:\Users\Windows User\Desktop\Arcaze - The Arcade Retro Game Station - Komplettsystem _ eBay.pdf
[2011.12.21 23:55:04 | 001,709,550 | ---- | M] () -- C:\Users\Windows User\Desktop\Neoxity_ Tips and tricks on repairing LCD monitors.pdf
[2011.12.21 09:50:18 | 000,046,472 | ---- | M] () -- C:\Users\Windows User\Desktop\Plakat-Infoveranstaltung-2012-01-10.pdf
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.18 20:54:49 | 000,000,188 | ---- | C] () -- C:\Users\Windows User\defogger_reenable
[2012.01.18 20:35:10 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.17 20:33:32 | 000,031,389 | ---- | C] () -- C:\Users\Windows User\Desktop\Logfiles.zip
[2012.01.17 19:38:37 | 000,050,477 | ---- | C] () -- C:\Users\Windows User\Desktop\Defogger.exe
[2012.01.14 00:28:27 | 000,001,010 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.01.13 23:48:00 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2012.01.13 23:08:58 | 000,002,157 | ---- | C] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2012.01.13 23:08:38 | 000,000,256 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.01.13 23:08:38 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.01.13 23:08:05 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.01.13 23:08:05 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.01.13 23:07:01 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\bridf08a.dat
[2012.01.13 23:06:42 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012.01.13 23:06:42 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.01.13 23:06:42 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.01.09 17:40:40 | 000,259,652 | ---- | C] () -- C:\Users\Windows User\Desktop\How to Crack a Wi-Fi Network's WPA Password with Reaver.pdf
[2012.01.09 17:40:09 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2012.01.09 17:40:09 | 000,001,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2011.12.31 11:01:39 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2011.12.31 11:01:39 | 000,001,916 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2011.12.31 08:41:27 | 000,000,835 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.30 07:14:23 | 000,001,263 | ---- | C] () -- C:\Users\Windows User\Desktop\Auslogics Disk Defrag.lnk
[2011.12.24 07:43:43 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011.12.23 03:36:55 | 001,214,812 | ---- | C] () -- C:\Users\Windows User\Desktop\Arcaze - The Arcade Retro Game Station - Komplettsystem _ eBay1.pdf
[2011.12.23 03:36:01 | 000,567,898 | ---- | C] () -- C:\Users\Windows User\Desktop\Arcaze - The Arcade Retro Game Station - Komplettsystem _ eBay.pdf
[2011.12.21 23:55:04 | 001,709,550 | ---- | C] () -- C:\Users\Windows User\Desktop\Neoxity_ Tips and tricks on repairing LCD monitors.pdf
[2011.11.14 04:52:45 | 000,000,600 | ---- | C] () -- C:\Users\Windows User\AppData\Local\PUTTY.RND
[2011.09.16 11:51:43 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.18 14:56:00 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2011.08.08 05:37:18 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.08.08 05:37:11 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.06.27 21:36:43 | 000,000,613 | ---- | C] () -- C:\Windows\eReg.dat
[2011.05.23 00:07:31 | 000,001,716 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011.05.15 23:14:00 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.05.15 23:14:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.05.15 23:13:58 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.05.15 23:13:58 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.05.15 23:13:58 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.12.30 07:14:25 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Auslogics
[2012.01.09 18:36:21 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Azureus
[2012.01.16 11:49:49 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\BOM
[2011.12.18 21:05:58 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\calibre
[2011.05.17 19:33:56 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Canneverbe Limited
[2011.07.19 22:58:47 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\CDisplayEx
[2011.11.14 04:52:39 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Cyberduck
[2011.12.31 08:43:08 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\DAEMON Tools Lite
[2011.11.20 02:43:11 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\DVDVideoSoft
[2011.07.16 16:32:09 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.23 01:07:28 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\EAC
[2011.11.15 01:03:59 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\FileZilla
[2012.01.16 14:14:23 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\foobar2000
[2011.11.03 00:50:15 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Fujitsu
[2011.09.16 12:22:06 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Kalypso Media
[2011.05.18 18:17:10 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\LibreOffice
[2011.06.19 15:42:45 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\mkvtoolnix
[2011.12.28 21:46:27 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Mp3tag
[2011.06.23 13:07:56 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Notepad++
[2011.08.17 08:25:22 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\PDF Writer
[2011.05.18 08:03:50 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\QFX Software
[2011.06.23 13:28:03 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\SupRip
[2011.05.30 03:19:55 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\The Creative Assembly
[2011.10.25 01:56:01 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Thinstall
[2011.05.18 08:07:43 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Thunderbird
[2011.09.05 22:15:45 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\TomTom
[2011.06.20 23:09:05 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Tropico 3
[2011.09.16 21:38:36 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\TrueCrypt
[2011.11.14 03:58:06 | 000,000,000 | -HSD | M] -- C:\Users\Windows User\AppData\Roaming\wyUpdate AU
[2011.12.15 01:03:22 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.07.22 11:34:21 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\AccurateRip
[2012.01.14 00:40:59 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Adobe
[2011.12.30 07:14:25 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Auslogics
[2011.10.16 04:51:30 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Avira
[2012.01.09 18:36:21 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Azureus
[2012.01.16 11:49:49 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\BOM
[2012.01.14 12:44:43 | 000,000,000 | R--D | M] -- C:\Users\Windows User\AppData\Roaming\Brother
[2011.12.18 21:05:58 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\calibre
[2011.05.17 19:33:56 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Canneverbe Limited
[2011.07.19 22:58:47 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\CDisplayEx
[2011.11.14 04:52:39 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Cyberduck
[2011.12.31 08:43:08 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\DAEMON Tools Lite
[2011.09.16 23:00:09 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Download Manager
[2012.01.09 15:49:40 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\dvdcss
[2011.11.20 02:43:11 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\DVDVideoSoft
[2011.07.16 16:32:09 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.23 01:07:28 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\EAC
[2011.11.15 01:03:59 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\FileZilla
[2012.01.16 14:14:23 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\foobar2000
[2011.11.03 00:50:15 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Fujitsu
[2011.06.23 23:46:27 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\HP
[2011.05.14 23:05:40 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Identities
[2012.01.13 23:05:58 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\InstallShield
[2011.09.16 12:22:06 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Kalypso Media
[2011.05.18 18:17:10 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\LibreOffice
[2011.05.14 23:50:30 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Macromedia
[2012.01.18 20:35:17 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Media Center Programs
[2011.12.31 23:40:15 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Media Player Classic
[2011.12.11 11:19:24 | 000,000,000 | --SD | M] -- C:\Users\Windows User\AppData\Roaming\Microsoft
[2011.06.19 15:42:45 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\mkvtoolnix
[2011.05.18 07:57:24 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Mozilla
[2011.12.28 21:46:27 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Mp3tag
[2011.06.23 13:07:56 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Notepad++
[2011.11.12 21:16:14 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\NVIDIA
[2011.08.17 08:25:22 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\PDF Writer
[2011.05.18 08:03:50 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\QFX Software
[2011.05.29 00:59:59 | 000,000,000 | RH-D | M] -- C:\Users\Windows User\AppData\Roaming\SecuROM
[2011.06.23 13:28:03 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\SupRip
[2011.05.30 03:19:55 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\The Creative Assembly
[2011.10.25 01:56:01 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Thinstall
[2011.05.18 08:07:43 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Thunderbird
[2011.09.05 22:15:45 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\TomTom
[2011.06.20 23:09:05 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\Tropico 3
[2011.09.16 21:38:36 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\TrueCrypt
[2011.08.28 21:01:14 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\vlc
[2011.08.20 22:35:23 | 000,000,000 | ---D | M] -- C:\Users\Windows User\AppData\Roaming\WinRAR
[2011.11.14 03:58:06 | 000,000,000 | -HSD | M] -- C:\Users\Windows User\AppData\Roaming\wyUpdate AU
 
< %APPDATA%\*.exe /s >
[2012.01.09 17:41:44 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Windows User\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2011.05.23 14:46:34 | 000,029,184 | R--- | M] () -- C:\Users\Windows User\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
[2011.11.04 17:24:25 | 000,003,638 | R--- | M] () -- C:\Users\Windows User\AppData\Roaming\Microsoft\Installer\{77D29CEF-5994-4927-9A28-25EF08F23921}\_6FEFF9B68218417F98F549.exe
[2011.11.04 17:24:25 | 000,003,638 | R--- | M] () -- C:\Users\Windows User\AppData\Roaming\Microsoft\Installer\{77D29CEF-5994-4927-9A28-25EF08F23921}\_C9D006B7D6AEAC620DF6CB.exe
[2011.10.25 01:56:23 | 000,075,264 | ---- | M] () -- C:\Users\Windows User\AppData\Roaming\Thinstall\Adobe InDesign CS3\400000b1b00002i\Bridge.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<           >

< End of report >
         
--- --- ---

Alt 19.01.2012, 16:25   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden - Standard

Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
PRC - [2011.06.25 11:30:46 | 000,884,696 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8118
O2 - BHO: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
:Files
C:\Program Files (x86)\Ask.com
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.01.2012, 17:43   #9
SokraX
 
Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden - Standard

Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden



So hab ich gemacht musste zwei mal neustarten da nach dem ersten mal die Maus nicht mehr ging. Wäre es vermessen dich zu fragen was da jetzt gerade passiert ist?

Code:
ATTFilter
 All processes killed
========== OTL ==========
No active process named Updater.exe was found!
Prefs.js: "localhost" removed from network.proxy.http
Prefs.js: 8118 removed from network.proxy.http_port
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
========== FILES ==========
C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
C:\Program Files (x86)\Ask.com\assets folder moved successfully.
C:\Program Files (x86)\Ask.com folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Windows User
->Temp folder emptied: 2327171740 bytes
->Temporary Internet Files folder emptied: 2408946 bytes
->Java cache emptied: 1366033 bytes
->FireFox cache emptied: 48616242 bytes
->Flash cache emptied: 470 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 757760 bytes
%systemroot%\System32 .tmp files removed: 2777088 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 62976 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.273,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01192012_172950

Files\Folders moved on Reboot...
C:\Users\Windows User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Alt 19.01.2012, 21:59   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden - Standard

Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden



Wir haben Einträge gefixt und einige Dateien gelöscht.

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.01.2012, 23:12   #11
SokraX
 
Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden - Standard

Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden



So hier isses hat nichts gefunden:

Code:
ATTFilter
 22:59:11.0743 3780	TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
22:59:11.0868 3780	============================================================
22:59:11.0868 3780	Current date / time: 2012/01/19 22:59:11.0868
22:59:11.0868 3780	SystemInfo:
22:59:11.0868 3780	
22:59:11.0868 3780	OS Version: 6.1.7601 ServicePack: 1.0
22:59:11.0868 3780	Product type: Workstation
22:59:11.0868 3780	ComputerName: WINDOWSUSER-PC
22:59:11.0868 3780	UserName: Windows User
22:59:11.0868 3780	Windows directory: C:\Windows
22:59:11.0868 3780	System windows directory: C:\Windows
22:59:11.0868 3780	Running under WOW64
22:59:11.0868 3780	Processor architecture: Intel x64
22:59:11.0868 3780	Number of processors: 2
22:59:11.0868 3780	Page size: 0x1000
22:59:11.0868 3780	Boot type: Normal boot
22:59:11.0868 3780	============================================================
22:59:13.0132 3780	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:59:13.0257 3780	Initialize success
22:59:37.0936 3580	============================================================
22:59:37.0936 3580	Scan started
22:59:37.0936 3580	Mode: Manual; SigCheck; TDLFS; 
22:59:37.0936 3580	============================================================
22:59:38.0638 3580	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:59:38.0763 3580	1394ohci - ok
22:59:38.0794 3580	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:59:38.0810 3580	ACPI - ok
22:59:38.0841 3580	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:59:38.0919 3580	AcpiPmi - ok
22:59:38.0966 3580	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:59:38.0997 3580	adp94xx - ok
22:59:39.0028 3580	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:59:39.0059 3580	adpahci - ok
22:59:39.0075 3580	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:59:39.0106 3580	adpu320 - ok
22:59:39.0184 3580	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
22:59:39.0278 3580	AFD - ok
22:59:39.0309 3580	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:59:39.0340 3580	agp440 - ok
22:59:39.0402 3580	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:59:39.0418 3580	aliide - ok
22:59:39.0434 3580	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:59:39.0449 3580	amdide - ok
22:59:39.0496 3580	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:59:39.0574 3580	AmdK8 - ok
22:59:39.0605 3580	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:59:39.0668 3580	AmdPPM - ok
22:59:39.0714 3580	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:59:39.0746 3580	amdsata - ok
22:59:39.0792 3580	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:59:39.0808 3580	amdsbs - ok
22:59:39.0824 3580	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:59:39.0839 3580	amdxata - ok
22:59:40.0026 3580	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:59:40.0229 3580	AppID - ok
22:59:40.0338 3580	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:59:40.0370 3580	arc - ok
22:59:40.0385 3580	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:59:40.0401 3580	arcsas - ok
22:59:40.0448 3580	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:59:40.0588 3580	AsyncMac - ok
22:59:40.0619 3580	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:59:40.0619 3580	atapi - ok
22:59:40.0666 3580	AtcL001         (940e5b876251e04fffe058ad71fe0f1c) C:\Windows\system32\DRIVERS\l160x64.sys
22:59:40.0697 3580	AtcL001 - ok
22:59:40.0822 3580	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
22:59:40.0947 3580	avgntflt - ok
22:59:41.0056 3580	avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
22:59:41.0072 3580	avipbb - ok
22:59:41.0103 3580	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
22:59:41.0118 3580	avkmgr - ok
22:59:41.0181 3580	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:59:41.0228 3580	b06bdrv - ok
22:59:41.0274 3580	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:59:41.0321 3580	b57nd60a - ok
22:59:41.0368 3580	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:59:41.0415 3580	Beep - ok
22:59:41.0477 3580	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:59:41.0508 3580	blbdrive - ok
22:59:41.0540 3580	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:59:41.0649 3580	bowser - ok
22:59:41.0680 3580	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:59:41.0758 3580	BrFiltLo - ok
22:59:41.0774 3580	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:59:41.0805 3580	BrFiltUp - ok
22:59:41.0836 3580	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:59:41.0883 3580	Brserid - ok
22:59:41.0930 3580	BrSerIf         (34f6c504b150f99dae69d7073d2a4df4) C:\Windows\system32\DRIVERS\BrSerIf.sys
22:59:41.0976 3580	BrSerIf - ok
22:59:42.0008 3580	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:59:42.0039 3580	BrSerWdm - ok
22:59:42.0039 3580	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:59:42.0070 3580	BrUsbMdm - ok
22:59:42.0086 3580	BrUsbSer        (601cb966fffebc6806626dc8e7aa0ef2) C:\Windows\system32\DRIVERS\BrUsbSer.sys
22:59:42.0117 3580	BrUsbSer - ok
22:59:42.0117 3580	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:59:42.0148 3580	BTHMODEM - ok
22:59:42.0210 3580	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:59:42.0257 3580	cdfs - ok
22:59:42.0304 3580	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:59:42.0366 3580	cdrom - ok
22:59:42.0413 3580	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:59:42.0476 3580	circlass - ok
22:59:42.0522 3580	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:59:42.0538 3580	CLFS - ok
22:59:42.0585 3580	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:59:42.0600 3580	CmBatt - ok
22:59:42.0632 3580	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:59:42.0647 3580	cmdide - ok
22:59:42.0678 3580	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:59:42.0725 3580	CNG - ok
22:59:42.0741 3580	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:59:42.0756 3580	Compbatt - ok
22:59:42.0803 3580	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:59:42.0819 3580	CompositeBus - ok
22:59:42.0850 3580	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:59:42.0850 3580	crcdisk - ok
22:59:42.0897 3580	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
22:59:42.0975 3580	CSC - ok
22:59:43.0053 3580	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:59:43.0146 3580	DfsC - ok
22:59:43.0193 3580	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:59:43.0256 3580	discache - ok
22:59:43.0287 3580	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:59:43.0287 3580	Disk - ok
22:59:43.0334 3580	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:59:43.0349 3580	drmkaud - ok
22:59:43.0505 3580	dump_wmimmc - ok
22:59:43.0661 3580	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:59:43.0724 3580	DXGKrnl - ok
22:59:43.0817 3580	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:59:43.0973 3580	ebdrv - ok
22:59:44.0004 3580	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:59:44.0036 3580	elxstor - ok
22:59:44.0067 3580	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:59:44.0098 3580	ErrDev - ok
22:59:44.0129 3580	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:59:44.0176 3580	exfat - ok
22:59:44.0207 3580	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:59:44.0254 3580	fastfat - ok
22:59:44.0285 3580	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:59:44.0301 3580	fdc - ok
22:59:44.0332 3580	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:59:44.0348 3580	FileInfo - ok
22:59:44.0363 3580	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:59:44.0410 3580	Filetrace - ok
22:59:44.0426 3580	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:59:44.0441 3580	flpydisk - ok
22:59:44.0488 3580	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:59:44.0519 3580	FltMgr - ok
22:59:44.0582 3580	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:59:44.0613 3580	FsDepends - ok
22:59:44.0644 3580	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:59:44.0644 3580	Fs_Rec - ok
22:59:44.0706 3580	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:59:44.0738 3580	fvevol - ok
22:59:44.0769 3580	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:59:44.0784 3580	gagp30kx - ok
22:59:44.0800 3580	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:59:44.0831 3580	hcw85cir - ok
22:59:44.0894 3580	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:59:44.0940 3580	HdAudAddService - ok
22:59:44.0987 3580	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:59:45.0018 3580	HDAudBus - ok
22:59:45.0050 3580	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:59:45.0065 3580	HidBatt - ok
22:59:45.0096 3580	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:59:45.0128 3580	HidBth - ok
22:59:45.0221 3580	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:59:45.0315 3580	HidIr - ok
22:59:45.0377 3580	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:59:45.0408 3580	HidUsb - ok
22:59:45.0455 3580	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:59:45.0471 3580	HpSAMD - ok
22:59:45.0549 3580	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:59:45.0627 3580	HTTP - ok
22:59:45.0674 3580	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:59:45.0689 3580	hwpolicy - ok
22:59:45.0720 3580	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:59:45.0736 3580	i8042prt - ok
22:59:45.0783 3580	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:59:45.0814 3580	iaStorV - ok
22:59:45.0861 3580	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:59:45.0861 3580	iirsp - ok
22:59:45.0986 3580	IntcAzAudAddService (26407a11d7e222afb7ce32700abbd9d1) C:\Windows\system32\drivers\RTKVHD64.sys
22:59:46.0064 3580	IntcAzAudAddService - ok
22:59:46.0110 3580	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:59:46.0126 3580	intelide - ok
22:59:46.0157 3580	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:59:46.0188 3580	intelppm - ok
22:59:46.0220 3580	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:59:46.0282 3580	IpFilterDriver - ok
22:59:46.0329 3580	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:59:46.0344 3580	IPMIDRV - ok
22:59:46.0360 3580	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:59:46.0407 3580	IPNAT - ok
22:59:46.0438 3580	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:59:46.0516 3580	IRENUM - ok
22:59:46.0547 3580	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:59:46.0563 3580	isapnp - ok
22:59:46.0594 3580	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:59:46.0625 3580	iScsiPrt - ok
22:59:46.0656 3580	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:59:46.0672 3580	kbdclass - ok
22:59:46.0703 3580	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
22:59:46.0719 3580	kbdhid - ok
22:59:46.0797 3580	KeyScrambler    (af49e415e4743afd1de45edfae1659ef) C:\Windows\system32\drivers\keyscrambler.sys
22:59:46.0844 3580	KeyScrambler - ok
22:59:46.0875 3580	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:59:46.0890 3580	KSecDD - ok
22:59:46.0922 3580	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:59:46.0937 3580	KSecPkg - ok
22:59:46.0968 3580	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:59:47.0031 3580	ksthunk - ok
22:59:47.0078 3580	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:59:47.0109 3580	lltdio - ok
22:59:47.0156 3580	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:59:47.0156 3580	LSI_FC - ok
22:59:47.0171 3580	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:59:47.0187 3580	LSI_SAS - ok
22:59:47.0218 3580	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:59:47.0218 3580	LSI_SAS2 - ok
22:59:47.0249 3580	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:59:47.0249 3580	LSI_SCSI - ok
22:59:47.0280 3580	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:59:47.0327 3580	luafv - ok
22:59:47.0358 3580	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:59:47.0358 3580	megasas - ok
22:59:47.0390 3580	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:59:47.0405 3580	MegaSR - ok
22:59:47.0452 3580	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:59:47.0483 3580	Modem - ok
22:59:47.0514 3580	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:59:47.0546 3580	monitor - ok
22:59:47.0577 3580	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:59:47.0592 3580	mouclass - ok
22:59:47.0639 3580	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:59:47.0655 3580	mouhid - ok
22:59:47.0686 3580	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:59:47.0702 3580	mountmgr - ok
22:59:47.0733 3580	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:59:47.0748 3580	mpio - ok
22:59:47.0780 3580	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:59:47.0811 3580	mpsdrv - ok
22:59:47.0842 3580	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:59:47.0951 3580	MRxDAV - ok
22:59:47.0998 3580	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:59:48.0060 3580	mrxsmb - ok
22:59:48.0092 3580	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:59:48.0154 3580	mrxsmb10 - ok
22:59:48.0185 3580	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:59:48.0201 3580	mrxsmb20 - ok
22:59:48.0248 3580	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:59:48.0263 3580	msahci - ok
22:59:48.0294 3580	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:59:48.0326 3580	msdsm - ok
22:59:48.0372 3580	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:59:48.0404 3580	Msfs - ok
22:59:48.0419 3580	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:59:48.0466 3580	mshidkmdf - ok
22:59:48.0497 3580	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:59:48.0513 3580	msisadrv - ok
22:59:48.0560 3580	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:59:48.0591 3580	MSKSSRV - ok
22:59:48.0606 3580	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:59:48.0638 3580	MSPCLOCK - ok
22:59:48.0653 3580	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:59:48.0700 3580	MSPQM - ok
22:59:48.0747 3580	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:59:48.0778 3580	MsRPC - ok
22:59:48.0794 3580	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:59:48.0809 3580	mssmbios - ok
22:59:48.0856 3580	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:59:48.0934 3580	MSTEE - ok
22:59:48.0950 3580	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:59:48.0965 3580	MTConfig - ok
22:59:49.0012 3580	MTsensor        (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
22:59:49.0043 3580	MTsensor - ok
22:59:49.0090 3580	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:59:49.0106 3580	Mup - ok
22:59:49.0137 3580	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:59:49.0199 3580	NativeWifiP - ok
22:59:49.0262 3580	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:59:49.0324 3580	NDIS - ok
22:59:49.0355 3580	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:59:49.0402 3580	NdisCap - ok
22:59:49.0449 3580	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:59:49.0480 3580	NdisTapi - ok
22:59:49.0511 3580	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:59:49.0558 3580	Ndisuio - ok
22:59:49.0589 3580	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:59:49.0636 3580	NdisWan - ok
22:59:49.0667 3580	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:59:49.0714 3580	NDProxy - ok
22:59:49.0745 3580	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:59:49.0776 3580	NetBIOS - ok
22:59:49.0808 3580	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:59:49.0932 3580	NetBT - ok
22:59:50.0026 3580	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:59:50.0042 3580	nfrd960 - ok
22:59:50.0088 3580	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:59:50.0135 3580	Npfs - ok
22:59:50.0151 3580	NPPTNT2 - ok
22:59:50.0182 3580	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:59:50.0229 3580	nsiproxy - ok
22:59:50.0291 3580	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:59:50.0400 3580	Ntfs - ok
22:59:50.0432 3580	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:59:50.0478 3580	Null - ok
22:59:50.0790 3580	nvlddmkm        (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:59:50.0962 3580	nvlddmkm - ok
22:59:51.0009 3580	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:59:51.0009 3580	nvraid - ok
22:59:51.0040 3580	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:59:51.0056 3580	nvstor - ok
22:59:51.0149 3580	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:59:51.0180 3580	nv_agp - ok
22:59:51.0212 3580	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:59:51.0243 3580	ohci1394 - ok
22:59:51.0290 3580	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:59:51.0305 3580	Parport - ok
22:59:51.0352 3580	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:59:51.0368 3580	partmgr - ok
22:59:51.0399 3580	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:59:51.0430 3580	pci - ok
22:59:51.0461 3580	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:59:51.0461 3580	pciide - ok
22:59:51.0508 3580	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:59:51.0524 3580	pcmcia - ok
22:59:51.0555 3580	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:59:51.0570 3580	pcw - ok
22:59:51.0602 3580	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:59:51.0680 3580	PEAUTH - ok
22:59:51.0789 3580	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:59:51.0820 3580	PptpMiniport - ok
22:59:51.0867 3580	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:59:51.0898 3580	Processor - ok
22:59:51.0929 3580	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:59:51.0976 3580	Psched - ok
22:59:52.0038 3580	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:59:52.0179 3580	ql2300 - ok
22:59:52.0194 3580	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:59:52.0210 3580	ql40xx - ok
22:59:52.0226 3580	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:59:52.0272 3580	QWAVEdrv - ok
22:59:52.0288 3580	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:59:52.0335 3580	RasAcd - ok
22:59:52.0382 3580	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:59:52.0413 3580	RasAgileVpn - ok
22:59:52.0460 3580	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:59:52.0506 3580	Rasl2tp - ok
22:59:52.0553 3580	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:59:52.0600 3580	RasPppoe - ok
22:59:52.0631 3580	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:59:52.0678 3580	RasSstp - ok
22:59:52.0694 3580	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:59:52.0756 3580	rdbss - ok
22:59:52.0787 3580	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:59:52.0818 3580	rdpbus - ok
22:59:52.0834 3580	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:59:52.0881 3580	RDPCDD - ok
22:59:52.0912 3580	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
22:59:52.0974 3580	RDPDR - ok
22:59:53.0006 3580	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:59:53.0068 3580	RDPENCDD - ok
22:59:53.0084 3580	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:59:53.0130 3580	RDPREFMP - ok
22:59:53.0162 3580	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
22:59:53.0193 3580	RDPWD - ok
22:59:53.0224 3580	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:59:53.0240 3580	rdyboost - ok
22:59:53.0302 3580	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:59:53.0333 3580	rspndr - ok
22:59:53.0411 3580	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
22:59:53.0442 3580	s3cap - ok
22:59:53.0552 3580	SbieDrv         (152ee68830ffb13f0b1fec6c9b99644f) C:\Program Files\Sandboxie\SbieDrv.sys
22:59:53.0598 3580	SbieDrv - ok
22:59:53.0708 3580	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:59:53.0723 3580	sbp2port - ok
22:59:53.0817 3580	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:59:53.0864 3580	scfilter - ok
22:59:53.0926 3580	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:59:53.0973 3580	secdrv - ok
22:59:53.0988 3580	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:59:54.0004 3580	Serenum - ok
22:59:54.0020 3580	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:59:54.0035 3580	Serial - ok
22:59:54.0066 3580	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:59:54.0082 3580	sermouse - ok
22:59:54.0129 3580	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:59:54.0176 3580	sffdisk - ok
22:59:54.0207 3580	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:59:54.0254 3580	sffp_mmc - ok
22:59:54.0285 3580	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:59:54.0300 3580	sffp_sd - ok
22:59:54.0332 3580	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:59:54.0363 3580	sfloppy - ok
22:59:54.0394 3580	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:59:54.0410 3580	SiSRaid2 - ok
22:59:54.0425 3580	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:59:54.0441 3580	SiSRaid4 - ok
22:59:54.0472 3580	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:59:54.0519 3580	Smb - ok
22:59:54.0550 3580	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:59:54.0566 3580	spldr - ok
22:59:54.0597 3580	sptd - ok
22:59:54.0644 3580	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:59:54.0706 3580	srv - ok
22:59:54.0753 3580	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:59:54.0831 3580	srv2 - ok
22:59:54.0862 3580	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:59:54.0893 3580	srvnet - ok
22:59:55.0018 3580	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:59:55.0034 3580	stexstor - ok
22:59:55.0080 3580	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
22:59:55.0096 3580	storflt - ok
22:59:55.0127 3580	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
22:59:55.0127 3580	storvsc - ok
22:59:55.0158 3580	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:59:55.0174 3580	swenum - ok
22:59:55.0236 3580	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:59:55.0330 3580	Tcpip - ok
22:59:55.0408 3580	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:59:55.0470 3580	TCPIP6 - ok
22:59:55.0517 3580	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:59:55.0548 3580	tcpipreg - ok
22:59:55.0595 3580	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:59:55.0626 3580	TDPIPE - ok
22:59:55.0642 3580	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:59:55.0673 3580	TDTCP - ok
22:59:55.0704 3580	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:59:55.0736 3580	tdx - ok
22:59:55.0767 3580	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:59:55.0782 3580	TermDD - ok
22:59:55.0860 3580	truecrypt       (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys
22:59:55.0876 3580	truecrypt - ok
22:59:55.0907 3580	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:59:55.0954 3580	tssecsrv - ok
22:59:55.0985 3580	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:59:56.0016 3580	TsUsbFlt - ok
22:59:56.0079 3580	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:59:56.0172 3580	tunnel - ok
22:59:56.0204 3580	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:59:56.0219 3580	uagp35 - ok
22:59:56.0250 3580	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:59:56.0313 3580	udfs - ok
22:59:56.0360 3580	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:59:56.0375 3580	uliagpkx - ok
22:59:56.0391 3580	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:59:56.0406 3580	umbus - ok
22:59:56.0453 3580	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:59:56.0469 3580	UmPass - ok
22:59:56.0500 3580	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:59:56.0547 3580	usbccgp - ok
22:59:56.0578 3580	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:59:56.0609 3580	usbcir - ok
22:59:56.0625 3580	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:59:56.0656 3580	usbehci - ok
22:59:56.0703 3580	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:59:56.0781 3580	usbhub - ok
22:59:56.0812 3580	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:59:56.0828 3580	usbohci - ok
22:59:56.0859 3580	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:59:56.0890 3580	usbprint - ok
22:59:56.0937 3580	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:59:56.0968 3580	usbscan - ok
22:59:56.0999 3580	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:59:57.0062 3580	USBSTOR - ok
22:59:57.0077 3580	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
22:59:57.0108 3580	usbuhci - ok
22:59:57.0171 3580	VBoxDrv         (b6437a7c60c817a0d7bea1d994b01612) C:\Windows\system32\DRIVERS\VBoxDrv.sys
22:59:57.0202 3580	VBoxDrv - ok
22:59:57.0233 3580	VBoxNetAdp      (9e607f6240eadc4c0b3570f3e5e0358c) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
22:59:57.0264 3580	VBoxNetAdp - ok
22:59:57.0296 3580	VBoxNetFlt      (9f7bc6d33a3aa4aff35c9dbd69c2bca0) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
22:59:57.0327 3580	VBoxNetFlt - ok
22:59:57.0358 3580	VBoxUSBMon      (84b57b85a550476456ec5ab32fa99513) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
22:59:57.0389 3580	VBoxUSBMon - ok
22:59:57.0420 3580	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:59:57.0436 3580	vdrvroot - ok
22:59:57.0467 3580	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:59:57.0498 3580	vga - ok
22:59:57.0530 3580	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:59:57.0576 3580	VgaSave - ok
22:59:57.0623 3580	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:59:57.0639 3580	vhdmp - ok
22:59:57.0670 3580	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:59:57.0670 3580	viaide - ok
22:59:57.0701 3580	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
22:59:57.0717 3580	vmbus - ok
22:59:57.0732 3580	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
22:59:57.0764 3580	VMBusHID - ok
22:59:57.0795 3580	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:59:57.0795 3580	volmgr - ok
22:59:57.0842 3580	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:59:57.0873 3580	volmgrx - ok
22:59:57.0904 3580	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:59:57.0935 3580	volsnap - ok
22:59:57.0966 3580	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:59:57.0982 3580	vsmraid - ok
22:59:57.0998 3580	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
22:59:58.0029 3580	vwifibus - ok
22:59:58.0060 3580	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:59:58.0076 3580	WacomPen - ok
22:59:58.0122 3580	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:59:58.0232 3580	WANARP - ok
22:59:58.0232 3580	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:59:58.0263 3580	Wanarpv6 - ok
22:59:58.0294 3580	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:59:58.0310 3580	Wd - ok
22:59:58.0341 3580	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:59:58.0372 3580	Wdf01000 - ok
22:59:58.0434 3580	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:59:58.0466 3580	WfpLwf - ok
22:59:58.0497 3580	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:59:58.0497 3580	WIMMount - ok
22:59:58.0575 3580	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:59:58.0606 3580	WmiAcpi - ok
22:59:58.0653 3580	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:59:58.0684 3580	ws2ifsl - ok
22:59:58.0715 3580	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:59:58.0762 3580	WudfPf - ok
22:59:58.0809 3580	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:59:58.0902 3580	WUDFRd - ok
22:59:58.0949 3580	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:59:59.0058 3580	\Device\Harddisk0\DR0 - ok
22:59:59.0058 3580	Boot (0x1200)   (bf1f62d7c2c0c8ede4136ef9c9f695c2) \Device\Harddisk0\DR0\Partition0
22:59:59.0058 3580	\Device\Harddisk0\DR0\Partition0 - ok
22:59:59.0074 3580	Boot (0x1200)   (3888a81801cdbae9a98411df29c6d686) \Device\Harddisk0\DR0\Partition1
22:59:59.0074 3580	\Device\Harddisk0\DR0\Partition1 - ok
22:59:59.0090 3580	Boot (0x1200)   (6d27b8ea532798b1dcfa2eb15228841e) \Device\Harddisk0\DR0\Partition2
22:59:59.0090 3580	\Device\Harddisk0\DR0\Partition2 - ok
22:59:59.0121 3580	Boot (0x1200)   (2eccd1649931a4877a58a118150c95e0) \Device\Harddisk0\DR0\Partition3
22:59:59.0121 3580	\Device\Harddisk0\DR0\Partition3 - ok
22:59:59.0121 3580	============================================================
22:59:59.0121 3580	Scan finished
22:59:59.0121 3580	============================================================
22:59:59.0121 1264	Detected object count: 0
22:59:59.0121 1264	Actual detected object count: 0
         

Alt 19.01.2012, 23:19   #12
SokraX
 
Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden - Standard

Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden



Sorry zwei mal gedrückt

Alt 20.01.2012, 10:29   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden - Standard

Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.01.2012, 13:17   #14
SokraX
 
Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden - Standard

Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden



Die Hosts.txt hab ich selber mal als Backup angelegt da ich in der host datei manuell ne Seite geblockt habe und die gelöschte Install auf E: hat Steam mal da abgelegt ist Visual Studio 9.0

ComboFix Log:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-01-19.02 - Windows User 20.01.2012  13:07:47.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4095.2789 [GMT 1:00]
ausgeführt von:: c:\users\Windows User\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.txt
E:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-20 bis 2012-01-20  ))))))))))))))))))))))))))))))
.
.
2012-01-20 11:45 . 2012-01-20 11:45	9310	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-01-19 16:29 . 2012-01-19 16:29	--------	d-----w-	C:\_OTL
2012-01-19 04:20 . 2012-01-19 04:20	--------	d-----w-	c:\program files (x86)\ESET
2012-01-18 21:20 . 2012-01-19 02:45	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0
2012-01-18 19:35 . 2012-01-18 19:35	--------	d-----w-	c:\users\Windows User\AppData\Roaming\Malwarebytes
2012-01-18 19:35 . 2012-01-18 19:35	--------	d-----w-	c:\programdata\Malwarebytes
2012-01-18 19:35 . 2012-01-18 19:35	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-18 19:35 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-01-14 11:44 . 2012-01-14 11:44	--------	d-----r-	c:\users\Windows User\AppData\Roaming\Brother
2012-01-13 23:34 . 2012-01-13 23:34	--------	d-----w-	c:\programdata\regid.1986-12.com.adobe
2012-01-13 23:28 . 2012-01-13 23:28	--------	d-----w-	c:\program files (x86)\Common Files\Adobe AIR
2012-01-13 22:47 . 2012-01-13 22:47	--------	d-----w-	c:\program files (x86)\GIMP-2.0
2012-01-13 22:40 . 2012-01-14 00:15	--------	d-----w-	c:\users\Windows User\.gimp-2.6
2012-01-13 22:06 . 2006-07-07 11:40	73728	------w-	c:\windows\SysWow64\BRCrypt.dll
2012-01-13 22:06 . 2008-10-17 19:04	179712	------w-	c:\windows\system32\BrfxDA5b.dll
2012-01-13 22:06 . 2008-08-23 18:17	118784	------w-	c:\windows\SysWow64\BrMfNt.dll
2012-01-13 22:06 . 2002-11-26 12:43	106496	------w-	c:\windows\SysWow64\BrMuSNMP.dll
2012-01-13 22:06 . 2007-12-13 21:16	73728	------w-	c:\windows\SysWow64\BrDctF2.dll
2012-01-13 22:06 . 2007-12-13 21:16	5632	------w-	c:\windows\SysWow64\BrDctF2L.dll
2012-01-13 22:06 . 2007-12-13 21:16	3072	------w-	c:\windows\SysWow64\BrDctF2S.dll
2012-01-13 22:06 . 2006-12-28 12:39	176128	------w-	c:\windows\SysWow64\BroSNMP.dll
2012-01-13 22:06 . 2009-07-21 14:32	1560064	----a-w-	c:\windows\system32\BrWia09b.dll
2012-01-13 22:06 . 2009-02-24 09:37	50176	----a-w-	c:\windows\system32\BrUsi09a.dll
2012-01-13 22:06 . 2012-01-13 22:06	--------	d-----w-	c:\program files (x86)\Brother
2012-01-13 22:06 . 2008-06-17 14:33	167936	------w-	c:\windows\SysWow64\NSSearch.dll
2012-01-13 22:05 . 2012-01-13 22:05	--------	d-----w-	c:\programdata\Brother
2012-01-13 22:05 . 2012-01-13 22:05	--------	d-----w-	c:\users\Windows User\AppData\Roaming\InstallShield
2012-01-11 11:38 . 2011-11-17 06:41	1731920	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 11:38 . 2011-11-17 05:38	1292080	----a-w-	c:\windows\SysWow64\ntdll.dll
2012-01-11 11:38 . 2011-10-26 05:25	1572864	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 11:38 . 2011-10-26 04:32	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-01-11 11:38 . 2011-10-26 04:32	1328128	----a-w-	c:\windows\SysWow64\quartz.dll
2012-01-11 11:38 . 2011-10-26 05:25	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-01-11 11:38 . 2011-11-19 14:58	77312	----a-w-	c:\windows\system32\packager.dll
2012-01-11 11:38 . 2011-11-19 14:01	67072	----a-w-	c:\windows\SysWow64\packager.dll
2012-01-09 16:41 . 2012-01-09 16:41	--------	d-----w-	c:\users\Windows User\.swt
2012-01-09 16:41 . 2012-01-09 17:36	--------	d-----w-	c:\users\Windows User\AppData\Roaming\Azureus
2012-01-09 16:39 . 2012-01-09 16:40	--------	d-----w-	c:\program files (x86)\Vuze
2012-01-08 12:14 . 2012-01-08 12:14	626688	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-08 12:14 . 2012-01-08 12:14	548864	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-08 12:14 . 2012-01-08 12:14	479232	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-08 12:14 . 2012-01-08 12:14	43992	----a-w-	c:\program files (x86)\Mozilla Firefox\mozutils.dll
2011-12-31 10:01 . 2011-12-31 10:01	--------	d-----w-	c:\program files (x86)\CDBurnerXP
2011-12-31 07:41 . 2011-12-31 07:41	--------	d-----w-	c:\program files\CCleaner
2011-12-30 06:14 . 2011-12-30 06:14	--------	d-----w-	c:\users\Windows User\AppData\Roaming\Auslogics
2011-12-30 06:14 . 2011-12-30 06:14	--------	d-----w-	c:\program files (x86)\Auslogics
2011-12-24 06:43 . 2011-12-24 06:43	530488	----a-w-	c:\windows\system32\drivers\sptd.sys
2011-12-24 06:42 . 2011-12-24 06:42	--------	d-----w-	c:\program files (x86)\DAEMON Tools Lite
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-08 16:03 . 2011-10-16 03:45	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-11-24 04:52 . 2011-12-14 02:43	3145216	----a-w-	c:\windows\system32\win32k.sys
2011-11-05 05:32 . 2011-12-14 02:44	2048	----a-w-	c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 02:44	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2011-11-04 11:37 . 2011-11-12 20:15	224048	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2011-11-04 11:37 . 2011-11-12 20:15	130864	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys
2011-11-04 11:37 . 2011-11-04 11:37	165680	----a-w-	c:\windows\system32\drivers\VBoxNetFlt.sys
2011-11-04 11:37 . 2011-11-04 11:37	146736	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys
2011-11-04 11:36 . 2011-11-04 11:36	320816	----a-w-	c:\windows\system32\VBoxNetFltNobj.dll
2011-11-04 01:53 . 2011-12-14 02:45	2309120	----a-w-	c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 02:45	1390080	----a-w-	c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 02:45	1493504	----a-w-	c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 02:45	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 02:45	1798144	----a-w-	c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 02:45	1427456	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 02:45	1127424	----a-w-	c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 02:45	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:21 . 2011-12-14 02:44	43520	----a-w-	c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Windows User\AppData\Local\Akamai\netsession_win.exe" [2011-12-12 3305760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"FtLnSOP_setup"="c:\windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe" [2010-02-08 143360]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Error Recovery Guide.lnk - c:\windows\twain_32\fjscan32\ERG\FTErGuid.exe [2011-1-5 286720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dump_wmimmc;dump_wmimmc;e:\games\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-11 463824]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Windows User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: Interfaces\{E06576D6-A338-4B4A-A0A8-913DA3394EB8}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\Windows User\AppData\Roaming\Mozilla\Firefox\Profiles\f0j4dsun.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.14);user_pref(general.useragent.extra.zencast, 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-BitTorrent - c:\program files (x86)\BitTorrent\BitTorrent.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4174610249-2608695120-2106418366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ˆÄP ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-4174610249-2608695120-2106418366-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ˆÄP \OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-4174610249-2608695120-2106418366-1001\Software\SecuROM\License information*]
"datasecu"=hex:18,7a,00,4a,f8,6f,c0,9c,1c,74,30,cb,95,ac,c5,11,f7,25,60,f5,84,
   8e,e5,ac,06,7b,75,84,51,a0,17,98,2e,5a,e2,b3,e6,ca,58,2e,e2,36,00,cc,32,a6,\
"rkeysecu"=hex:c3,0d,da,a0,3a,5e,0c,de,41,42,b6,25,e8,19,07,f0
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\01\01\09\10(\0a?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-01-20  13:14:40
ComboFix-quarantined-files.txt  2012-01-20 12:14
.
Vor Suchlauf: 13 Verzeichnis(se), 32.355.397.632 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 33.473.077.248 Bytes frei
.
- - End Of File - - 02DE0BC548EFC517EA8B26BED49024C1
         
--- --- ---

Geändert von SokraX (20.01.2012 um 13:24 Uhr)

Alt 20.01.2012, 13:52   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden - Standard

Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden
64 bit system, antivir, avira, avira antivir, dateien, folge, folgende, html/infected.webpage.gen, html/infected.webpage.gen2, ide, jahre, logfiles, meldung, neustart, nichts, platte, programm, scan, system, unerwünschtes programm, versteckte, versteckte dateien, virus, warnung, windows, windows 7, windows 7 64 bit



Ähnliche Themen: Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden


  1. Avira Fund HTML infected.WebPage.Gen2
    Log-Analyse und Auswertung - 31.07.2015 (11)
  2. Avira Browser Schutz meldet Fund: HTML/Infected.WebPage.Gen2
    Plagegeister aller Art und deren Bekämpfung - 10.05.2015 (11)
  3. Scan mit Avira driver sptd.sys Warnung, Versteckte Objekte gefunden
    Log-Analyse und Auswertung - 14.05.2013 (38)
  4. HTML/Infected.WebPage.Gen2
    Plagegeister aller Art und deren Bekämpfung - 22.03.2013 (16)
  5. HTML/Infected.WebPage.Gen2
    Plagegeister aller Art und deren Bekämpfung - 20.03.2012 (4)
  6. 'HTML/Infected.WebPage.Gen2
    Log-Analyse und Auswertung - 14.03.2012 (1)
  7. HTML/Infected.WebPage.Gen2
    Plagegeister aller Art und deren Bekämpfung - 25.02.2012 (8)
  8. Win XP: HTML/Infected.WebPage.Gen2
    Plagegeister aller Art und deren Bekämpfung - 19.02.2012 (1)
  9. Antivir: Mehrere Warnungen vor HTML/Infected.WebPage.Gen2
    Plagegeister aller Art und deren Bekämpfung - 26.01.2012 (13)
  10. Nach HTML/Infected.WebPage.Gen2 - 14 Warnungen und 18 Versteckte Objekte bei AntiVir
    Plagegeister aller Art und deren Bekämpfung - 20.01.2012 (47)
  11. Html/Infected.Webpage.Gen2 [virus] gefunden. Quarantäne leer. FW wurde vom Virus aus/eingeschaltet
    Log-Analyse und Auswertung - 19.12.2011 (52)
  12. Avira HTML/Infected.WebPage.Gen2
    Plagegeister aller Art und deren Bekämpfung - 04.05.2011 (3)
  13. Fund beim laden einer Seite "html infected.webpage.gen2"
    Antiviren-, Firewall- und andere Schutzprogramme - 09.02.2011 (8)
  14. HTML/Infected.WebPage.Gen2 gefunden - PC startet bei suchlauf mit antivir neu
    Plagegeister aller Art und deren Bekämpfung - 05.01.2011 (9)
  15. HTML/Infected.Webpage.Gen2 meldet mir Avira ständig
    Plagegeister aller Art und deren Bekämpfung - 03.10.2010 (1)
  16. Virenusbefall ? HTML/Rce.Gen und HTML/Infected.WebPage.Gen2
    Plagegeister aller Art und deren Bekämpfung - 22.09.2010 (4)
  17. avira funde =( HTML/Infected.WebPage.Gen2 und weitere =(
    Plagegeister aller Art und deren Bekämpfung - 23.08.2010 (19)

Zum Thema Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden - Hallo, Avira hat mir gestern Abend die Meldung gegeben dass es den HTML/Infected.WebPage.Gen2 gefunden hat beim anschließenden Scan hat es dann mehrere versteckte Dateien gefunden und folgende Mitteilung ausgegeben: Es - Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden...
Archiv
Du betrachtest: Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.