Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: mediashifting.com Virus eingefangen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.01.2012, 18:00   #1
nitox
 
mediashifting.com Virus eingefangen - Standard

mediashifting.com Virus eingefangen



Hallo,
ich habe mir leider vor 2 Tagen den mediashifting.com Virus eingefangen . In Firefox öffen sich ständig neue Fenster in denen ich auf mediashiftig.com weitergeleitet werde. Die Seite selbst wird nicht angezeigt, da kommt dann die Meldung von T-Online, dass die Seite nicht gefunden wurde.
Ich nutze am PC Online Banking, hab mich aber seit dem ich mir den Virus eingefangen habe nicht mehr eingelogt. Besteht da Gefahr? Zur Datensicherung hab ich noch eine Externe Festplatte, diese war ebenfalls seit dem der Virus da ist noch nicht angeschlossen. Kann ich die Externe Ohne weiteres anschließen und Daten sichern? Ich habe noch 2 weitere PC's in meinem Netzwerk, sind die auch gefährdet?
Ich wollte meinen Computer sowieso in 2 Wochen neu formatieren und Windows neu draufmachen. Reicht jetzt, wo ich den Virus habe, eine normale formatierung aus oder muss ich noch irgendwelche Sachen beachten.
Falls es nicht zu aufwendig ist den Virus zu entfernen würde ich mich über Hilfe sehr freuen.

Hier mal die OTL:
Code:
ATTFilter
OTL logfile created on: 18.01.2012 17:59:27 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\XXX\Downloads
64bit- Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,19 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 34,67% Memory free
6,37 Gb Paging File | 3,87 Gb Available in Paging File | 60,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,54 Gb Total Space | 34,57 Gb Free Space | 17,68% Space Free | Partition Type: NTFS
 
Computer Name: FELIX-PC | User Name: Felix | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.18 17:57:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Downloads\24960-OTL.exe
PRC - [2012.01.18 15:51:56 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Users\XXX\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
PRC - [2012.01.08 23:10:21 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.12.24 17:50:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011.10.27 14:05:58 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.08.02 08:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011.07.02 16:14:24 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 15:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.03.07 20:28:39 | 001,591,760 | ---- | M] (TrueCrypt Foundation) -- C:\Programme\TrueCrypt\TrueCrypt Format.exe
PRC - [2011.03.07 20:28:39 | 001,496,528 | ---- | M] (TrueCrypt Foundation) -- C:\Programme\TrueCrypt\TrueCrypt.exe
PRC - [2010.12.28 18:36:25 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
PRC - [2009.07.08 15:32:50 | 001,233,195 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
PRC - [2009.02.23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.18 15:51:59 | 000,592,896 | ---- | M] () -- C:\Users\XXX\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0085\~de6248.tmp
MOD - [2012.01.18 15:51:56 | 000,697,884 | ---- | M] () -- C:\Users\XXX\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0085\~df394b.tmp
MOD - [2012.01.08 23:10:21 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.01.08 16:46:46 | 000,076,800 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\am3dzdvp.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko9.dll
MOD - [2011.06.22 13:24:00 | 006,271,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.09.08 18:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.01.11 18:24:35 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.10.27 14:05:58 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.07.02 16:14:24 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.28 18:39:31 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.12.28 18:37:35 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.12.28 18:36:25 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2003.04.18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.09.30 18:09:33 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.09.08 19:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.09.08 19:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.09.08 17:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.07.02 16:14:25 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.02 16:14:25 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.06.06 23:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.07 20:28:39 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2010.09.28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009.08.13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.30 12:58:42 | 000,236,544 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DD 64 CB D4 79 B2 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "www.t-online.de"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3
FF - prefs.js..extensions.enabledItems: {BAEBEF65-9289-47c5-8524-C345CC5D860D}:1.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.5.0.12
FF - prefs.js..extensions.enabledItems: ytvdw@pgport.com:1.1.8
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.08 23:10:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.09 10:02:43 | 000,000,000 | ---D | M]
 
[2010.12.28 18:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions
[2012.01.09 23:56:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\am3dzdvp.default\extensions
[2012.01.09 23:56:41 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\am3dzdvp.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011.12.27 11:51:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\am3dzdvp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.12 17:33:58 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\am3dzdvp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.06.23 03:40:00 | 000,000,923 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\am3dzdvp.default\searchplugins\conduit.xml
[2011.11.10 13:44:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.11.01 10:44:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.02.16 14:32:17 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru
() (No name found) -- C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AM3DZDVP.DEFAULT\EXTENSIONS\{BAEBEF65-9289-47C5-8524-C345CC5D860D}.XPI
[2012.01.08 23:10:21 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.08 17:02:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.04 14:59:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.04 14:59:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.04 14:59:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.04 14:59:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.04 14:59:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.04 14:59:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmartviewAgent] "C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe" File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [ASRockIES]  File not found
O4 - HKCU..\Run: [ASRockOCTuner]  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - HKCU..\Run: [TrueCrypt Format] C:\Program Files\TrueCrypt\TrueCrypt Format.exe (TrueCrypt Foundation)
O4 - HKCU..\Run: [zASRockInstantBoot]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EA704FC-EC20-4456-8B31-5C8D461291EC}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (C:\Users\Felix\AppData\Local\971d70e1\X) -C:\Users\XXX\AppData\Local\971d70e1\X ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7c071240-eb89-11e0-9be3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7c071240-eb89-11e0-9be3-806e6f6e6963}\Shell\AutoRun\command - "" = H:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.18 16:02:34 | 052,128,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012.01.17 18:25:32 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\Malwarebytes
[2012.01.17 18:25:27 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.01.17 18:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.01.17 18:25:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.17 17:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2012.01.17 13:36:36 | 000,000,000 | -HSD | C] -- C:\Users\XXX\AppData\Local\971d70e1
[2012.01.11 15:46:24 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012.01.11 15:46:24 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012.01.11 15:46:24 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.01.11 15:46:24 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.01.11 15:46:18 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.01.11 15:46:18 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.01.11 15:46:16 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.01.11 15:46:14 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012.01.11 15:46:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012.01.08 20:14:07 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\Auto
[2012.01.07 14:38:48 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012.01.07 14:38:48 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\IrfanView
[2012.01.07 14:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.18 17:35:03 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.18 16:03:55 | 000,012,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.18 16:03:55 | 000,012,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.18 15:51:49 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.18 15:51:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.18 15:51:24 | 2566,344,704 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.17 18:25:28 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.16 16:02:41 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.16 16:02:41 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.16 16:02:41 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.16 16:02:41 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.16 16:02:41 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.07 14:38:49 | 000,001,899 | ---- | M] () -- C:\Users\XXX\Desktop\IrfanView Thumbnails.lnk
[2012.01.07 14:38:49 | 000,001,007 | ---- | M] () -- C:\Users\XXX\Desktop\IrfanView.lnk
[2012.01.04 17:15:16 | 052,128,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.17 18:25:28 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.07 14:38:49 | 000,001,899 | ---- | C] () -- C:\Users\XXX\Desktop\IrfanView Thumbnails.lnk
[2012.01.07 14:38:49 | 000,001,007 | ---- | C] () -- C:\Users\XXX\Desktop\IrfanView.lnk
[2011.10.27 13:59:06 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.27 13:59:04 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.09.14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.05.25 15:08:49 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\9094798.exe
[2011.05.25 15:08:49 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\5093629.exe
[2011.05.25 15:08:49 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\380989.exe
[2011.05.25 13:58:50 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\9143281.exe
[2011.05.25 13:58:50 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\6454919.exe
[2011.05.25 13:58:50 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\2475242.exe
[2011.05.25 13:58:50 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\1886399.exe
[2011.05.25 13:47:07 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\7237836.exe
[2011.05.25 13:47:07 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\7016332.exe
[2011.05.25 13:47:07 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\6963887.exe
[2011.05.25 13:47:07 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\3292189.exe
[2011.05.25 13:35:24 | 000,011,616 | -HS- | C] () -- C:\Users\XXX\AppData\Local\5111732e22216eo0mc0417
[2011.05.25 13:35:24 | 000,011,616 | -HS- | C] () -- C:\ProgramData\5111732e22216eo0mc0417
[2011.05.25 13:35:18 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\9960932.exe
[2011.05.25 13:35:18 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\8897694.exe
[2011.05.25 13:35:17 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\5824036.exe
[2011.05.25 13:35:17 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\2232325.exe
[2011.05.25 12:26:55 | 000,010,876 | -HS- | C] () -- C:\Users\XXX\AppData\Local\8mp7743p600u15y
[2011.05.25 12:26:55 | 000,010,872 | -HS- | C] () -- C:\ProgramData\8mp7743p600u15y
[2011.05.25 12:26:49 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\8456810.exe
[2011.05.25 12:26:49 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\7987998.exe
[2011.05.25 12:26:49 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\7803985.exe
[2011.05.25 12:26:49 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\202430.exe
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.02.23 15:17:12 | 000,007,597 | ---- | C] () -- C:\Users\XXX\AppData\Local\Resmon.ResmonCfg
[2011.01.05 15:04:22 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2010.12.29 10:01:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.12.28 18:40:09 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2010.12.28 18:40:09 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2010.12.28 18:40:09 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2010.12.28 18:30:22 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.12.28 18:30:22 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.12.28 00:15:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A66A990E
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
         

Alt 18.01.2012, 20:25   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mediashifting.com Virus eingefangen - Standard

mediashifting.com Virus eingefangen



Zitat:
(Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
Was gibt es bisher an Log von Malwarebytes? Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 19.01.2012, 15:02   #3
nitox
 
mediashifting.com Virus eingefangen - Standard

mediashifting.com Virus eingefangen



Ok hier die Log von Malwarebytes:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.17.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
XXX :: XXX-PC [Administrator]

Schutz: Aktiviert

19.01.2012 14:02:32
mbam-log-2012-01-19 (14-02-32).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 357595
Laufzeit: 1 Stunde(n), 55 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Daten: C:\Users\XXX\AppData\Local\971d70e1\X -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
__________________

Alt 19.01.2012, 15:26   #4
nitox
 
mediashifting.com Virus eingefangen - Standard

mediashifting.com Virus eingefangen



Hier die OTL logfiles:

Code:
ATTFilter
OTL logfile created on: 19.01.2012 16:08:23 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Felix\Desktop
64bit- Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,19 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 67,68% Memory free
6,37 Gb Paging File | 5,39 Gb Available in Paging File | 84,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,54 Gb Total Space | 33,50 Gb Free Space | 17,13% Space Free | Partition Type: NTFS
 
Computer Name: FELIX-PC | User Name: Felix | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.19 16:01:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Felix\Desktop\OTL.exe
PRC - [2012.01.08 23:10:21 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.08 23:10:21 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.01.08 16:46:46 | 000,076,800 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\am3dzdvp.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko9.dll
MOD - [2011.06.22 13:24:00 | 006,271,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.09.08 18:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.01.11 18:24:35 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.10.27 14:05:58 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.07.02 16:14:24 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.28 18:39:31 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.12.28 18:37:35 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.12.28 18:36:25 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2003.04.18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.09.30 18:09:33 | 000,526,392 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.09.08 19:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.09.08 19:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.09.08 17:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.07.02 16:14:25 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.02 16:14:25 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.06.06 23:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.07 20:28:39 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2010.09.28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009.08.13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.30 12:58:42 | 000,236,544 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DD 64 CB D4 79 B2 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "www.t-online.de"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3
FF - prefs.js..extensions.enabledItems: {BAEBEF65-9289-47c5-8524-C345CC5D860D}:1.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.5.0.12
FF - prefs.js..extensions.enabledItems: ytvdw@pgport.com:1.1.8
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.08 23:10:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.09 10:02:43 | 000,000,000 | ---D | M]
 
[2010.12.28 18:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felix\AppData\Roaming\mozilla\Extensions
[2012.01.09 23:56:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\am3dzdvp.default\extensions
[2012.01.09 23:56:41 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\am3dzdvp.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011.12.27 11:51:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\am3dzdvp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.12 17:33:58 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\am3dzdvp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.06.23 03:40:00 | 000,000,923 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\am3dzdvp.default\searchplugins\conduit.xml
[2011.11.10 13:44:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.11.01 10:44:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.02.16 14:32:17 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru
() (No name found) -- C:\USERS\FELIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AM3DZDVP.DEFAULT\EXTENSIONS\{BAEBEF65-9289-47C5-8524-C345CC5D860D}.XPI
[2012.01.08 23:10:21 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.08 17:02:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.04 14:59:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.04 14:59:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.04 14:59:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.04 14:59:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.04 14:59:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.04 14:59:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmartviewAgent] "C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe" File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [ASRockIES]  File not found
O4 - HKCU..\Run: [ASRockOCTuner]  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - HKCU..\Run: [zASRockInstantBoot]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EA704FC-EC20-4456-8B31-5C8D461291EC}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (C:\Users\Felix\AppData\Local\971d70e1\X) -C:\Users\Felix\AppData\Local\971d70e1\X ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7c071240-eb89-11e0-9be3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7c071240-eb89-11e0-9be3-806e6f6e6963}\Shell\AutoRun\command - "" = H:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6C98923B-6A96-2597-20E7-4D3D604F5477} - Java (Sun)
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: 4Y3Y0C3AXF7XZDXVBZRZXYX - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: avupdate - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Freecorder FLV Service - hkey= - key= - C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SmartViewAgent - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.19 16:01:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Felix\Desktop\OTL.exe
[2012.01.18 16:02:34 | 052,128,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012.01.17 18:25:32 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\Malwarebytes
[2012.01.17 18:25:27 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.01.17 18:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.01.17 18:25:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.17 17:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2012.01.17 13:36:36 | 000,000,000 | -HSD | C] -- C:\Users\Felix\AppData\Local\971d70e1
[2012.01.11 15:46:24 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012.01.11 15:46:24 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012.01.11 15:46:24 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.01.11 15:46:24 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.01.11 15:46:18 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.01.11 15:46:18 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.01.11 15:46:16 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.01.11 15:46:14 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012.01.11 15:46:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012.01.08 20:14:07 | 000,000,000 | ---D | C] -- C:\Users\Felix\Desktop\Auto
[2012.01.07 14:38:48 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012.01.07 14:38:48 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\IrfanView
[2012.01.07 14:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.19 16:04:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.19 16:04:47 | 2566,365,184 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.19 16:01:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Felix\Desktop\OTL.exe
[2012.01.19 15:35:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.19 14:13:21 | 000,012,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.19 14:13:21 | 000,012,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.19 14:01:22 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.17 18:25:28 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.16 16:02:41 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.16 16:02:41 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.16 16:02:41 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.16 16:02:41 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.16 16:02:41 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.07 14:38:49 | 000,001,899 | ---- | M] () -- C:\Users\Felix\Desktop\IrfanView Thumbnails.lnk
[2012.01.07 14:38:49 | 000,001,007 | ---- | M] () -- C:\Users\Felix\Desktop\IrfanView.lnk
[2012.01.04 17:15:16 | 052,128,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.17 18:25:28 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.07 14:38:49 | 000,001,899 | ---- | C] () -- C:\Users\Felix\Desktop\IrfanView Thumbnails.lnk
[2012.01.07 14:38:49 | 000,001,007 | ---- | C] () -- C:\Users\Felix\Desktop\IrfanView.lnk
[2011.10.27 13:59:06 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.27 13:59:04 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.09.14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.05.25 15:08:49 | 000,000,000 | ---- | C] () -- C:\Users\Felix\AppData\Roaming\9094798.exe
[2011.05.25 15:08:49 | 000,000,000 | ---- | C] () -- C:\Users\Felix\AppData\Roaming\5093629.exe
[2011.05.25 15:08:49 | 000,000,000 | ---- | C] () -- C:\Users\Felix\AppData\Roaming\380989.exe
[2011.05.25 13:58:50 | 000,000,000 | ---- | C] () -- C:\Users\Felix\AppData\Roaming\9143281.exe
[2011.05.25 13:58:50 | 000,000,000 | ---- | C] () -- C:\Users\Felix\AppData\Roaming\6454919.exe
[2011.05.25 13:58:50 | 000,000,000 | ---- | C] () -- C:\Users\Felix\AppData\Roaming\2475242.exe
[2011.05.25 13:58:50 | 000,000,000 | ---- | C] () -- C:\Users\Felix\AppData\Roaming\1886399.exe
[2011.05.25 13:47:07 | 000,000,000 | ---- | C] () -- C:\Users\Felix\AppData\Roaming\7237836.exe
[2011.05.25 13:47:07 | 000,000,000 | ---- | C] () -- C:\Users\Felix\AppData\Roaming\7016332.exe
[2011.05.25 13:47:07 | 000,000,000 | ---- | C] () -- C:\Users\Felix\AppData\Roaming\6963887.exe
[2011.05.25 13:47:07 | 000,000,000 | ---- | C] () -- C:\Users\Felix\AppData\Roaming\3292189.exe
[2011.05.25 13:35:24 | 000,011,616 | -HS- | C] () -- C:\Users\Felix\AppData\Local\5111732e22216eo0mc0417
[2011.05.25 13:35:24 | 000,011,616 | -HS- | C] () -- C:\ProgramData\5111732e22216eo0mc0417
[2011.05.25 13:35:18 | 000,000,000 | ---- | C] () -- C:\Users\Felix\AppData\Roaming\9960932.exe
[2011.05.25 13:35:18 | 000,000,000 | ---- | C] () -- C:\Users\Felix\AppData\Roaming\8897694.exe
[2011.05.25 13:35:17 | 000,000,000 | ---- | C] () -- C:\Users\Felix\AppData\Roaming\5824036.exe
[2011.05.25 13:35:17 | 000,000,000 | ---- | C] () -- C:\Users\Felix\AppData\Roaming\2232325.exe
[2011.05.25 12:26:55 | 000,010,876 | -HS- | C] () -- C:\Users\Felix\AppData\Local\8mp7743p600u15y
[2011.05.25 12:26:55 | 000,010,872 | -HS- | C] () -- C:\ProgramData\8mp7743p600u15y
[2011.05.25 12:26:49 | 000,000,000 | ---- | C] () -- C:\Users\Felix\AppData\Roaming\8456810.exe
[2011.05.25 12:26:49 | 000,000,000 | ---- | C] () -- C:\Users\Felix\AppData\Roaming\7987998.exe
[2011.05.25 12:26:49 | 000,000,000 | ---- | C] () -- C:\Users\Felix\AppData\Roaming\7803985.exe
[2011.05.25 12:26:49 | 000,000,000 | ---- | C] () -- C:\Users\Felix\AppData\Roaming\202430.exe
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.02.23 15:17:12 | 000,007,597 | ---- | C] () -- C:\Users\Felix\AppData\Local\Resmon.ResmonCfg
[2011.01.05 15:04:22 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2010.12.29 10:01:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.12.28 18:40:09 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2010.12.28 18:40:09 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2010.12.28 18:40:09 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2010.12.28 18:30:22 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.12.28 18:30:22 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.12.28 00:15:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.02.14 17:49:58 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\ASkySoft
[2010.12.29 10:04:28 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\DAEMON Tools Lite
[2011.03.01 13:56:33 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\DeviceVm
[2011.11.20 17:14:00 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\FreeArc
[2011.06.05 16:31:07 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\HTML Executable
[2011.07.26 09:41:39 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\ImgBurn
[2012.01.07 14:38:48 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\IrfanView
[2011.10.17 19:35:17 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Mp3tag
[2011.02.13 18:08:04 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\OpenOffice.org
[2011.10.27 13:18:34 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Origin
[2011.05.25 12:39:32 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Splashtop
[2011.10.06 16:10:57 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\TeamViewer
[2012.01.19 15:15:52 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\TrueCrypt
[2011.12.01 15:29:19 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.04.11 16:17:14 | 000,000,000 | ---D | M] -- C:\!Temp
[2011.01.08 15:53:01 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.12.28 18:40:15 | 000,000,000 | ---D | M] -- C:\ATI
[2010.12.28 00:10:29 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 16:41:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2007.11.24 19:01:07 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.01.19 19:48:45 | 000,000,000 | ---D | M] -- C:\Garmin
[2010.12.28 18:28:52 | 000,000,000 | ---D | M] -- C:\Intel
[2007.12.20 20:04:22 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2007.11.25 10:57:09 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.10.27 16:07:12 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.18 15:51:23 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.01.17 18:25:27 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2007.11.24 19:01:07 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.12.28 18:24:47 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.01.17 22:37:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.08.16 21:57:43 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.18 15:51:23 | 000,000,000 | ---D | M] -- C:\Windows
[2010.10.22 15:06:13 | 000,000,000 | ---D | M] -- C:\Windows.old
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Felix\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Felix\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Felix\AppData\Local\Temp\RarSFX0\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Felix\AppData\Local\Temp\RarSFX0\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2011.09.26 13:56:40 | 000,000,859 | ---- | M] () -- C:\Users\Felix\.recently-used.xbel
[2011.09.30 18:50:00 | 000,000,046 | -HS- | M] () -- C:\Users\Felix\desktop.ini
[2012.01.19 16:03:40 | 002,621,440 | -HS- | M] () -- C:\Users\Felix\ntuser.dat
[2012.01.19 16:03:39 | 000,262,144 | -HS- | M] () -- C:\Users\Felix\ntuser.dat.LOG1
[2010.12.28 18:25:04 | 000,000,000 | -HS- | M] () -- C:\Users\Felix\ntuser.dat.LOG2
[2010.12.28 18:31:21 | 000,065,536 | -HS- | M] () -- C:\Users\Felix\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.12.28 18:31:21 | 000,524,288 | -HS- | M] () -- C:\Users\Felix\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.12.28 18:31:21 | 000,524,288 | -HS- | M] () -- C:\Users\Felix\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.10.10 21:54:08 | 000,065,536 | -HS- | M] () -- C:\Users\Felix\ntuser.dat{6c5af2d4-f255-11e0-a335-002522723ece}.TM.blf
[2011.10.10 21:54:08 | 000,524,288 | -HS- | M] () -- C:\Users\Felix\ntuser.dat{6c5af2d4-f255-11e0-a335-002522723ece}.TMContainer00000000000000000001.regtrans-ms
[2011.10.10 21:54:08 | 000,524,288 | -HS- | M] () -- C:\Users\Felix\ntuser.dat{6c5af2d4-f255-11e0-a335-002522723ece}.TMContainer00000000000000000002.regtrans-ms
[2010.12.28 18:25:05 | 000,000,020 | -HS- | M] () -- C:\Users\Felix\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A66A990E
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
         

Code:
ATTFilter
OTL Extras logfile created on: 19.01.2012 16:08:23 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Felix\Desktop
64bit- Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,19 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 67,68% Memory free
6,37 Gb Paging File | 5,39 Gb Available in Paging File | 84,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,54 Gb Total Space | 33,50 Gb Free Space | 17,13% Space Free | Partition Type: NTFS
 
Computer Name: FELIX-PC | User Name: Felix | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119CFC4D-EB75-D47F-1209-032721858C32}" = ccc-utility64
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{A73F0084-A1CC-6E42-06DF-D088D583CC2A}" = AMD Media Foundation Decoders
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F809FFB5-6F9B-AFDE-6048-5D9E95A85505}" = AMD Drag and Drop Transcoding
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}" = 極速快感:亡命天涯
"{13AE7598-928A-83E7-548B-44FA68242798}" = CCC Help English
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{211D9A2A-0ECA-7AC7-ABAA-03ED3242F33E}" = Catalyst Control Center
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5066FFF7-0029-BBA3-DD41-D71599987F1B}" = Catalyst Control Center InstallProxy
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller  Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B433B7D6-0A97-4ED4-BE64-863A0B3A0776}_is1" = YouFreeTV Version 0.02
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FECCC297-24D6-F2B0-2BEC-446AC0205EEB}" = Catalyst Control Center Graphics Previews Common
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ASRock IES_is1" = ASRock IES v2.0.8
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.23
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.2.93
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESN Sonar-0.70.4" = ESN Sonar
"FreeArc" = FreeArc 0.666
"Freecorder5.02" = Freecorder 5
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Mp3tag" = Mp3tag v2.49
"Nero8Lite_is1" = Nero 8 Lite 8.3.6.0
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"ST6UNST #1" = Rechentrainer
"Steam App 10" = Counter-Strike
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Total Uninstall 5_is1" = Total Uninstall 5.10.0
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.1.5
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Circuit Construction Kit (DC Only)" = Circuit Construction Kit (DC Only)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 07.01.2012 09:44:51 | Computer Name = Felix-PC | Source = Application Hang | ID = 1002
Description = Programm i_view32.exe, Version 4.3.2.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: f20    Startzeit: 
01cccd41b1ea8a8b    Endzeit: 3    Anwendungspfad: C:\Program Files (x86)\IrfanView\i_view32.exe

Berichts-ID:
   
 
Error - 08.01.2012 08:11:33 | Computer Name = XXX-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 08.01.2012 09:29:23 | Computer Name = XXX-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 08.01.2012 09:36:57 | Computer Name = XXX-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 08.01.2012 09:42:33 | Computer Name = XXX-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\Nero\nero toolkit\nero discspeed\DiscSpeed.exe". Fehler in  Manifest- oder 
Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 08.01.2012 19:30:07 | Computer Name = XXX-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 08.01.2012 19:31:00 | Computer Name = XXX-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 08.01.2012 19:31:20 | Computer Name = XXX-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\Nero\nero toolkit\nero discspeed\DiscSpeed.exe". Fehler in  Manifest- oder 
Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 09.01.2012 14:12:31 | Computer Name = XXX-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 09.01.2012 18:09:27 | Computer Name = XXX-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
[ System Events ]
Error - 17.06.2011 06:25:56 | Computer Name = XXX-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 17.06.2011 06:26:02 | Computer Name = XXX-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 17.06.2011 06:26:02 | Computer Name = XXX-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 17.06.2011 07:09:49 | Computer Name = XXX-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 17.06.2011 09:42:37 | Computer Name = Felix-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 17.06.2011 09:42:43 | Computer Name = XXX-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 17.06.2011 09:42:43 | Computer Name = XXX-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 18.06.2011 05:54:29 | Computer Name = XXX-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 18.06.2011 05:54:35 | Computer Name = XXX-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 18.06.2011 05:54:35 | Computer Name = Felix-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
         

Wäre super denn die Files mal jemand durschschauen könnte, ich versteh da nur Bahnhof.
Und wär auch nett wenn mir jemand meine 3 Fragen beantworten könnte:
1. Ich nutze Online Banking, war aber seit erscheinen des Virus nicht mehr eingelogt, besteht gefahr?
2. Ich habe 2 andere Pc's im Netzwerk besteht für die auch gefahr?
3. Kann ich eine Externe Festplatte zur Datensicherung anschließen?

Note: mich hat irgendwann die lust verlassen, meinen namen in den logfilex in XXX umzubenennen.

Alt 19.01.2012, 20:53   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mediashifting.com Virus eingefangen - Standard

mediashifting.com Virus eingefangen



Bitte die Fragen für später aufheben, erfahrungsgemäß reißt das immer vol aus der Analyse und Bereingung raus.

Führ mal ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.01.2012, 09:03   #6
nitox
 
mediashifting.com Virus eingefangen - Standard

mediashifting.com Virus eingefangen



Hier der Eset Log

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13e5165d30c0764da8fc5ca43564a8eb
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-20 08:52:54
# local_time=2012-01-20 09:52:54 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1797 16775165 100 94 225253 63579102 45418 0
# compatibility_mode=5893 16776574 66 94 22960699 79473732 0 0
# compatibility_mode=8192 67108863 100 0 3808 3808 0 0
# scanned=197105
# found=0
# cleaned=0
# scan_time=7293
         

Alt 20.01.2012, 11:22   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mediashifting.com Virus eingefangen - Standard

mediashifting.com Virus eingefangen



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "www.t-online.de"
FF - prefs.js..extensions.enabledItems: ytvdw@pgport.com:1.1.8
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=2&q="
[2012.01.09 23:56:41 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\am3dzdvp.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011.06.23 03:40:00 | 000,000,923 | ---- | M] () -- C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\am3dzdvp.default\searchplugins\conduit.xml
O4 - HKCU..\Run: [ASRockIES]  File not found
O4 - HKCU..\Run: [ASRockOCTuner]  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7c071240-eb89-11e0-9be3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7c071240-eb89-11e0-9be3-806e6f6e6963}\Shell\AutoRun\command - "" = H:\setup.exe
O20 - HKCU Winlogon: Shell - (C:\Users\Felix\AppData\Local\971d70e1\X) -C:\Users\Felix\AppData\Local\971d70e1\X ()
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A66A990E
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
:Files
C:\Users\Felix\AppData\Local\971d70e1
C:\Users\Felix\AppData\Roaming\*.exe
C:\Users\Felix\AppData\Local\5111732e22216eo0mc0417
C:\ProgramData\5111732e22216eo0mc0417
C:\Users\Felix\AppData\Local\8mp7743p600u15y
C:\ProgramData\8mp7743p600u15y
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.01.2012, 13:07   #8
nitox
 
mediashifting.com Virus eingefangen - Standard

mediashifting.com Virus eingefangen



Ok is gemacht:

Code:
ATTFilter
All processes killed
========== OTL ==========
Prefs.js: "Freecorder Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: false removed from browser.search.suggest.enabled
Prefs.js: "www.t-online.de" removed from browser.startup.homepage
Prefs.js: ytvdw@pgport.com:1.1.8 removed from extensions.enabledItems
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=2&q=" removed from keyword.URL
C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\am3dzdvp.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\searchplugin folder moved successfully.
C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\am3dzdvp.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\modules folder moved successfully.
C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\am3dzdvp.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\META-INF folder moved successfully.
C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\am3dzdvp.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\defaults folder moved successfully.
C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\am3dzdvp.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components folder moved successfully.
C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\am3dzdvp.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\chrome folder moved successfully.
C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\am3dzdvp.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} folder moved successfully.
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\am3dzdvp.default\searchplugins\conduit.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockIES deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockOCTuner deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c071240-eb89-11e0-9be3-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c071240-eb89-11e0-9be3-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c071240-eb89-11e0-9be3-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c071240-eb89-11e0-9be3-806e6f6e6963}\ not found.
File H:\setup.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell not found.
File \Users\Felix\AppData\Local\971d70e1\X) -C:\Users\Felix\AppData\Local\971d70e1\X not found.
ADS C:\ProgramData\TEMP:A66A990E deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== FILES ==========
File\Folder C:\Users\Felix\AppData\Local\971d70e1 not found.
C:\Users\Felix\AppData\Roaming\1886399.exe moved successfully.
C:\Users\Felix\AppData\Roaming\202430.exe moved successfully.
C:\Users\Felix\AppData\Roaming\2232325.exe moved successfully.
C:\Users\Felix\AppData\Roaming\2475242.exe moved successfully.
C:\Users\Felix\AppData\Roaming\3292189.exe moved successfully.
C:\Users\Felix\AppData\Roaming\380989.exe moved successfully.
C:\Users\Felix\AppData\Roaming\5093629.exe moved successfully.
C:\Users\Felix\AppData\Roaming\5824036.exe moved successfully.
C:\Users\Felix\AppData\Roaming\6454919.exe moved successfully.
C:\Users\Felix\AppData\Roaming\6963887.exe moved successfully.
C:\Users\Felix\AppData\Roaming\7016332.exe moved successfully.
C:\Users\Felix\AppData\Roaming\7237836.exe moved successfully.
C:\Users\Felix\AppData\Roaming\7803985.exe moved successfully.
C:\Users\Felix\AppData\Roaming\7987998.exe moved successfully.
C:\Users\Felix\AppData\Roaming\8456810.exe moved successfully.
C:\Users\Felix\AppData\Roaming\8897694.exe moved successfully.
C:\Users\Felix\AppData\Roaming\9094798.exe moved successfully.
C:\Users\Felix\AppData\Roaming\9143281.exe moved successfully.
C:\Users\Felix\AppData\Roaming\9960932.exe moved successfully.
C:\Users\Felix\AppData\Local\5111732e22216eo0mc0417 moved successfully.
C:\ProgramData\5111732e22216eo0mc0417 moved successfully.
C:\Users\Felix\AppData\Local\8mp7743p600u15y moved successfully.
C:\ProgramData\8mp7743p600u15y moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Felix
->Temp folder emptied: 1279117 bytes
->Temporary Internet Files folder emptied: 55939798 bytes
->Java cache emptied: 14812433 bytes
->FireFox cache emptied: 878162285 bytes
->Flash cache emptied: 8482 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3237984 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 174384 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 910,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01202012_135815

Files\Folders moved on Reboot...
C:\Users\Felix\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Alt 20.01.2012, 19:48   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mediashifting.com Virus eingefangen - Standard

mediashifting.com Virus eingefangen



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.01.2012, 19:39   #10
nitox
 
mediashifting.com Virus eingefangen - Standard

mediashifting.com Virus eingefangen



Danke erst schonmal für die super Hilfe!

Hier die logs:
Code:
ATTFilter
20:29:37.0906 4224	TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
20:29:38.0095 4224	============================================================
20:29:38.0095 4224	Current date / time: 2012/01/21 20:29:38.0095
20:29:38.0095 4224	SystemInfo:
20:29:38.0095 4224	
20:29:38.0095 4224	OS Version: 6.1.7601 ServicePack: 1.0
20:29:38.0095 4224	Product type: Workstation
20:29:38.0095 4224	ComputerName: FELIX-PC
20:29:38.0095 4224	UserName: Felix
20:29:38.0095 4224	Windows directory: C:\Windows
20:29:38.0095 4224	System windows directory: C:\Windows
20:29:38.0095 4224	Running under WOW64
20:29:38.0095 4224	Processor architecture: Intel x64
20:29:38.0095 4224	Number of processors: 4
20:29:38.0095 4224	Page size: 0x1000
20:29:38.0095 4224	Boot type: Normal boot
20:29:38.0095 4224	============================================================
20:29:38.0944 4224	Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:29:38.0947 4224	Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:29:38.0988 4224	Initialize success
20:29:45.0208 3608	Deinitialize success
         
Code:
ATTFilter
20:33:02.0072 2748	TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
20:33:02.0176 2748	============================================================
20:33:02.0176 2748	Current date / time: 2012/01/21 20:33:02.0176
20:33:02.0176 2748	SystemInfo:
20:33:02.0176 2748	
20:33:02.0176 2748	OS Version: 6.1.7601 ServicePack: 1.0
20:33:02.0176 2748	Product type: Workstation
20:33:02.0176 2748	ComputerName: FELIX-PC
20:33:02.0176 2748	UserName: Felix
20:33:02.0176 2748	Windows directory: C:\Windows
20:33:02.0176 2748	System windows directory: C:\Windows
20:33:02.0176 2748	Running under WOW64
20:33:02.0176 2748	Processor architecture: Intel x64
20:33:02.0176 2748	Number of processors: 4
20:33:02.0176 2748	Page size: 0x1000
20:33:02.0176 2748	Boot type: Normal boot
20:33:02.0176 2748	============================================================
20:33:02.0927 2748	Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:33:02.0931 2748	Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:33:02.0972 2748	Initialize success
20:33:11.0012 4372	============================================================
20:33:11.0012 4372	Scan started
20:33:11.0012 4372	Mode: Manual; SigCheck; TDLFS; 
20:33:11.0012 4372	============================================================
20:33:11.0313 4372	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:33:11.0366 4372	1394ohci - ok
20:33:11.0410 4372	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:33:11.0423 4372	ACPI - ok
20:33:11.0456 4372	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:33:11.0472 4372	AcpiPmi - ok
20:33:11.0557 4372	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:33:11.0574 4372	adp94xx - ok
20:33:11.0607 4372	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:33:11.0621 4372	adpahci - ok
20:33:11.0663 4372	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:33:11.0674 4372	adpu320 - ok
20:33:11.0753 4372	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
20:33:11.0770 4372	AFD - ok
20:33:11.0810 4372	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:33:11.0821 4372	agp440 - ok
20:33:11.0875 4372	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:33:11.0884 4372	aliide - ok
20:33:11.0942 4372	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:33:11.0952 4372	amdide - ok
20:33:11.0997 4372	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:33:12.0008 4372	AmdK8 - ok
20:33:12.0302 4372	amdkmdag        (446a1aad34191665a8df6092bd8eb5a8) C:\Windows\system32\DRIVERS\atikmdag.sys
20:33:12.0419 4372	amdkmdag - ok
20:33:12.0513 4372	amdkmdap        (f8f8a908fdb005a65ddf7238c814eea5) C:\Windows\system32\DRIVERS\atikmpag.sys
20:33:12.0531 4372	amdkmdap - ok
20:33:12.0558 4372	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:33:12.0570 4372	AmdPPM - ok
20:33:12.0615 4372	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:33:12.0625 4372	amdsata - ok
20:33:12.0691 4372	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:33:12.0703 4372	amdsbs - ok
20:33:12.0725 4372	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:33:12.0735 4372	amdxata - ok
20:33:12.0784 4372	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:33:12.0815 4372	AppID - ok
20:33:12.0902 4372	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:33:12.0912 4372	arc - ok
20:33:12.0942 4372	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:33:12.0953 4372	arcsas - ok
20:33:12.0980 4372	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:33:13.0012 4372	AsyncMac - ok
20:33:13.0041 4372	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:33:13.0050 4372	atapi - ok
20:33:13.0136 4372	AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
20:33:13.0173 4372	AtiHDAudioService - ok
20:33:13.0423 4372	atikmdag        (446a1aad34191665a8df6092bd8eb5a8) C:\Windows\system32\DRIVERS\atikmdag.sys
20:33:13.0541 4372	atikmdag - ok
20:33:13.0617 4372	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
20:33:13.0625 4372	avgntflt - ok
20:33:13.0686 4372	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
20:33:13.0695 4372	avipbb - ok
20:33:13.0783 4372	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:33:13.0798 4372	b06bdrv - ok
20:33:13.0833 4372	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:33:13.0847 4372	b57nd60a - ok
20:33:13.0879 4372	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:33:13.0913 4372	Beep - ok
20:33:13.0988 4372	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:33:14.0000 4372	blbdrive - ok
20:33:14.0044 4372	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:33:14.0056 4372	bowser - ok
20:33:14.0137 4372	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:33:14.0151 4372	BrFiltLo - ok
20:33:14.0180 4372	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:33:14.0195 4372	BrFiltUp - ok
20:33:14.0220 4372	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:33:14.0234 4372	Brserid - ok
20:33:14.0250 4372	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:33:14.0265 4372	BrSerWdm - ok
20:33:14.0283 4372	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:33:14.0296 4372	BrUsbMdm - ok
20:33:14.0313 4372	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:33:14.0324 4372	BrUsbSer - ok
20:33:14.0401 4372	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:33:14.0416 4372	BTHMODEM - ok
20:33:14.0446 4372	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:33:14.0479 4372	cdfs - ok
20:33:14.0549 4372	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:33:14.0562 4372	cdrom - ok
20:33:14.0777 4372	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:33:14.0791 4372	circlass - ok
20:33:14.0824 4372	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:33:14.0837 4372	CLFS - ok
20:33:14.0914 4372	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:33:14.0925 4372	CmBatt - ok
20:33:14.0979 4372	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:33:14.0989 4372	cmdide - ok
20:33:15.0028 4372	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:33:15.0048 4372	CNG - ok
20:33:15.0087 4372	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:33:15.0097 4372	Compbatt - ok
20:33:15.0153 4372	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:33:15.0167 4372	CompositeBus - ok
20:33:15.0222 4372	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:33:15.0231 4372	crcdisk - ok
20:33:15.0317 4372	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:33:15.0333 4372	CSC - ok
20:33:15.0368 4372	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:33:15.0400 4372	DfsC - ok
20:33:15.0461 4372	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:33:15.0495 4372	discache - ok
20:33:15.0541 4372	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:33:15.0551 4372	Disk - ok
20:33:15.0598 4372	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:33:15.0612 4372	drmkaud - ok
20:33:15.0691 4372	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:33:15.0713 4372	DXGKrnl - ok
20:33:15.0760 4372	E1G60           (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
20:33:15.0773 4372	E1G60 - ok
20:33:15.0872 4372	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:33:15.0917 4372	ebdrv - ok
20:33:16.0012 4372	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:33:16.0028 4372	elxstor - ok
20:33:16.0060 4372	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:33:16.0072 4372	ErrDev - ok
20:33:16.0101 4372	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:33:16.0135 4372	exfat - ok
20:33:16.0153 4372	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:33:16.0187 4372	fastfat - ok
20:33:16.0256 4372	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:33:16.0268 4372	fdc - ok
20:33:16.0300 4372	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:33:16.0310 4372	FileInfo - ok
20:33:16.0325 4372	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:33:16.0358 4372	Filetrace - ok
20:33:16.0374 4372	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:33:16.0385 4372	flpydisk - ok
20:33:16.0413 4372	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:33:16.0426 4372	FltMgr - ok
20:33:16.0488 4372	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:33:16.0498 4372	FsDepends - ok
20:33:16.0519 4372	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:33:16.0529 4372	Fs_Rec - ok
20:33:16.0559 4372	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:33:16.0574 4372	fvevol - ok
20:33:16.0589 4372	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:33:16.0600 4372	gagp30kx - ok
20:33:16.0662 4372	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:33:16.0668 4372	GEARAspiWDM - ok
20:33:16.0765 4372	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:33:16.0777 4372	hcw85cir - ok
20:33:16.0860 4372	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:33:16.0877 4372	HdAudAddService - ok
20:33:16.0930 4372	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:33:16.0946 4372	HDAudBus - ok
20:33:16.0977 4372	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:33:16.0988 4372	HidBatt - ok
20:33:17.0047 4372	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:33:17.0062 4372	HidBth - ok
20:33:17.0087 4372	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:33:17.0101 4372	HidIr - ok
20:33:17.0154 4372	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
20:33:17.0166 4372	HidUsb - ok
20:33:17.0234 4372	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:33:17.0245 4372	HpSAMD - ok
20:33:17.0298 4372	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:33:17.0336 4372	HTTP - ok
20:33:17.0366 4372	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:33:17.0375 4372	hwpolicy - ok
20:33:17.0446 4372	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:33:17.0458 4372	i8042prt - ok
20:33:17.0516 4372	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:33:17.0531 4372	iaStorV - ok
20:33:17.0576 4372	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:33:17.0585 4372	iirsp - ok
20:33:17.0710 4372	IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\Windows\system32\drivers\RTKVHD64.sys
20:33:17.0744 4372	IntcAzAudAddService - ok
20:33:17.0773 4372	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:33:17.0783 4372	intelide - ok
20:33:17.0861 4372	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:33:17.0874 4372	intelppm - ok
20:33:17.0913 4372	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:33:17.0944 4372	IpFilterDriver - ok
20:33:17.0997 4372	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:33:18.0009 4372	IPMIDRV - ok
20:33:18.0099 4372	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:33:18.0133 4372	IPNAT - ok
20:33:18.0188 4372	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:33:18.0205 4372	IRENUM - ok
20:33:18.0295 4372	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:33:18.0306 4372	isapnp - ok
20:33:18.0349 4372	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:33:18.0363 4372	iScsiPrt - ok
20:33:18.0389 4372	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:33:18.0399 4372	kbdclass - ok
20:33:18.0458 4372	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:33:18.0471 4372	kbdhid - ok
20:33:18.0516 4372	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:33:18.0528 4372	KSecDD - ok
20:33:18.0563 4372	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:33:18.0575 4372	KSecPkg - ok
20:33:18.0644 4372	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:33:18.0678 4372	ksthunk - ok
20:33:18.0730 4372	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:33:18.0765 4372	lltdio - ok
20:33:18.0852 4372	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:33:18.0863 4372	LSI_FC - ok
20:33:18.0891 4372	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:33:18.0902 4372	LSI_SAS - ok
20:33:18.0927 4372	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:33:18.0938 4372	LSI_SAS2 - ok
20:33:18.0970 4372	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:33:18.0981 4372	LSI_SCSI - ok
20:33:19.0053 4372	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:33:19.0086 4372	luafv - ok
20:33:19.0119 4372	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
20:33:19.0126 4372	MBAMProtector - ok
20:33:19.0166 4372	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:33:19.0176 4372	megasas - ok
20:33:19.0250 4372	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:33:19.0263 4372	MegaSR - ok
20:33:19.0299 4372	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:33:19.0333 4372	Modem - ok
20:33:19.0367 4372	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:33:19.0381 4372	monitor - ok
20:33:19.0456 4372	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:33:19.0465 4372	mouclass - ok
20:33:19.0518 4372	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:33:19.0530 4372	mouhid - ok
20:33:19.0564 4372	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:33:19.0575 4372	mountmgr - ok
20:33:19.0613 4372	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:33:19.0624 4372	mpio - ok
20:33:19.0680 4372	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:33:19.0713 4372	mpsdrv - ok
20:33:19.0748 4372	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:33:19.0765 4372	MRxDAV - ok
20:33:19.0825 4372	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:33:19.0838 4372	mrxsmb - ok
20:33:19.0981 4372	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:33:19.0995 4372	mrxsmb10 - ok
20:33:20.0046 4372	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:33:20.0059 4372	mrxsmb20 - ok
20:33:20.0087 4372	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:33:20.0098 4372	msahci - ok
20:33:20.0144 4372	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:33:20.0156 4372	msdsm - ok
20:33:20.0199 4372	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:33:20.0232 4372	Msfs - ok
20:33:20.0295 4372	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:33:20.0328 4372	mshidkmdf - ok
20:33:20.0358 4372	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:33:20.0368 4372	msisadrv - ok
20:33:20.0421 4372	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:33:20.0454 4372	MSKSSRV - ok
20:33:20.0517 4372	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:33:20.0549 4372	MSPCLOCK - ok
20:33:20.0581 4372	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:33:20.0613 4372	MSPQM - ok
20:33:20.0646 4372	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:33:20.0661 4372	MsRPC - ok
20:33:20.0709 4372	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:33:20.0720 4372	mssmbios - ok
20:33:20.0789 4372	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:33:20.0821 4372	MSTEE - ok
20:33:20.0834 4372	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:33:20.0847 4372	MTConfig - ok
20:33:20.0875 4372	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:33:20.0885 4372	Mup - ok
20:33:20.0918 4372	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:33:20.0937 4372	NativeWifiP - ok
20:33:21.0028 4372	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:33:21.0049 4372	NDIS - ok
20:33:21.0095 4372	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:33:21.0129 4372	NdisCap - ok
20:33:21.0189 4372	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:33:21.0221 4372	NdisTapi - ok
20:33:21.0256 4372	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:33:21.0288 4372	Ndisuio - ok
20:33:21.0322 4372	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:33:21.0354 4372	NdisWan - ok
20:33:21.0392 4372	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:33:21.0424 4372	NDProxy - ok
20:33:21.0484 4372	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:33:21.0518 4372	NetBIOS - ok
20:33:21.0554 4372	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:33:21.0587 4372	NetBT - ok
20:33:21.0625 4372	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:33:21.0635 4372	nfrd960 - ok
20:33:21.0666 4372	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:33:21.0698 4372	Npfs - ok
20:33:21.0767 4372	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:33:21.0800 4372	nsiproxy - ok
20:33:21.0874 4372	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:33:21.0906 4372	Ntfs - ok
20:33:21.0974 4372	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:33:22.0007 4372	Null - ok
20:33:22.0049 4372	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:33:22.0061 4372	nvraid - ok
20:33:22.0094 4372	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:33:22.0107 4372	nvstor - ok
20:33:22.0135 4372	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:33:22.0147 4372	nv_agp - ok
20:33:22.0221 4372	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:33:22.0234 4372	ohci1394 - ok
20:33:22.0322 4372	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:33:22.0334 4372	Parport - ok
20:33:22.0397 4372	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:33:22.0408 4372	partmgr - ok
20:33:22.0441 4372	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:33:22.0453 4372	pci - ok
20:33:22.0476 4372	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:33:22.0485 4372	pciide - ok
20:33:22.0528 4372	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:33:22.0541 4372	pcmcia - ok
20:33:22.0597 4372	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:33:22.0608 4372	pcw - ok
20:33:22.0641 4372	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:33:22.0680 4372	PEAUTH - ok
20:33:22.0797 4372	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:33:22.0830 4372	PptpMiniport - ok
20:33:22.0868 4372	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:33:22.0880 4372	Processor - ok
20:33:22.0934 4372	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:33:22.0966 4372	Psched - ok
20:33:23.0059 4372	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:33:23.0088 4372	ql2300 - ok
20:33:23.0126 4372	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:33:23.0138 4372	ql40xx - ok
20:33:23.0190 4372	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:33:23.0207 4372	QWAVEdrv - ok
20:33:23.0229 4372	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:33:23.0262 4372	RasAcd - ok
20:33:23.0291 4372	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:33:23.0324 4372	RasAgileVpn - ok
20:33:23.0369 4372	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:33:23.0402 4372	Rasl2tp - ok
20:33:23.0472 4372	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:33:23.0505 4372	RasPppoe - ok
20:33:23.0554 4372	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:33:23.0587 4372	RasSstp - ok
20:33:23.0623 4372	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:33:23.0657 4372	rdbss - ok
20:33:23.0722 4372	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:33:23.0736 4372	rdpbus - ok
20:33:23.0754 4372	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:33:23.0788 4372	RDPCDD - ok
20:33:23.0822 4372	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:33:23.0835 4372	RDPDR - ok
20:33:23.0867 4372	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:33:23.0900 4372	RDPENCDD - ok
20:33:23.0966 4372	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:33:24.0000 4372	RDPREFMP - ok
20:33:24.0053 4372	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
20:33:24.0065 4372	RdpVideoMiniport - ok
20:33:24.0105 4372	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:33:24.0138 4372	RDPWD - ok
20:33:24.0214 4372	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:33:24.0227 4372	rdyboost - ok
20:33:24.0280 4372	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:33:24.0313 4372	rspndr - ok
20:33:24.0365 4372	RTL8167         (f65f171165fbb613f7aa3cc78e8cab42) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:33:24.0379 4372	RTL8167 - ok
20:33:24.0443 4372	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:33:24.0456 4372	s3cap - ok
20:33:24.0504 4372	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:33:24.0516 4372	sbp2port - ok
20:33:24.0566 4372	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:33:24.0596 4372	scfilter - ok
20:33:24.0675 4372	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:33:24.0708 4372	secdrv - ok
20:33:24.0744 4372	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:33:24.0756 4372	Serenum - ok
20:33:24.0787 4372	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:33:24.0799 4372	Serial - ok
20:33:24.0831 4372	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:33:24.0843 4372	sermouse - ok
20:33:24.0921 4372	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:33:24.0932 4372	sffdisk - ok
20:33:24.0958 4372	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:33:24.0970 4372	sffp_mmc - ok
20:33:25.0000 4372	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:33:25.0014 4372	sffp_sd - ok
20:33:25.0047 4372	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:33:25.0060 4372	sfloppy - ok
20:33:25.0125 4372	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:33:25.0134 4372	SiSRaid2 - ok
20:33:25.0149 4372	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:33:25.0160 4372	SiSRaid4 - ok
20:33:25.0216 4372	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:33:25.0249 4372	Smb - ok
20:33:25.0327 4372	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:33:25.0336 4372	spldr - ok
20:33:25.0394 4372	sptd            (a6cff1af7664627a296b6a0a96cf876e) C:\Windows\System32\Drivers\sptd.sys
20:33:25.0394 4372	Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: a6cff1af7664627a296b6a0a96cf876e
20:33:25.0396 4372	sptd ( LockedFile.Multi.Generic ) - warning
20:33:25.0396 4372	sptd - detected LockedFile.Multi.Generic (1)
20:33:25.0440 4372	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:33:25.0456 4372	srv - ok
20:33:25.0527 4372	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:33:25.0541 4372	srv2 - ok
20:33:25.0567 4372	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:33:25.0580 4372	srvnet - ok
20:33:25.0629 4372	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:33:25.0639 4372	stexstor - ok
20:33:25.0721 4372	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:33:25.0731 4372	storflt - ok
20:33:25.0760 4372	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:33:25.0771 4372	storvsc - ok
20:33:25.0801 4372	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:33:25.0811 4372	swenum - ok
20:33:25.0888 4372	Synth3dVsc - ok
20:33:25.0973 4372	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:33:26.0009 4372	Tcpip - ok
20:33:26.0065 4372	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:33:26.0100 4372	TCPIP6 - ok
20:33:26.0156 4372	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:33:26.0187 4372	tcpipreg - ok
20:33:26.0222 4372	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:33:26.0254 4372	TDPIPE - ok
20:33:26.0278 4372	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:33:26.0311 4372	TDTCP - ok
20:33:26.0344 4372	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:33:26.0376 4372	tdx - ok
20:33:26.0443 4372	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:33:26.0454 4372	TermDD - ok
20:33:26.0546 4372	truecrypt       (ea43de1743c1ba0d2d17b8db90c91d88) C:\Windows\system32\drivers\truecrypt.sys
20:33:26.0558 4372	truecrypt - ok
20:33:26.0621 4372	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:33:26.0652 4372	tssecsrv - ok
20:33:26.0701 4372	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:33:26.0713 4372	TsUsbFlt - ok
20:33:26.0728 4372	tsusbhub - ok
20:33:26.0807 4372	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:33:26.0839 4372	tunnel - ok
20:33:26.0874 4372	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:33:26.0884 4372	uagp35 - ok
20:33:26.0922 4372	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:33:26.0957 4372	udfs - ok
20:33:27.0004 4372	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:33:27.0015 4372	uliagpkx - ok
20:33:27.0090 4372	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:33:27.0103 4372	umbus - ok
20:33:27.0135 4372	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:33:27.0148 4372	UmPass - ok
20:33:27.0193 4372	USBAAPL64       (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
20:33:27.0203 4372	USBAAPL64 - ok
20:33:27.0271 4372	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:33:27.0284 4372	usbccgp - ok
20:33:27.0329 4372	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:33:27.0344 4372	usbcir - ok
20:33:27.0367 4372	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:33:27.0379 4372	usbehci - ok
20:33:27.0448 4372	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:33:27.0464 4372	usbhub - ok
20:33:27.0486 4372	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:33:27.0498 4372	usbohci - ok
20:33:27.0523 4372	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:33:27.0538 4372	usbprint - ok
20:33:27.0567 4372	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:33:27.0580 4372	USBSTOR - ok
20:33:27.0602 4372	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:33:27.0614 4372	usbuhci - ok
20:33:27.0682 4372	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:33:27.0693 4372	vdrvroot - ok
20:33:27.0735 4372	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:33:27.0749 4372	vga - ok
20:33:27.0789 4372	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:33:27.0822 4372	VgaSave - ok
20:33:27.0892 4372	VGPU - ok
20:33:27.0933 4372	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:33:27.0946 4372	vhdmp - ok
20:33:27.0979 4372	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:33:27.0990 4372	viaide - ok
20:33:28.0027 4372	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:33:28.0040 4372	vmbus - ok
20:33:28.0099 4372	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:33:28.0110 4372	VMBusHID - ok
20:33:28.0136 4372	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:33:28.0146 4372	volmgr - ok
20:33:28.0180 4372	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:33:28.0195 4372	volmgrx - ok
20:33:28.0238 4372	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:33:28.0250 4372	volsnap - ok
20:33:28.0321 4372	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:33:28.0333 4372	vsmraid - ok
20:33:28.0358 4372	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:33:28.0374 4372	vwifibus - ok
20:33:28.0406 4372	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:33:28.0418 4372	WacomPen - ok
20:33:28.0499 4372	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:33:28.0531 4372	WANARP - ok
20:33:28.0536 4372	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:33:28.0568 4372	Wanarpv6 - ok
20:33:28.0603 4372	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:33:28.0613 4372	Wd - ok
20:33:28.0648 4372	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:33:28.0666 4372	Wdf01000 - ok
20:33:28.0750 4372	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:33:28.0782 4372	WfpLwf - ok
20:33:28.0809 4372	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:33:28.0819 4372	WIMMount - ok
20:33:28.0894 4372	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:33:28.0909 4372	WinUsb - ok
20:33:29.0008 4372	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:33:29.0021 4372	WmiAcpi - ok
20:33:29.0072 4372	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:33:29.0105 4372	ws2ifsl - ok
20:33:29.0156 4372	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:33:29.0188 4372	WudfPf - ok
20:33:29.0265 4372	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:33:29.0297 4372	WUDFRd - ok
20:33:29.0358 4372	xusb21          (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
20:33:29.0368 4372	xusb21 - ok
20:33:29.0386 4372	MBR (0x1B8)     (1f998be06dc960ce70b919fff503e98c) \Device\Harddisk0\DR0
20:33:29.0480 4372	\Device\Harddisk0\DR0 - ok
20:33:29.0484 4372	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
20:33:29.0550 4372	\Device\Harddisk1\DR1 - ok
20:33:29.0553 4372	Boot (0x1200)   (9c86d25f885656401b5bb5610c0a7202) \Device\Harddisk0\DR0\Partition0
20:33:29.0553 4372	\Device\Harddisk0\DR0\Partition0 - ok
20:33:29.0571 4372	Boot (0x1200)   (2905d8877c090d7ba500456801d98a9c) \Device\Harddisk0\DR0\Partition1
20:33:29.0571 4372	\Device\Harddisk0\DR0\Partition1 - ok
20:33:29.0574 4372	Boot (0x1200)   (07f06abb90314b47d213f4056a8735ec) \Device\Harddisk1\DR1\Partition0
20:33:29.0574 4372	\Device\Harddisk1\DR1\Partition0 - ok
20:33:29.0575 4372	============================================================
20:33:29.0575 4372	Scan finished
20:33:29.0575 4372	============================================================
20:33:29.0585 4204	Detected object count: 1
20:33:29.0585 4204	Actual detected object count: 1
20:33:31.0606 4204	sptd ( LockedFile.Multi.Generic ) - skipped by user
20:33:31.0606 4204	sptd ( LockedFile.Multi.Generic ) - User select action: Skip
         

Alt 23.01.2012, 11:00   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mediashifting.com Virus eingefangen - Standard

mediashifting.com Virus eingefangen



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.01.2012, 14:28   #12
nitox
 
mediashifting.com Virus eingefangen - Standard

mediashifting.com Virus eingefangen



Log von Combofix:

Code:
ATTFilter
ComboFix 12-01-23.02 - Felix 23.01.2012  15:05:55.1.4 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.49.1031.18.3263.2208 [GMT 1:00]
ausgeführt von:: c:\users\Felix\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Kaspersky Anti-Virus *Disabled/Outdated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Anti-Virus *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Kaspersky Anti-Virus *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\NOTEPAD.EXE-x.txt
c:\programdata\ntuser.dat
c:\programdata\RUNDLL32.EXE-x.txt
c:\windows\assembly\tmp\U
c:\windows\system32\java.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-23 bis 2012-01-23  ))))))))))))))))))))))))))))))
.
.
2012-01-20 13:00 . 2012-01-20 13:00	--------	d-----w-	c:\windows\SysWow64\wbem\en-US
2012-01-20 13:00 . 2012-01-20 13:00	--------	d-----w-	c:\windows\system32\wbem\en-US
2012-01-20 12:58 . 2012-01-20 12:58	--------	d-----w-	C:\_OTL
2012-01-20 09:10 . 2012-01-20 09:10	--------	d-----w-	c:\windows\system32\SPReview
2012-01-20 09:10 . 2012-01-20 09:10	--------	d-----w-	c:\windows\system32\EventProviders
2012-01-20 06:47 . 2012-01-20 06:47	--------	d-----w-	c:\program files (x86)\ESET
2012-01-17 17:25 . 2012-01-17 17:25	--------	d-----w-	c:\users\Felix\AppData\Roaming\Malwarebytes
2012-01-17 17:25 . 2012-01-17 17:25	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-17 17:25 . 2012-01-17 17:25	--------	d-----w-	c:\programdata\Malwarebytes
2012-01-17 17:25 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-01-17 16:52 . 2012-01-17 16:52	--------	d-----w-	c:\programdata\XoftSpySE
2012-01-11 14:46 . 2011-10-26 05:25	1572864	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 14:46 . 2011-10-26 05:25	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-01-11 14:46 . 2011-10-26 04:32	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-01-11 14:46 . 2011-10-26 04:32	1328128	----a-w-	c:\windows\SysWow64\quartz.dll
2012-01-11 14:46 . 2011-11-17 06:41	1731920	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 14:46 . 2011-11-17 05:38	1292080	----a-w-	c:\windows\SysWow64\ntdll.dll
2012-01-11 14:46 . 2011-11-19 14:58	77312	----a-w-	c:\windows\system32\packager.dll
2012-01-11 14:46 . 2011-11-19 14:01	67072	----a-w-	c:\windows\SysWow64\packager.dll
2012-01-08 22:10 . 2012-01-08 22:10	626688	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-08 22:10 . 2012-01-08 22:10	548864	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-08 22:10 . 2012-01-08 22:10	479232	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-08 22:10 . 2012-01-08 22:10	43992	----a-w-	c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-07 13:38 . 2012-01-07 13:38	--------	d-----w-	c:\users\Felix\AppData\Roaming\IrfanView
2012-01-07 13:38 . 2012-01-07 13:38	--------	d-----w-	c:\program files (x86)\IrfanView
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-20 09:18 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2012-01-20 09:18 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2011-12-08 13:56 . 2011-12-08 13:56	158056	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-24 04:52 . 2011-12-14 15:41	3145216	----a-w-	c:\windows\system32\win32k.sys
2011-11-06 18:48 . 2011-10-27 13:15	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2011-11-06 18:48 . 2011-10-27 12:59	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2011-11-06 18:37 . 2011-10-27 12:59	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2011-11-05 05:32 . 2011-12-14 15:41	2048	----a-w-	c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 15:41	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2011-10-27 13:05 . 2011-10-27 12:59	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2011-10-26 05:21 . 2011-12-14 15:41	43520	----a-w-	c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2011-03-07 1496528]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"CTSyncService"="c:\program files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe" [2009-07-08 1233195]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24 136176]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-12-28 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-28 79360]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-12-28 79360]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24 14:04]
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-24 14:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\am3dzdvp.default\
FF - prefs.js: browser.search.defaulturl - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-23  15:17:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-23 14:17
.
Vor Suchlauf: 13 Verzeichnis(se), 60.482.887.680 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 60.315.607.040 Bytes frei
.
- - End Of File - - 636E929C16A06100DB0D03A6CE063352
         

Alt 23.01.2012, 14:29   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mediashifting.com Virus eingefangen - Standard

mediashifting.com Virus eingefangen



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.01.2012, 15:59   #14
nitox
 
mediashifting.com Virus eingefangen - Standard

mediashifting.com Virus eingefangen



Hier der Log:

Code:
ATTFilter
aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-23 16:32:03
-----------------------------
16:32:03.036    OS Version: Windows x64 6.1.7601 Service Pack 1
16:32:03.036    Number of processors: 4 586 0xF0B
16:32:03.036    ComputerName: FELIX-PC  UserName: Felix
16:32:03.645    Initialize success
16:32:09.645    AVAST engine defs: 12012300
16:32:14.145    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
16:32:14.145    Disk 0 Vendor: HDS724040KLSA80 KFAOA46A Size: 381554MB BusType: 3
16:32:14.176    Disk 0 MBR read successfully
16:32:14.176    Disk 0 MBR scan
16:32:14.176    Disk 0 Windows 7 default MBR code
16:32:14.192    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       200238 MB offset 2048
16:32:14.208    Disk 0 Partition 2 00     07    HPFS/NTFS            181314 MB offset 410089472
16:32:14.223    Service scanning
16:32:14.895    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
16:32:15.442    Modules scanning
16:32:15.442    Disk 0 trace - called modules:
16:32:15.458    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80030572c0]<<
16:32:15.473    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80037b1060]
16:32:15.473    3 CLASSPNP.SYS[fffff88001bc743f] -> nt!IofCallDriver -> [0xfffffa80026fde40]
16:32:15.473    5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa800353b060]
16:32:15.489    \Driver\atapi[0xfffffa8003507060] -> IRP_MJ_CREATE -> 0xfffffa80030572c0
16:32:16.270    AVAST engine scan C:\Windows
16:32:25.661    AVAST engine scan C:\Windows\system32
16:34:59.801    AVAST engine scan C:\Windows\system32\drivers
16:35:08.098    AVAST engine scan C:\Users\Felix
16:39:48.645    AVAST engine scan C:\ProgramData
16:40:16.926    Scan finished successfully
16:58:02.973    Disk 0 MBR has been saved successfully to "C:\Users\Felix\Desktop\MBR.dat"
16:58:02.973    The log file has been saved successfully to "C:\Users\Felix\Desktop\aswMBR.txt"
         

Alt 23.01.2012, 20:21   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mediashifting.com Virus eingefangen - Standard

mediashifting.com Virus eingefangen



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu mediashifting.com Virus eingefangen
alternate, antivir, autorun, avira, bho, bonjour, computer, daten sichern, desktop, document, entfernen, error, excel.exe, explorer, festplatte, firefox, google earth, installation, langs, launch, logfile, mozilla, netzwerk, nicht gefunden, realtek, registry, scan, senden, software, temp, version=1.0, virus, webcheck, windows



Ähnliche Themen: mediashifting.com Virus eingefangen


  1. mediashifting.com Virus / TR
    Plagegeister aller Art und deren Bekämpfung - 22.02.2012 (18)
  2. Mediashifting Virus - Vorgehen
    Log-Analyse und Auswertung - 21.02.2012 (19)
  3. Virus? Mediashifting?
    Plagegeister aller Art und deren Bekämpfung - 04.02.2012 (5)
  4. Virus mediashifting
    Plagegeister aller Art und deren Bekämpfung - 24.01.2012 (25)
  5. "Mediashifting.com" Virus
    Plagegeister aller Art und deren Bekämpfung - 20.01.2012 (69)
  6. Mediashifting-Problem -mediashifting.com/?search=A123&subid=73&key=aa72a328fb1b718e9e62&p=1
    Plagegeister aller Art und deren Bekämpfung - 17.01.2012 (13)
  7. Mediashifting p95
    Log-Analyse und Auswertung - 11.01.2012 (1)
  8. mediashifting.com / 95p.com
    Plagegeister aller Art und deren Bekämpfung - 10.01.2012 (2)
  9. mediashifting.com und OTL
    Log-Analyse und Auswertung - 04.01.2012 (8)
  10. 95p.com/mediashifting
    Plagegeister aller Art und deren Bekämpfung - 04.01.2012 (9)
  11. Virus ADSPY/AdSpy.Gen2 und mediashifting.com/?search=.....
    Log-Analyse und Auswertung - 31.12.2011 (2)
  12. Mediashifting.com Virus / Backdoor.Agent
    Log-Analyse und Auswertung - 31.12.2011 (1)
  13. Mediashifting.com Virus
    Log-Analyse und Auswertung - 30.12.2011 (2)
  14. mediashifting 95p ...
    Plagegeister aller Art und deren Bekämpfung - 30.12.2011 (7)
  15. Mediashifting/p95 - Automatisches Öffnen von mediashifting.com+kein Öffnen von Suchergebniss möglich
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (8)
  16. mediashifting Trojaner/Virus
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (3)
  17. 95p/Mediashifting.com Virus
    Plagegeister aller Art und deren Bekämpfung - 28.12.2011 (1)

Zum Thema mediashifting.com Virus eingefangen - Hallo, ich habe mir leider vor 2 Tagen den mediashifting.com Virus eingefangen . In Firefox öffen sich ständig neue Fenster in denen ich auf mediashiftig.com weitergeleitet werde. Die Seite selbst - mediashifting.com Virus eingefangen...
Archiv
Du betrachtest: mediashifting.com Virus eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.