Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BOO/TDss.M in Masterbootsektor

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.03.2012, 03:36   #1
SirusV
 
BOO/TDss.M in Masterbootsektor - Standard

BOO/TDss.M in Masterbootsektor



Hallo zusammen.
So wie es aussieht benötige ich Hilfe. Bei jedem Systemstart wird mir von antivir ein BOO/TDss.M im Masterbootsektor angezeigt.
Antivir und Malwarebytes habe ich durchlaufen lassen, aber sie haben beide nichts gebracht. Nun hoffe ich hier Hilfe zu meinem Problem zu finden.
Anbei die zwei benötigten Files und schon einmal vielen Dank für eventuelle Bemühungen.

DDS.txt
Code:
ATTFilter
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 8.0.7601.17514
Run by Heckler at 4:15:45 on 2012-03-16
Microsoft Windows 7 Enterprise   6.1.7600.1.1252.49.1031.18.6142.4330 [GMT 1:00]
.
AV: Lavasoft Ad-Watch Live! Virenschutz *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Cherry\CDI\cdi.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Users\Heckler\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Heckler\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Heckler\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Heckler\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Heckler\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\UltraMon\UltraMonUiAcc.exe
C:\Users\Heckler\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Users\Heckler\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = http=127.0.0.1:55151
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File
uRun: [CreativeTaskScheduler] "C:\Program Files (x86)\Creative\Shared Files\CTSched.exe" /logon
uRun: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon
uRun: [Google Update] "C:\Users\Heckler\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [F.lux] "C:\Users\Heckler\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [GizmoDriveDelegate] "M:\Apps\gizmo\gizmo.exe" /RemountStartupImages
uRun: [Creative Software Update] "C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" /Silent
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [CTHelper] CTHELPER.EXE
mRun: [CherryKeyMan] "C:\Program Files (x86)\Cherry\KeyMan\KeyMan.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>] 
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Heckler\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Heckler\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
uPolicies-explorer: NoFavoritesMenu = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube to MP3 Converter - C:\Users\Heckler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab
TCP: DhcpNameServer = 192.168.181.1
TCP: Interfaces\{C5715636-215F-411A-A6BE-F904F807A3DD} : DhcpNameServer = 192.168.181.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64:     SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64:     SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File
mRun-x64: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun-x64: [CTHelper] CTHELPER.EXE
mRun-x64: [CherryKeyMan] "C:\Program Files (x86)\Cherry\KeyMan\KeyMan.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)] 
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Heckler\AppData\Roaming\Mozilla\Firefox\Profiles\ksdlmmir.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Heckler\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 GizmoDrv;Gizmo Device Driver;C:\Windows\system32\drivers\GizmoDrv.sys --> C:\Windows\system32\drivers\GizmoDrv.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-3-31 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-3-31 269480]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-4-29 2152152]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-29 652360]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 Ch64USB;Cherry USB Treiber für CDI;C:\Windows\system32\drivers\Ch64USB.sys --> C:\Windows\system32\drivers\Ch64USB.sys [?]
R3 Ch64USBM;Cherry USB Maus Treiber für CDI;C:\Windows\system32\drivers\Ch64USBM.sys --> C:\Windows\system32\drivers\Ch64USBM.sys [?]
R3 Cherry Device Interface;Cherry Device Interface;C:\Program Files (x86)\Cherry\CDI\cdi.exe [2010-8-25 577582]
R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?]
R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?]
R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-5-13 17152]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8023x64;Realtek 10/100-Netzwerkkartenfamilie-NDIS-x64-Treiber;C:\Windows\system32\DRIVERS\Rtnic64.sys --> C:\Windows\system32\DRIVERS\Rtnic64.sys [?]
R3 RTL8167;Realtek 8167 NT-Treiber;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Gizmo Central;Gizmo Central;M:\Apps\gizmo\gservice.exe --> M:\Apps\gizmo\gservice.exe [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-31 136176]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;M:\Apps\Hamachi\hamachi-2.exe -s --> M:\Apps\Hamachi\hamachi-2.exe -s [?]
S2 TrueCryptSystemFavorites;TrueCrypt System Favorites;C:\Windows\SysWOW64\TrueCrypt.exe [2011-4-1 1496528]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 Ch64PS2;Cherry PS/2 Tastatur Treiber (CDI);C:\Windows\system32\DRIVERS\Ch64PS2.sys --> C:\Windows\system32\DRIVERS\Ch64PS2.sys [?]
S3 COMMONFX;COMMONFX;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-5-18 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-3-30 79360]
S3 CTAUDFX;CTAUDFX;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTERFXFX;CTERFXFX;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTSBLFX;CTSBLFX;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-10 1038088]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-31 136176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
.
=============== Created Last 30 ================
.
2012-03-14 18:43:14	--------	d-----w-	C:\Windows\SysWow64\RTCOM
2012-03-14 18:43:14	--------	d-----w-	C:\Program Files\Realtek
2012-03-04 18:50:34	--------	d-----w-	C:\Users\Heckler\AppData\Roaming\calibre
2012-03-04 18:50:01	--------	d-----w-	C:\Program Files (x86)\Calibre2
2012-03-01 13:23:59	--------	d-----w-	C:\Users\Heckler\AppData\Local\MediaMonkey
2012-03-01 13:23:47	--------	d-----w-	C:\Users\Heckler\AppData\Roaming\MediaMonkey
2012-03-01 13:23:42	--------	d-----w-	C:\ProgramData\MediaMonkey
2012-02-29 18:43:23	--------	d-----w-	C:\11111
2012-02-27 22:08:19	839680	----a-w-	C:\Windows\SysWow64\lameACM.acm
2012-02-27 22:08:19	650752	----a-w-	C:\Windows\SysWow64\xvidcore.dll
2012-02-27 22:08:18	243200	----a-w-	C:\Windows\SysWow64\xvidvfw.dll
2012-02-27 22:08:18	175616	----a-w-	C:\Windows\SysWow64\unrar.dll
2012-02-27 22:08:18	151552	----a-w-	C:\Windows\SysWow64\ac3acm.acm
2012-02-27 22:08:16	79360	----a-w-	C:\Windows\SysWow64\ff_vfw.dll
2012-02-27 22:08:14	--------	d-----w-	C:\Program Files (x86)\K-Lite Codec Pack
2012-02-27 11:20:08	--------	d-----w-	C:\Program Files\Bonjour
2012-02-27 11:20:08	--------	d-----w-	C:\Program Files (x86)\Bonjour
.
==================== Find3M  ====================
.
2012-02-12 16:33:03	1490553	----a-w-	C:\SystemCheck_deDE.exe
.
============= FINISH:  4:16:29,93 ===============
         
Attach.txt
Code:
ATTFilter
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Enterprise 
Boot Device: \Device\HarddiskVolume3
Install Date: 30.03.2011 23:57:24
System Uptime: 16.03.2012 03:56:44 (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | P35-DS3
Processor: Intel(R) Core(TM)2 Duo CPU     E6550  @ 2.33GHz | Socket 775 | 2333/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 28,605 GiB free.
D: is CDROM ()
I: is CDROM ()
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi
.
Class GUID: 
Description: 
Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&30D54F48&0&11F0
Manufacturer: 
Name: 
PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&30D54F48&0&11F0
Service: 
.
==== System Restore Points ===================
.
RP47: 04.03.2012 19:49:23 - Installed calibre
RP48: 15.03.2012 08:35:45 - Geplanter Prüfpunkt
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
AAC Decoder
abgx360 v1.0.5
Acrobat.com
Ad-Aware
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Template Projects & Footage
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe Encore CS4 Library
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI others
Adobe Flash CS4 STI-other
Adobe Flash Player 10 ActiveX
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader X (10.1.2) - Deutsch
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AutoUpdate
Avira AntiVir Personal - Free Antivirus
Battlefield 3™
calibre
CloneCD
Connect
Creative-Audiokonsole
Creative ALchemy
Creative MediaSource 5
Creative Software AutoUpdate
Creative WaveStudio 7
Dig-N-Rig version 1.0
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Dropbox
EasyBits GO
Everything 1.2.1.371
F.lux
FILSHtray version 0.8
Foxit Reader 5.1
Fraps
Free YouTube to MP3 Converter version 3.10.14.1206
Gizmo Central
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
H.264 Decoder
ImgBurn
Java Auto Updater
Java(TM) 6 Update 29
K-Lite Codec Pack 8.2.0 (Full)
KeyMan V3.6 Build 6
Kingdoms of Amalur Reckoning
kuler
League of Legends
LogMeIn Hamachi
LOLReplay
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.60.1.1000
MediaMonkey 4.0
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Office Access MUI (German) 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 DEU
Microsoft SQL Server System CLR Types
Microsoft Visual C# 2010 Express - DEU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Miranda IM 0.9.23
MKV Splitter
Mozilla Firefox 8.0.1 (x86 de)
Nero 7 Lite 7.9.6.0
NVIDIA PhysX
OpenAL
Orcs Must Die!
Pando Media Booster
PDF Settings CS4
Photo Crop Editor 2.0
PhotoPad Image Editor
Photoshop Camera Raw
Pixel Bender Toolkit
Pixillion Image Converter
PokerStars
PunkBuster Services
Realtek High Definition Audio Driver
Recorder
SABnzbd 0.6.9
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Sierra Utilities
Skype Click to Call
Skype™ 5.5
Spybot - Search & Destroy
StationRipper 2.98.2
Suite Shared Configuration CS4
The Lord of the Rings FREE Trial 
TreeSize Free V2.5
Trillian
Trine 2
TrueCrypt
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office Word 2007 (KB974631)
VC80CRTRedist - 8.0.50727.4053
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
.
==== Event Viewer Messages From Past Week ========
.
16.03.2012 04:14:09, Error: Ntfs [137]  - The default transaction resource manager on volume N: encountered a non-retryable error and could not start.  The data contains the error code.
16.03.2012 03:57:11, Error: Service Control Manager [7000]  - The LogMeIn Hamachi 2.0 Tunneling Engine service failed to start due to the following error:  The system cannot find the file specified.
16.03.2012 03:57:11, Error: Service Control Manager [7000]  - The Gizmo Central service failed to start due to the following error:  The system cannot find the file specified.
.
==== End Of File ===========================
         

Alt 16.03.2012, 17:27   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO/TDss.M in Masterbootsektor - Standard

BOO/TDss.M in Masterbootsektor



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________

__________________

Alt 16.03.2012, 18:01   #3
SirusV
 
BOO/TDss.M in Masterbootsektor - Standard

BOO/TDss.M in Masterbootsektor



Danke cosinus!

Hab das Programm rennen lassen und aus Versehen nur bei einem der beiden gefundenen Probleme 'skip' gewählt gehabt. Das andere wurde wohl behoben und wird auch nicht mehr angezeigt bei erneutem Durchlaufen. (Glück im Unglück? )
Hier der Report

Code:
ATTFilter
18:57:24.0089 4696	TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43
18:57:24.0557 4696	============================================================
18:57:24.0557 4696	Current date / time: 2012/03/16 18:57:24.0557
18:57:24.0557 4696	SystemInfo:
18:57:24.0557 4696	
18:57:24.0557 4696	OS Version: 6.1.7600 ServicePack: 1.0
18:57:24.0557 4696	Product type: Workstation
18:57:24.0557 4696	ComputerName: HECKLER-PC
18:57:24.0557 4696	UserName: Heckler
18:57:24.0557 4696	Windows directory: C:\Windows
18:57:24.0557 4696	System windows directory: C:\Windows
18:57:24.0557 4696	Running under WOW64
18:57:24.0557 4696	Processor architecture: Intel x64
18:57:24.0557 4696	Number of processors: 2
18:57:24.0557 4696	Page size: 0x1000
18:57:24.0557 4696	Boot type: Normal boot
18:57:24.0557 4696	============================================================
18:57:26.0383 4696	Drive \Device\Harddisk0\DR0 - Size: 0x950AF4DE00 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:57:26.0398 4696	Drive \Device\Harddisk2\DR2 - Size: 0x25432CDE00 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
18:57:26.0414 4696	Drive \Device\Harddisk1\DR1 - Size: 0x950AF4DE00 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x14301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
18:57:26.0414 4696	\Device\Harddisk0\DR0:
18:57:26.0414 4696	MBR used
18:57:26.0414 4696	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542B000
18:57:26.0414 4696	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2542C000, BlocksNum 0x2542B000
18:57:26.0414 4696	\Device\Harddisk2\DR2:
18:57:26.0414 4696	MBR used
18:57:26.0414 4696	\Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18000
18:57:26.0414 4696	\Device\Harddisk1\DR1:
18:57:26.0414 4696	MBR used
18:57:26.0414 4696	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542B800
18:57:26.0414 4696	\Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x2542C000, BlocksNum 0x2542B000
18:57:26.0476 4696	Initialize success
18:57:26.0476 4696	============================================================
18:57:44.0432 4756	============================================================
18:57:44.0432 4756	Scan started
18:57:44.0432 4756	Mode: Manual; SigCheck; TDLFS; 
18:57:44.0432 4756	============================================================
18:57:45.0805 4756	1394ohci - ok
18:57:45.0820 4756	ACPI - ok
18:57:45.0851 4756	AcpiPmi - ok
18:57:45.0883 4756	adfs - ok
18:57:46.0163 4756	adp94xx - ok
18:57:46.0210 4756	adpahci - ok
18:57:46.0257 4756	adpu320 - ok
18:57:46.0304 4756	AFD - ok
18:57:46.0335 4756	agp440 - ok
18:57:46.0397 4756	aliide - ok
18:57:46.0397 4756	amdide - ok
18:57:46.0429 4756	AmdK8 - ok
18:57:46.0444 4756	amdkmdag - ok
18:57:46.0444 4756	amdkmdap - ok
18:57:46.0460 4756	AmdPPM - ok
18:57:46.0460 4756	amdsata - ok
18:57:46.0460 4756	amdsbs - ok
18:57:46.0460 4756	amdxata - ok
18:57:46.0522 4756	AppID - ok
18:57:46.0631 4756	arc - ok
18:57:46.0678 4756	arcsas - ok
18:57:46.0819 4756	AsyncMac - ok
18:57:46.0819 4756	atapi - ok
18:57:46.0850 4756	atikmdag - ok
18:57:46.0881 4756	avgntflt - ok
18:57:46.0881 4756	avipbb - ok
18:57:46.0912 4756	b06bdrv - ok
18:57:46.0943 4756	b57nd60a - ok
18:57:46.0975 4756	Beep - ok
18:57:47.0068 4756	blbdrive - ok
18:57:47.0146 4756	bowser - ok
18:57:47.0177 4756	BrFiltLo - ok
18:57:47.0177 4756	BrFiltUp - ok
18:57:47.0193 4756	Brserid - ok
18:57:47.0193 4756	BrSerWdm - ok
18:57:47.0224 4756	BrUsbMdm - ok
18:57:47.0224 4756	BrUsbSer - ok
18:57:47.0224 4756	BTHMODEM - ok
18:57:47.0318 4756	catchme - ok
18:57:47.0333 4756	cdfs - ok
18:57:47.0365 4756	cdrom - ok
18:57:47.0489 4756	Ch64PS2 - ok
18:57:47.0521 4756	Ch64USB - ok
18:57:47.0536 4756	Ch64USBM - ok
18:57:47.0552 4756	circlass - ok
18:57:47.0552 4756	CLFS - ok
18:57:47.0645 4756	CmBatt - ok
18:57:47.0645 4756	cmdide - ok
18:57:47.0661 4756	CNG - ok
18:57:47.0692 4756	COMMONFX - ok
18:57:47.0739 4756	COMMONFX.SYS - ok
18:57:47.0739 4756	Compbatt - ok
18:57:47.0770 4756	CompositeBus - ok
18:57:47.0817 4756	crcdisk - ok
18:57:48.0004 4756	CSC - ok
18:57:48.0051 4756	ctac32k - ok
18:57:48.0051 4756	ctaud2k - ok
18:57:48.0082 4756	CTAUDFX - ok
18:57:48.0082 4756	CTAUDFX.SYS - ok
18:57:48.0113 4756	CTERFXFX - ok
18:57:48.0191 4756	CTERFXFX.SYS - ok
18:57:48.0207 4756	ctprxy2k - ok
18:57:48.0207 4756	CTSBLFX - ok
18:57:48.0207 4756	CTSBLFX.SYS - ok
18:57:48.0223 4756	ctsfm2k - ok
18:57:48.0285 4756	DfsC - ok
18:57:48.0301 4756	discache - ok
18:57:48.0347 4756	Disk - ok
18:57:48.0363 4756	dmvsc - ok
18:57:48.0457 4756	drmkaud - ok
18:57:48.0472 4756	DXGKrnl - ok
18:57:48.0519 4756	E1G60 - ok
18:57:48.0535 4756	ebdrv - ok
18:57:48.0550 4756	ElbyCDFL - ok
18:57:48.0659 4756	ElbyCDIO - ok
18:57:48.0675 4756	elxstor - ok
18:57:48.0691 4756	emupia - ok
18:57:48.0691 4756	ErrDev - ok
18:57:48.0706 4756	exfat - ok
18:57:48.0706 4756	fastfat - ok
18:57:48.0722 4756	fdc - ok
18:57:48.0722 4756	FileInfo - ok
18:57:48.0722 4756	Filetrace - ok
18:57:48.0784 4756	flpydisk - ok
18:57:48.0800 4756	FltMgr - ok
18:57:48.0831 4756	FsDepends - ok
18:57:48.0847 4756	Fs_Rec - ok
18:57:48.0862 4756	fvevol - ok
18:57:48.0878 4756	gagp30kx - ok
18:57:49.0065 4756	GizmoDrv - ok
18:57:49.0221 4756	ha10kx2k - ok
18:57:49.0221 4756	hamachi - ok
18:57:49.0237 4756	hap16v2k - ok
18:57:49.0237 4756	hap17v2k - ok
18:57:49.0237 4756	hcw85cir - ok
18:57:49.0252 4756	HdAudAddService - ok
18:57:49.0268 4756	HDAudBus - ok
18:57:49.0268 4756	HidBatt - ok
18:57:49.0268 4756	HidBth - ok
18:57:49.0283 4756	HidIr - ok
18:57:49.0299 4756	HidUsb - ok
18:57:49.0330 4756	HpSAMD - ok
18:57:49.0377 4756	HTTP - ok
18:57:49.0377 4756	hwpolicy - ok
18:57:49.0377 4756	i8042prt - ok
18:57:49.0393 4756	iaStorV - ok
18:57:49.0439 4756	iirsp - ok
18:57:49.0455 4756	IntcAzAudAddService - ok
18:57:49.0455 4756	intelide - ok
18:57:49.0471 4756	intelppm - ok
18:57:49.0471 4756	IpFilterDriver - ok
18:57:49.0486 4756	IPMIDRV - ok
18:57:49.0486 4756	IPNAT - ok
18:57:49.0502 4756	IRENUM - ok
18:57:49.0502 4756	isapnp - ok
18:57:49.0502 4756	iScsiPrt - ok
18:57:49.0517 4756	kbdclass - ok
18:57:49.0533 4756	kbdhid - ok
18:57:49.0533 4756	KSecDD - ok
18:57:49.0533 4756	KSecPkg - ok
18:57:49.0549 4756	ksthunk - ok
18:57:49.0595 4756	Lavasoft Kernexplorer - ok
18:57:49.0627 4756	Lbd - ok
18:57:49.0658 4756	lltdio - ok
18:57:49.0673 4756	LSI_FC - ok
18:57:49.0689 4756	LSI_SAS - ok
18:57:49.0705 4756	LSI_SAS2 - ok
18:57:49.0736 4756	LSI_SCSI - ok
18:57:49.0751 4756	luafv - ok
18:57:49.0861 4756	MBAMProtector - ok
18:57:49.0876 4756	mcdbus - ok
18:57:49.0876 4756	megasas - ok
18:57:49.0876 4756	MegaSR - ok
18:57:49.0892 4756	Modem - ok
18:57:49.0907 4756	monitor - ok
18:57:49.0907 4756	mouclass - ok
18:57:49.0939 4756	mouhid - ok
18:57:49.0939 4756	mountmgr - ok
18:57:49.0939 4756	mpio - ok
18:57:49.0939 4756	mpsdrv - ok
18:57:49.0954 4756	MRxDAV - ok
18:57:49.0954 4756	mrxsmb - ok
18:57:49.0954 4756	mrxsmb10 - ok
18:57:49.0954 4756	mrxsmb20 - ok
18:57:49.0970 4756	msahci - ok
18:57:49.0970 4756	msdsm - ok
18:57:50.0001 4756	Msfs - ok
18:57:50.0001 4756	mshidkmdf - ok
18:57:50.0001 4756	msisadrv - ok
18:57:50.0032 4756	MSKSSRV - ok
18:57:50.0048 4756	MSPCLOCK - ok
18:57:50.0048 4756	MSPQM - ok
18:57:50.0048 4756	MsRPC - ok
18:57:50.0063 4756	mssmbios - ok
18:57:50.0079 4756	MSTEE - ok
18:57:50.0079 4756	MTConfig - ok
18:57:50.0079 4756	Mup - ok
18:57:50.0095 4756	NativeWifiP - ok
18:57:50.0110 4756	NDIS - ok
18:57:50.0126 4756	NdisCap - ok
18:57:50.0126 4756	NdisTapi - ok
18:57:50.0141 4756	Ndisuio - ok
18:57:50.0141 4756	NdisWan - ok
18:57:50.0141 4756	NDProxy - ok
18:57:50.0141 4756	NetBIOS - ok
18:57:50.0157 4756	NetBT - ok
18:57:50.0204 4756	nfrd960 - ok
18:57:50.0219 4756	Npfs - ok
18:57:50.0219 4756	nsiproxy - ok
18:57:50.0235 4756	Ntfs - ok
18:57:50.0235 4756	Null - ok
18:57:50.0235 4756	nvraid - ok
18:57:50.0235 4756	nvstor - ok
18:57:50.0266 4756	nv_agp - ok
18:57:50.0282 4756	ohci1394 - ok
18:57:50.0313 4756	ossrv - ok
18:57:50.0329 4756	Parport - ok
18:57:50.0344 4756	partmgr - ok
18:57:50.0344 4756	pci - ok
18:57:50.0344 4756	pciide - ok
18:57:50.0344 4756	pcmcia - ok
18:57:50.0360 4756	pcw - ok
18:57:50.0360 4756	PEAUTH - ok
18:57:50.0563 4756	PptpMiniport - ok
18:57:50.0563 4756	Processor - ok
18:57:50.0719 4756	Psched - ok
18:57:50.0719 4756	PxHlpa64 - ok
18:57:50.0734 4756	ql2300 - ok
18:57:50.0734 4756	ql40xx - ok
18:57:50.0734 4756	QWAVEdrv - ok
18:57:50.0750 4756	RasAcd - ok
18:57:50.0750 4756	RasAgileVpn - ok
18:57:50.0765 4756	Rasl2tp - ok
18:57:50.0781 4756	RasPppoe - ok
18:57:50.0781 4756	RasSstp - ok
18:57:50.0797 4756	rdbss - ok
18:57:50.0797 4756	rdpbus - ok
18:57:50.0797 4756	RDPCDD - ok
18:57:50.0797 4756	RDPDR - ok
18:57:50.0828 4756	RDPENCDD - ok
18:57:50.0828 4756	RDPREFMP - ok
18:57:50.0843 4756	RdpVideoMiniport - ok
18:57:50.0843 4756	RDPWD - ok
18:57:50.0843 4756	rdyboost - ok
18:57:50.0906 4756	rspndr - ok
18:57:50.0937 4756	RTL8023x64 - ok
18:57:50.0999 4756	RTL8167 - ok
18:57:50.0999 4756	s3cap - ok
18:57:50.0999 4756	sbp2port - ok
18:57:51.0031 4756	scfilter - ok
18:57:51.0046 4756	secdrv - ok
18:57:51.0062 4756	Serenum - ok
18:57:51.0093 4756	Serial - ok
18:57:51.0140 4756	sermouse - ok
18:57:51.0140 4756	sffdisk - ok
18:57:51.0155 4756	sffp_mmc - ok
18:57:51.0155 4756	sffp_sd - ok
18:57:51.0155 4756	sfloppy - ok
18:57:51.0171 4756	SiSRaid2 - ok
18:57:51.0171 4756	SiSRaid4 - ok
18:57:51.0187 4756	Smb - ok
18:57:51.0233 4756	spldr - ok
18:57:51.0249 4756	srv - ok
18:57:51.0249 4756	srv2 - ok
18:57:51.0249 4756	srvnet - ok
18:57:51.0296 4756	stexstor - ok
18:57:51.0311 4756	storflt - ok
18:57:51.0343 4756	storvsc - ok
18:57:51.0343 4756	swenum - ok
18:57:51.0358 4756	Synth3dVsc - ok
18:57:51.0358 4756	Tcpip - ok
18:57:51.0374 4756	TCPIP6 - ok
18:57:51.0374 4756	tcpipreg - ok
18:57:51.0374 4756	TDPIPE - ok
18:57:51.0389 4756	TDTCP - ok
18:57:51.0405 4756	tdx - ok
18:57:51.0405 4756	TermDD - ok
18:57:51.0405 4756	terminpt - ok
18:57:51.0452 4756	truecrypt - ok
18:57:51.0467 4756	tssecsrv - ok
18:57:51.0483 4756	TsUsbFlt - ok
18:57:51.0483 4756	TsUsbGD - ok
18:57:51.0499 4756	tsusbhub - ok
18:57:51.0530 4756	tunnel - ok
18:57:51.0530 4756	uagp35 - ok
18:57:51.0545 4756	udfs - ok
18:57:51.0561 4756	uliagpkx - ok
18:57:51.0592 4756	UltraMonUtility - ok
18:57:51.0608 4756	umbus - ok
18:57:51.0608 4756	UmPass - ok
18:57:51.0655 4756	usbaudio - ok
18:57:51.0670 4756	usbccgp - ok
18:57:51.0686 4756	usbcir - ok
18:57:51.0686 4756	usbehci - ok
18:57:51.0701 4756	usbhub - ok
18:57:51.0701 4756	usbohci - ok
18:57:51.0701 4756	usbprint - ok
18:57:51.0717 4756	usbscan - ok
18:57:51.0717 4756	USBSTOR - ok
18:57:51.0717 4756	usbuhci - ok
18:57:51.0733 4756	vdrvroot - ok
18:57:51.0764 4756	vga - ok
18:57:51.0764 4756	VgaSave - ok
18:57:51.0764 4756	vhdmp - ok
18:57:51.0779 4756	viaide - ok
18:57:51.0779 4756	vmbus - ok
18:57:51.0779 4756	VMBusHID - ok
18:57:51.0779 4756	volmgr - ok
18:57:51.0779 4756	volmgrx - ok
18:57:51.0795 4756	volsnap - ok
18:57:51.0811 4756	vsmraid - ok
18:57:51.0826 4756	vwifibus - ok
18:57:51.0826 4756	WacomPen - ok
18:57:51.0873 4756	WANARP - ok
18:57:51.0873 4756	Wanarpv6 - ok
18:57:51.0889 4756	Wd - ok
18:57:51.0889 4756	Wdf01000 - ok
18:57:51.0904 4756	WfpLwf - ok
18:57:51.0920 4756	WIMMount - ok
18:57:51.0998 4756	WinUsb - ok
18:57:52.0013 4756	WmiAcpi - ok
18:57:52.0045 4756	ws2ifsl - ok
18:57:52.0060 4756	WudfPf - ok
18:57:52.0060 4756	WUDFRd - ok
18:57:52.0091 4756	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:57:52.0154 4756	\Device\Harddisk0\DR0 - ok
18:57:52.0169 4756	MBR (0x1B8)     (9c58313c5dda6d94904a3d60ad87b6bb) \Device\Harddisk2\DR2
18:57:52.0559 4756	\Device\Harddisk2\DR2 ( TDSS File System ) - warning
18:57:52.0559 4756	\Device\Harddisk2\DR2 - detected TDSS File System (1)
18:57:52.0575 4756	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
18:57:52.0637 4756	\Device\Harddisk1\DR1 - ok
18:57:52.0637 4756	Boot (0x1200)   (80ff41b29e998da1e7e96de9dbdbaf36) \Device\Harddisk0\DR0\Partition0
18:57:52.0637 4756	\Device\Harddisk0\DR0\Partition0 - ok
18:57:52.0637 4756	Boot (0x1200)   (d1f24e8b482a7047034102035f745b17) \Device\Harddisk0\DR0\Partition1
18:57:52.0637 4756	\Device\Harddisk0\DR0\Partition1 - ok
18:57:52.0669 4756	Boot (0x1200)   (f76b444ffa8f2081053bfa5340e4e224) \Device\Harddisk2\DR2\Partition0
18:57:52.0669 4756	\Device\Harddisk2\DR2\Partition0 - ok
18:57:52.0684 4756	Boot (0x1200)   (80557a58baf5eb23d22b46900f1c3503) \Device\Harddisk1\DR1\Partition0
18:57:52.0684 4756	\Device\Harddisk1\DR1\Partition0 - ok
18:57:52.0700 4756	Boot (0x1200)   (bf31380b0e2a409387ce8dcc23e5c656) \Device\Harddisk1\DR1\Partition1
18:57:52.0700 4756	\Device\Harddisk1\DR1\Partition1 - ok
18:57:52.0700 4756	============================================================
18:57:52.0700 4756	Scan finished
18:57:52.0700 4756	============================================================
18:57:52.0700 4748	Detected object count: 1
18:57:52.0700 4748	Actual detected object count: 1
18:58:08.0284 4748	\Device\Harddisk2\DR2 ( TDSS File System ) - skipped by user
18:58:08.0284 4748	\Device\Harddisk2\DR2 ( TDSS File System ) - User select action: Skip
         
Vielen Dank
__________________

Alt 16.03.2012, 18:26   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO/TDss.M in Masterbootsektor - Standard

BOO/TDss.M in Masterbootsektor



Zitat:
18:58:08.0284 4748 \Device\Harddisk2\DR2 ( TDSS File System ) - skipped by user
18:58:08.0284 4748 \Device\Harddisk2\DR2 ( TDSS File System ) - User select action: Skip
Das TDSS File System bitte mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach ein neues Log mit diesem Tool. Poste es wieder mit CODE-Tags umschlossen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.03.2012, 18:38   #5
SirusV
 
BOO/TDss.M in Masterbootsektor - Standard

BOO/TDss.M in Masterbootsektor



Datei gelöscht.
Hier der Report

Code:
ATTFilter
19:36:47.0809 2748	TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43
19:36:48.0043 2748	============================================================
19:36:48.0043 2748	Current date / time: 2012/03/16 19:36:48.0043
19:36:48.0043 2748	SystemInfo:
19:36:48.0043 2748	
19:36:48.0043 2748	OS Version: 6.1.7600 ServicePack: 1.0
19:36:48.0043 2748	Product type: Workstation
19:36:48.0043 2748	ComputerName: HECKLER-PC
19:36:48.0043 2748	UserName: Heckler
19:36:48.0043 2748	Windows directory: C:\Windows
19:36:48.0043 2748	System windows directory: C:\Windows
19:36:48.0043 2748	Running under WOW64
19:36:48.0043 2748	Processor architecture: Intel x64
19:36:48.0043 2748	Number of processors: 2
19:36:48.0043 2748	Page size: 0x1000
19:36:48.0043 2748	Boot type: Normal boot
19:36:48.0043 2748	============================================================
19:36:51.0491 2748	Drive \Device\Harddisk1\DR1 - Size: 0x950AF4DE00 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:36:51.0507 2748	Drive \Device\Harddisk2\DR2 - Size: 0x25432CDE00 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
19:36:51.0975 2748	Drive \Device\Harddisk0\DR0 - Size: 0x950AF4DE00 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x14301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
19:36:51.0975 2748	\Device\Harddisk1\DR1:
19:36:51.0975 2748	MBR used
19:36:51.0975 2748	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542B000
19:36:51.0975 2748	\Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x2542C000, BlocksNum 0x2542B000
19:36:51.0975 2748	\Device\Harddisk2\DR2:
19:36:51.0990 2748	MBR used
19:36:51.0990 2748	\Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18000
19:36:51.0990 2748	\Device\Harddisk0\DR0:
19:36:51.0990 2748	MBR used
19:36:51.0990 2748	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542B800
19:36:51.0990 2748	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2542C000, BlocksNum 0x2542B000
19:36:52.0053 2748	Initialize success
19:36:52.0084 2748	============================================================
19:36:56.0077 3772	============================================================
19:36:56.0077 3772	Scan started
19:36:56.0077 3772	Mode: Manual; SigCheck; TDLFS; 
19:36:56.0077 3772	============================================================
19:37:01.0849 3772	1394ohci - ok
19:37:01.0865 3772	ACPI - ok
19:37:01.0881 3772	AcpiPmi - ok
19:37:01.0912 3772	adfs - ok
19:37:02.0130 3772	adp94xx - ok
19:37:02.0177 3772	adpahci - ok
19:37:02.0208 3772	adpu320 - ok
19:37:02.0271 3772	AFD - ok
19:37:02.0302 3772	agp440 - ok
19:37:02.0364 3772	aliide - ok
19:37:02.0380 3772	amdide - ok
19:37:02.0380 3772	AmdK8 - ok
19:37:02.0411 3772	amdkmdag - ok
19:37:02.0427 3772	amdkmdap - ok
19:37:02.0473 3772	AmdPPM - ok
19:37:02.0489 3772	amdsata - ok
19:37:02.0520 3772	amdsbs - ok
19:37:02.0551 3772	amdxata - ok
19:37:02.0676 3772	AppID - ok
19:37:02.0817 3772	arc - ok
19:37:02.0863 3772	arcsas - ok
19:37:03.0051 3772	AsyncMac - ok
19:37:03.0051 3772	atapi - ok
19:37:03.0144 3772	atikmdag - ok
19:37:03.0238 3772	avgntflt - ok
19:37:03.0238 3772	avipbb - ok
19:37:03.0269 3772	b06bdrv - ok
19:37:03.0316 3772	b57nd60a - ok
19:37:03.0441 3772	Beep - ok
19:37:03.0612 3772	blbdrive - ok
19:37:03.0799 3772	bowser - ok
19:37:03.0831 3772	BrFiltLo - ok
19:37:03.0831 3772	BrFiltUp - ok
19:37:03.0846 3772	Brserid - ok
19:37:03.0846 3772	BrSerWdm - ok
19:37:03.0862 3772	BrUsbMdm - ok
19:37:03.0862 3772	BrUsbSer - ok
19:37:03.0877 3772	BTHMODEM - ok
19:37:04.0033 3772	catchme - ok
19:37:04.0049 3772	cdfs - ok
19:37:04.0111 3772	cdrom - ok
19:37:04.0236 3772	Ch64PS2 - ok
19:37:04.0267 3772	Ch64USB - ok
19:37:04.0267 3772	Ch64USBM - ok
19:37:04.0345 3772	circlass - ok
19:37:04.0345 3772	CLFS - ok
19:37:04.0517 3772	CmBatt - ok
19:37:04.0517 3772	cmdide - ok
19:37:04.0533 3772	CNG - ok
19:37:04.0548 3772	COMMONFX - ok
19:37:04.0626 3772	COMMONFX.SYS - ok
19:37:04.0642 3772	Compbatt - ok
19:37:04.0673 3772	CompositeBus - ok
19:37:04.0720 3772	crcdisk - ok
19:37:04.0969 3772	CSC - ok
19:37:05.0047 3772	ctac32k - ok
19:37:05.0063 3772	ctaud2k - ok
19:37:05.0079 3772	CTAUDFX - ok
19:37:05.0094 3772	CTAUDFX.SYS - ok
19:37:05.0157 3772	CTERFXFX - ok
19:37:05.0203 3772	CTERFXFX.SYS - ok
19:37:05.0219 3772	ctprxy2k - ok
19:37:05.0219 3772	CTSBLFX - ok
19:37:05.0219 3772	CTSBLFX.SYS - ok
19:37:05.0235 3772	ctsfm2k - ok
19:37:05.0313 3772	DfsC - ok
19:37:05.0328 3772	discache - ok
19:37:05.0391 3772	Disk - ok
19:37:05.0422 3772	dmvsc - ok
19:37:05.0500 3772	drmkaud - ok
19:37:05.0500 3772	DXGKrnl - ok
19:37:05.0547 3772	E1G60 - ok
19:37:05.0547 3772	ebdrv - ok
19:37:05.0562 3772	ElbyCDFL - ok
19:37:05.0687 3772	ElbyCDIO - ok
19:37:05.0718 3772	elxstor - ok
19:37:05.0718 3772	emupia - ok
19:37:05.0718 3772	ErrDev - ok
19:37:05.0734 3772	exfat - ok
19:37:05.0734 3772	fastfat - ok
19:37:05.0749 3772	fdc - ok
19:37:05.0749 3772	FileInfo - ok
19:37:05.0765 3772	Filetrace - ok
19:37:05.0812 3772	flpydisk - ok
19:37:05.0812 3772	FltMgr - ok
19:37:05.0843 3772	FsDepends - ok
19:37:05.0843 3772	Fs_Rec - ok
19:37:05.0874 3772	fvevol - ok
19:37:05.0890 3772	gagp30kx - ok
19:37:06.0093 3772	GizmoDrv - ok
19:37:06.0327 3772	ha10kx2k - ok
19:37:06.0389 3772	hamachi - ok
19:37:06.0451 3772	hap16v2k - ok
19:37:06.0451 3772	hap17v2k - ok
19:37:06.0467 3772	hcw85cir - ok
19:37:06.0483 3772	HdAudAddService - ok
19:37:06.0529 3772	HDAudBus - ok
19:37:06.0529 3772	HidBatt - ok
19:37:06.0529 3772	HidBth - ok
19:37:06.0529 3772	HidIr - ok
19:37:06.0592 3772	HidUsb - ok
19:37:06.0623 3772	HpSAMD - ok
19:37:06.0654 3772	HTTP - ok
19:37:06.0670 3772	hwpolicy - ok
19:37:06.0701 3772	i8042prt - ok
19:37:06.0701 3772	iaStorV - ok
19:37:06.0717 3772	iirsp - ok
19:37:06.0748 3772	IntcAzAudAddService - ok
19:37:06.0748 3772	intelide - ok
19:37:06.0763 3772	intelppm - ok
19:37:06.0763 3772	IpFilterDriver - ok
19:37:06.0779 3772	IPMIDRV - ok
19:37:06.0779 3772	IPNAT - ok
19:37:06.0795 3772	IRENUM - ok
19:37:06.0795 3772	isapnp - ok
19:37:06.0810 3772	iScsiPrt - ok
19:37:06.0826 3772	kbdclass - ok
19:37:06.0857 3772	kbdhid - ok
19:37:06.0873 3772	KSecDD - ok
19:37:06.0873 3772	KSecPkg - ok
19:37:06.0888 3772	ksthunk - ok
19:37:06.0951 3772	Lavasoft Kernexplorer - ok
19:37:07.0075 3772	Lbd - ok
19:37:07.0122 3772	lltdio - ok
19:37:07.0138 3772	LSI_FC - ok
19:37:07.0169 3772	LSI_SAS - ok
19:37:07.0185 3772	LSI_SAS2 - ok
19:37:07.0216 3772	LSI_SCSI - ok
19:37:07.0247 3772	luafv - ok
19:37:07.0356 3772	MBAMProtector - ok
19:37:07.0450 3772	mcdbus - ok
19:37:07.0450 3772	megasas - ok
19:37:07.0450 3772	MegaSR - ok
19:37:07.0450 3772	Modem - ok
19:37:07.0512 3772	monitor - ok
19:37:07.0528 3772	mouclass - ok
19:37:07.0559 3772	mouhid - ok
19:37:07.0559 3772	mountmgr - ok
19:37:07.0559 3772	mpio - ok
19:37:07.0575 3772	mpsdrv - ok
19:37:07.0575 3772	MRxDAV - ok
19:37:07.0575 3772	mrxsmb - ok
19:37:07.0575 3772	mrxsmb10 - ok
19:37:07.0590 3772	mrxsmb20 - ok
19:37:07.0590 3772	msahci - ok
19:37:07.0590 3772	msdsm - ok
19:37:07.0621 3772	Msfs - ok
19:37:07.0621 3772	mshidkmdf - ok
19:37:07.0621 3772	msisadrv - ok
19:37:07.0699 3772	MSKSSRV - ok
19:37:07.0731 3772	MSPCLOCK - ok
19:37:07.0762 3772	MSPQM - ok
19:37:07.0762 3772	MsRPC - ok
19:37:07.0762 3772	mssmbios - ok
19:37:07.0777 3772	MSTEE - ok
19:37:07.0777 3772	MTConfig - ok
19:37:07.0777 3772	Mup - ok
19:37:07.0809 3772	NativeWifiP - ok
19:37:07.0871 3772	NDIS - ok
19:37:07.0887 3772	NdisCap - ok
19:37:07.0902 3772	NdisTapi - ok
19:37:07.0933 3772	Ndisuio - ok
19:37:07.0933 3772	NdisWan - ok
19:37:07.0933 3772	NDProxy - ok
19:37:07.0949 3772	NetBIOS - ok
19:37:07.0949 3772	NetBT - ok
19:37:08.0105 3772	nfrd960 - ok
19:37:08.0167 3772	Npfs - ok
19:37:08.0167 3772	nsiproxy - ok
19:37:08.0183 3772	Ntfs - ok
19:37:08.0183 3772	Null - ok
19:37:08.0199 3772	nvraid - ok
19:37:08.0214 3772	nvstor - ok
19:37:08.0230 3772	nv_agp - ok
19:37:08.0261 3772	ohci1394 - ok
19:37:08.0323 3772	ossrv - ok
19:37:08.0401 3772	Parport - ok
19:37:08.0401 3772	partmgr - ok
19:37:08.0417 3772	pci - ok
19:37:08.0417 3772	pciide - ok
19:37:08.0417 3772	pcmcia - ok
19:37:08.0417 3772	pcw - ok
19:37:08.0417 3772	PEAUTH - ok
19:37:08.0464 3772	PptpMiniport - ok
19:37:08.0479 3772	Processor - ok
19:37:08.0479 3772	Psched - ok
19:37:08.0495 3772	PxHlpa64 - ok
19:37:08.0495 3772	ql2300 - ok
19:37:08.0511 3772	ql40xx - ok
19:37:08.0526 3772	QWAVEdrv - ok
19:37:08.0526 3772	RasAcd - ok
19:37:08.0589 3772	RasAgileVpn - ok
19:37:08.0604 3772	Rasl2tp - ok
19:37:08.0635 3772	RasPppoe - ok
19:37:08.0635 3772	RasSstp - ok
19:37:08.0635 3772	rdbss - ok
19:37:08.0651 3772	rdpbus - ok
19:37:08.0651 3772	RDPCDD - ok
19:37:08.0651 3772	RDPDR - ok
19:37:08.0682 3772	RDPENCDD - ok
19:37:08.0682 3772	RDPREFMP - ok
19:37:08.0682 3772	RdpVideoMiniport - ok
19:37:08.0698 3772	RDPWD - ok
19:37:08.0713 3772	rdyboost - ok
19:37:08.0745 3772	rspndr - ok
19:37:08.0838 3772	RTL8023x64 - ok
19:37:08.0885 3772	RTL8167 - ok
19:37:08.0885 3772	s3cap - ok
19:37:08.0885 3772	sbp2port - ok
19:37:08.0916 3772	scfilter - ok
19:37:08.0947 3772	secdrv - ok
19:37:08.0994 3772	Serenum - ok
19:37:09.0010 3772	Serial - ok
19:37:09.0088 3772	sermouse - ok
19:37:09.0088 3772	sffdisk - ok
19:37:09.0088 3772	sffp_mmc - ok
19:37:09.0103 3772	sffp_sd - ok
19:37:09.0103 3772	sfloppy - ok
19:37:09.0150 3772	SiSRaid2 - ok
19:37:09.0150 3772	SiSRaid4 - ok
19:37:09.0213 3772	Smb - ok
19:37:09.0306 3772	spldr - ok
19:37:09.0322 3772	srv - ok
19:37:09.0322 3772	srv2 - ok
19:37:09.0322 3772	srvnet - ok
19:37:09.0353 3772	stexstor - ok
19:37:09.0400 3772	storflt - ok
19:37:09.0431 3772	storvsc - ok
19:37:09.0447 3772	swenum - ok
19:37:09.0478 3772	Synth3dVsc - ok
19:37:09.0478 3772	Tcpip - ok
19:37:09.0525 3772	TCPIP6 - ok
19:37:09.0540 3772	tcpipreg - ok
19:37:09.0540 3772	TDPIPE - ok
19:37:09.0540 3772	TDTCP - ok
19:37:09.0540 3772	tdx - ok
19:37:09.0556 3772	TermDD - ok
19:37:09.0556 3772	terminpt - ok
19:37:09.0727 3772	truecrypt - ok
19:37:09.0837 3772	tssecsrv - ok
19:37:09.0852 3772	TsUsbFlt - ok
19:37:09.0868 3772	TsUsbGD - ok
19:37:09.0868 3772	tsusbhub - ok
19:37:09.0915 3772	tunnel - ok
19:37:09.0915 3772	uagp35 - ok
19:37:09.0915 3772	udfs - ok
19:37:09.0946 3772	uliagpkx - ok
19:37:10.0008 3772	UltraMonUtility - ok
19:37:10.0055 3772	umbus - ok
19:37:10.0086 3772	UmPass - ok
19:37:10.0195 3772	usbaudio - ok
19:37:10.0195 3772	usbccgp - ok
19:37:10.0227 3772	usbcir - ok
19:37:10.0227 3772	usbehci - ok
19:37:10.0242 3772	usbhub - ok
19:37:10.0242 3772	usbohci - ok
19:37:10.0258 3772	usbprint - ok
19:37:10.0258 3772	usbscan - ok
19:37:10.0273 3772	USBSTOR - ok
19:37:10.0273 3772	usbuhci - ok
19:37:10.0305 3772	vdrvroot - ok
19:37:10.0414 3772	vga - ok
19:37:10.0414 3772	VgaSave - ok
19:37:10.0414 3772	vhdmp - ok
19:37:10.0414 3772	viaide - ok
19:37:10.0429 3772	vmbus - ok
19:37:10.0429 3772	VMBusHID - ok
19:37:10.0429 3772	volmgr - ok
19:37:10.0429 3772	volmgrx - ok
19:37:10.0429 3772	volsnap - ok
19:37:10.0445 3772	vsmraid - ok
19:37:10.0461 3772	vwifibus - ok
19:37:10.0461 3772	WacomPen - ok
19:37:10.0492 3772	WANARP - ok
19:37:10.0523 3772	Wanarpv6 - ok
19:37:10.0539 3772	Wd - ok
19:37:10.0539 3772	Wdf01000 - ok
19:37:10.0570 3772	WfpLwf - ok
19:37:10.0585 3772	WIMMount - ok
19:37:10.0632 3772	WinUsb - ok
19:37:10.0632 3772	WmiAcpi - ok
19:37:10.0663 3772	ws2ifsl - ok
19:37:10.0679 3772	WudfPf - ok
19:37:10.0695 3772	WUDFRd - ok
19:37:11.0256 3772	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
19:37:11.0365 3772	\Device\Harddisk1\DR1 - ok
19:37:11.0428 3772	MBR (0x1B8)     (9c58313c5dda6d94904a3d60ad87b6bb) \Device\Harddisk2\DR2
19:37:13.0284 3772	\Device\Harddisk2\DR2 - ok
19:37:13.0752 3772	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:37:13.0815 3772	\Device\Harddisk0\DR0 - ok
19:37:13.0830 3772	Boot (0x1200)   (80ff41b29e998da1e7e96de9dbdbaf36) \Device\Harddisk1\DR1\Partition0
19:37:13.0830 3772	\Device\Harddisk1\DR1\Partition0 - ok
19:37:13.0846 3772	Boot (0x1200)   (d1f24e8b482a7047034102035f745b17) \Device\Harddisk1\DR1\Partition1
19:37:13.0846 3772	\Device\Harddisk1\DR1\Partition1 - ok
19:37:13.0877 3772	Boot (0x1200)   (f76b444ffa8f2081053bfa5340e4e224) \Device\Harddisk2\DR2\Partition0
19:37:13.0893 3772	\Device\Harddisk2\DR2\Partition0 - ok
19:37:13.0908 3772	Boot (0x1200)   (80557a58baf5eb23d22b46900f1c3503) \Device\Harddisk0\DR0\Partition0
19:37:13.0908 3772	\Device\Harddisk0\DR0\Partition0 - ok
19:37:13.0924 3772	Boot (0x1200)   (bf31380b0e2a409387ce8dcc23e5c656) \Device\Harddisk0\DR0\Partition1
19:37:13.0924 3772	\Device\Harddisk0\DR0\Partition1 - ok
19:37:13.0924 3772	============================================================
19:37:13.0924 3772	Scan finished
19:37:13.0924 3772	============================================================
19:37:13.0939 3236	Detected object count: 0
19:37:13.0939 3236	Actual detected object count: 0
         
Vielen Dank.


Alt 16.03.2012, 18:43   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO/TDss.M in Masterbootsektor - Standard

BOO/TDss.M in Masterbootsektor



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
--> BOO/TDss.M in Masterbootsektor

Alt 17.03.2012, 00:42   #7
SirusV
 
BOO/TDss.M in Masterbootsektor - Standard

BOO/TDss.M in Masterbootsektor



Hi, hier die Reports.

Malwarebytes
Code:
ATTFilter
 Malwarebytes Anti-Malware  (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.16.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Heckler :: HECKLER-PC [administrator]

Protection: Enabled

16.03.2012 19:46:48
mbam-log-2012-03-16 (19-46-48).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 392243
Time elapsed: 39 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\TDSSKiller_Quarantine\16.03.2012_18.49.48\mbr0000\tdlfs0000\tsk0006.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.

(end)
         
ESET
Code:
ATTFilter
C:\TDSSKiller_Quarantine\16.03.2012_18.49.48\mbr0000\tdlfs0000\tsk0003.dta	Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\16.03.2012_18.49.48\mbr0000\tdlfs0000\tsk0004.dta	Win64/Olmarik.R trojan
C:\TDSSKiller_Quarantine\16.03.2012_18.49.48\mbr0000\tdlfs0000\tsk0005.dta	a variant of Win32/Olmarik.AXC trojan
C:\TDSSKiller_Quarantine\16.03.2012_18.49.48\mbr0000\tdlfs0000\tsk0007.dta	Win32/Olmarik.AVQ trojan
C:\TDSSKiller_Quarantine\16.03.2012_18.49.48\mbr0000\tdlfs0000\tsk0008.dta	Win64/Olmarik.Y trojan
C:\TDSSKiller_Quarantine\16.03.2012_19.33.05\tdlfs0000\tsk0003.dta	Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\16.03.2012_19.33.05\tdlfs0000\tsk0004.dta	Win64/Olmarik.R trojan
C:\TDSSKiller_Quarantine\16.03.2012_19.33.05\tdlfs0000\tsk0005.dta	Win32/Olmarik.AVQ trojan
C:\TDSSKiller_Quarantine\16.03.2012_19.33.05\tdlfs0000\tsk0006.dta	Win64/Olmarik.Y trojan
         

Alt 17.03.2012, 14:01   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO/TDss.M in Masterbootsektor - Standard

BOO/TDss.M in Masterbootsektor



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.03.2012, 16:31   #9
SirusV
 
BOO/TDss.M in Masterbootsektor - Standard

BOO/TDss.M in Masterbootsektor



Hier die OTL.txt

Code:
ATTFilter
OTL logfile created on: 17.03.2012 17:09:47 - Run 1
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Heckler\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,45 Gb Available Physical Memory | 74,20% Memory free
12,00 Gb Paging File | 10,40 Gb Available in Paging File | 86,69% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 27,54 Gb Free Space | 18,48% Space Free | Partition Type: NTFS
 
Computer Name: HECKLER-PC | User Name: Heckler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2012.03.17 17:08:01 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Heckler\Desktop\OTL.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.02 14:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011.08.15 14:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011.06.29 10:50:25 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.07 13:29:19 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.31 18:20:20 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.03.30 22:59:15 | 001,496,528 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files\TrueCrypt\TrueCrypt.exe
PRC - [2011.03.04 13:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.01 14:56:54 | 000,254,004 | ---- | M] (ZF Electronics GmbH) -- C:\Program Files (x86)\Cherry\KeyMan\KeyMan.exe
PRC - [2010.08.25 13:09:24 | 000,577,582 | ---- | M] (ZF Electronics GmbH) -- C:\Program Files (x86)\Cherry\CDI\cdi.exe
PRC - [2010.03.18 18:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CtHelper.exe
PRC - [2010.02.12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009.12.21 07:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
PRC - [2009.08.29 07:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Heckler\Local Settings\Apps\F.lux\flux.exe
PRC - [2009.03.13 02:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
PRC - [2009.01.15 15:58:02 | 000,430,968 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe
PRC - [2008.06.11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2006.11.17 16:42:46 | 000,053,341 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.08.29 07:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Heckler\Local Settings\Apps\F.lux\flux.exe
MOD - [2009.03.26 13:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009.03.13 02:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
MOD - [2006.02.22 14:47:44 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Cherry\KeyMan\zlib1.dll
MOD - [2006.02.22 14:47:16 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Cherry\KeyMan\libpng13.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.12.10 13:02:12 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010.08.26 02:57:14 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.10 12:59:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.09.02 14:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.06.29 10:50:25 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.18 21:53:51 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011.05.07 13:29:19 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.31 18:20:20 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.03.30 23:02:02 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011.03.30 22:59:15 | 001,496,528 | ---- | M] (TrueCrypt Foundation) [Auto | Stopped] -- C:\Windows\SysWOW64\TrueCrypt.exe -- (TrueCryptSystemFavorites)
SRV - [2010.08.25 13:09:24 | 000,577,582 | ---- | M] (ZF Electronics GmbH) [On_Demand | Running] -- C:\Program Files (x86)\Cherry\CDI\cdi.exe -- (Cherry Device Interface)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.08.07 18:45:33 | 000,034,704 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gizmodrv.sys -- (GizmoDrv)
DRV:64bit: - [2011.06.29 10:50:26 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.29 10:50:26 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.04.29 11:12:00 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011.03.30 22:59:15 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.03.04 20:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.08.26 04:37:26 | 007,767,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.08.26 04:37:26 | 007,767,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.08.26 02:20:56 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.03.18 19:52:18 | 000,295,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k)
DRV:64bit: - [2010.03.18 19:52:10 | 000,259,672 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k)
DRV:64bit: - [2010.03.18 19:52:02 | 001,360,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV:64bit: - [2010.03.18 19:51:50 | 000,147,544 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010.03.18 19:51:34 | 000,290,392 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010.03.18 19:51:26 | 000,016,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010.03.18 19:51:18 | 000,221,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010.03.18 19:50:52 | 000,866,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010.03.18 19:50:42 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010.03.18 19:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV:64bit: - [2010.03.18 19:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV:64bit: - [2010.03.18 19:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV:64bit: - [2010.03.18 19:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV:64bit: - [2010.03.18 19:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV:64bit: - [2010.03.18 19:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV:64bit: - [2010.03.18 19:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV:64bit: - [2010.03.18 19:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX)
DRV:64bit: - [2010.01.21 16:08:50 | 000,147,584 | ---- | M] (Cherry GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ch64USB.sys -- (Ch64USB)
DRV:64bit: - [2010.01.21 16:07:44 | 000,149,632 | ---- | M] (ZF Electronics GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ch64PS2.sys -- (Ch64PS2) Cherry PS/2 Tastatur Treiber (CDI)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.02.24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2009.02.17 18:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007.03.07 10:51:48 | 000,066,688 | ---- | M] (Cherry GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ch64USBM.sys -- (Ch64USBM)
DRV:64bit: - [2007.02.16 01:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2011.05.13 22:22:22 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.02.24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008.11.14 01:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2007.02.16 01:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 20 E6 3E 28 EF CB 01  [binary data]
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55151
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Heckler\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Heckler\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.14 17:20:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.15 00:24:12 | 000,000,000 | ---D | M]
 
[2011.12.14 17:20:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heckler\AppData\Roaming\Mozilla\Extensions
[2012.01.08 17:26:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heckler\AppData\Roaming\Mozilla\Firefox\Profiles\ksdlmmir.default\extensions
[2012.01.08 17:26:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Heckler\AppData\Roaming\Mozilla\Firefox\Profiles\ksdlmmir.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.12.14 17:20:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.11.21 05:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.21 02:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.21 02:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.21 02:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.21 02:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.21 02:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.21 02:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Heckler\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Heckler\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Heckler\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Heckler\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Speed Dial = C:\Users\Heckler\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.1_0\
CHR - Extension: AdBlock = C:\Users\Heckler\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.20_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Heckler\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.0.3_0\
CHR - Extension: Google Mail-Checker = C:\Users\Heckler\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: Hover Zoom = C:\Users\Heckler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\3.9_0\
 
O1 HOSTS File: ([2011.12.10 13:34:10 | 000,000,522 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3:64bit: - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CherryKeyMan] C:\Program Files (x86)\Cherry\KeyMan\KeyMan.exe (ZF Electronics GmbH)
O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001..\Run: [Creative Software Update] C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001..\Run: [CreativeTaskScheduler] C:\Program Files (x86)\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001..\Run: [F.lux] C:\Users\Heckler\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001..\Run: [GizmoDriveDelegate] "M:\Apps\gizmo\gizmo.exe" /RemountStartupImages File not found
O4 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - Startup: C:\Users\Heckler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Heckler\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O7 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O7 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Heckler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Heckler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.181.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5715636-215F-411A-A6BE-F904F807A3DD}: DhcpNameServer = 192.168.181.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Heckler^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Heckler\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig:64bit - StartUpFolder: C:^Users^Heckler^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk -  - File not found
MsConfig:64bit - StartUpReg: CloneCDTray - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: conhost - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: FILSHtray - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: GizmoDriveDelegate - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: TrueCryptSystemFavorites - C:\Windows\SysWOW64\TrueCrypt.exe (TrueCrypt Foundation)
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: TrueCryptSystemFavorites - C:\Windows\SysWOW64\TrueCrypt.exe (TrueCrypt Foundation)
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {819C9C37-EA28-4974-1EC9-6EBD9D04E907} - Internet Explorer
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {B3C881BD-4ABE-703A-C81F-D69D2A483A4C} - Themes Setup
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {76E76665-BBAD-5C10-4D3B-2D9CD729797F} - Microsoft Windows Media Player 12.0
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A6E6D93B-AE71-DE84-3F4D-F83D824CBC7F} - Microsoft Windows Media Player 12.0
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.17 17:08:03 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Heckler\Desktop\OTL.exe
[2012.03.16 21:19:11 | 000,000,000 | ---D | C] -- C:\Users\Heckler\Desktop\New folder (4)
[2012.03.16 18:51:08 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.03.16 18:42:57 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Heckler\Desktop\tdsskiller.exe
[2012.03.16 04:15:20 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Heckler\Desktop\dds.com
[2012.03.14 19:43:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.03.14 19:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.03.14 19:42:42 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012.03.14 19:42:42 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012.03.14 19:42:42 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012.03.14 19:42:42 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012.03.14 19:42:42 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012.03.14 19:42:38 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012.03.14 19:42:38 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012.03.14 19:42:38 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012.03.14 19:42:38 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012.03.14 19:42:38 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012.03.14 19:42:38 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012.03.14 19:42:37 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012.03.14 19:42:37 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012.03.14 19:42:35 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012.03.14 19:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.03.14 19:42:32 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012.03.04 19:50:34 | 000,000,000 | ---D | C] -- C:\Users\Heckler\AppData\Roaming\calibre
[2012.03.04 19:50:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2012.03.04 19:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2012.03.02 20:05:42 | 000,000,000 | ---D | C] -- C:\Users\Heckler\Desktop\New folder (3)
[2012.03.02 19:29:13 | 000,000,000 | ---D | C] -- C:\Users\Heckler\Desktop\New folder (2)
[2012.03.02 18:37:45 | 000,000,000 | ---D | C] -- C:\Users\Heckler\Desktop\New folder
[2012.03.01 14:23:59 | 000,000,000 | ---D | C] -- C:\Users\Heckler\AppData\Local\MediaMonkey
[2012.03.01 14:23:47 | 000,000,000 | ---D | C] -- C:\Users\Heckler\AppData\Roaming\MediaMonkey
[2012.03.01 14:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
[2012.03.01 14:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMonkey
[2012.02.29 19:43:23 | 000,000,000 | ---D | C] -- C:\11111
[2012.02.29 19:03:29 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Heckler\Desktop\HiJackThis204.exe
[2012.02.29 18:31:22 | 001,079,112 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Heckler\Desktop\procexp64.exe
[2012.02.27 23:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012.02.27 23:08:19 | 000,839,680 | ---- | C] (hxxp://www.mp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm
[2012.02.27 23:08:18 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2012.02.27 23:08:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2012.02.27 12:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.02.27 12:20:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.17 17:08:11 | 000,005,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.17 17:08:11 | 000,005,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.17 17:08:01 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Heckler\Desktop\OTL.exe
[2012.03.17 16:36:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1893283198-134746629-2419546519-1001UA.job
[2012.03.17 16:24:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.17 15:38:17 | 004,931,577 | ---- | M] () -- C:\Windows\{00000005-00000000-00000002-00001102-00000004-20021102}.CDF
[2012.03.17 15:37:45 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.17 15:36:41 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.03.17 15:36:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.17 15:36:21 | 535,662,591 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.17 02:34:21 | 000,036,016 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx
[2012.03.17 02:34:21 | 000,036,016 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx
[2012.03.17 02:34:21 | 000,032,088 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx
[2012.03.17 02:34:21 | 000,032,088 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx
[2012.03.17 02:34:21 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx
[2012.03.16 23:17:26 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.03.16 23:17:26 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.03.16 21:21:59 | 001,620,336 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.16 21:21:59 | 000,699,952 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.16 21:21:59 | 000,654,664 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.16 21:21:59 | 000,148,748 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.16 21:21:59 | 000,121,536 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.16 19:33:45 | 004,931,577 | ---- | M] () -- C:\Windows\{00000005-00000000-00000002-00001102-00000004-20021102}.BAK
[2012.03.16 18:43:25 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Heckler\Desktop\tdsskiller.exe
[2012.03.16 14:36:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1893283198-134746629-2419546519-1001Core.job
[2012.03.16 04:15:22 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Heckler\Desktop\dds.com
[2012.03.16 04:14:37 | 000,000,000 | ---- | M] () -- C:\Users\Heckler\defogger_reenable
[2012.03.16 04:13:47 | 000,050,477 | ---- | M] () -- C:\Users\Heckler\Desktop\Defogger.exe
[2012.03.16 01:59:37 | 001,798,716 | ---- | M] () -- C:\Users\Heckler\Desktop\IMG_0014.JPG
[2012.03.16 01:59:26 | 001,778,512 | ---- | M] () -- C:\Users\Heckler\Desktop\IMG_0013.JPG
[2012.03.16 01:57:51 | 001,793,678 | ---- | M] () -- C:\Users\Heckler\Desktop\IMG_0011.JPG
[2012.03.16 01:57:46 | 001,768,994 | ---- | M] () -- C:\Users\Heckler\Desktop\IMG_0012.JPG
[2012.03.16 01:57:44 | 001,880,915 | ---- | M] () -- C:\Users\Heckler\Desktop\IMG_0006.JPG
[2012.03.16 01:57:25 | 001,825,938 | ---- | M] () -- C:\Users\Heckler\Desktop\IMG_0007.JPG
[2012.03.16 01:57:14 | 001,819,848 | ---- | M] () -- C:\Users\Heckler\Desktop\IMG_0010.JPG
[2012.03.16 01:57:11 | 001,832,865 | ---- | M] () -- C:\Users\Heckler\Desktop\IMG_0009.JPG
[2012.03.14 23:43:57 | 000,000,050 | ---- | M] () -- C:\Windows\Winamp.ini
[2012.03.14 23:43:53 | 000,000,041 | ---- | M] () -- C:\Windows\winampa.ini
[2012.03.14 21:14:35 | 000,000,965 | ---- | M] () -- C:\Users\Heckler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.03.14 19:39:55 | 000,002,409 | ---- | M] () -- C:\Users\Heckler\Desktop\Google Chrome.lnk
[2012.03.04 19:50:26 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012.03.04 15:12:32 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2012.03.04 15:12:32 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2012.03.01 21:48:15 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.03.01 14:23:47 | 000,000,657 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2012.02.29 19:03:28 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Heckler\Desktop\HiJackThis204.exe
[2012.02.29 18:31:22 | 001,079,112 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Heckler\Desktop\procexp64.exe
 
========== Files Created - No Company Name ==========
 
[2012.03.17 15:36:41 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.03.16 04:14:37 | 000,000,000 | ---- | C] () -- C:\Users\Heckler\defogger_reenable
[2012.03.16 04:13:58 | 000,050,477 | ---- | C] () -- C:\Users\Heckler\Desktop\Defogger.exe
[2012.03.16 01:59:15 | 001,798,716 | ---- | C] () -- C:\Users\Heckler\Desktop\IMG_0014.JPG
[2012.03.16 01:59:13 | 001,778,512 | ---- | C] () -- C:\Users\Heckler\Desktop\IMG_0013.JPG
[2012.03.16 01:57:22 | 001,825,938 | ---- | C] () -- C:\Users\Heckler\Desktop\IMG_0007.JPG
[2012.03.16 01:57:19 | 001,880,915 | ---- | C] () -- C:\Users\Heckler\Desktop\IMG_0006.JPG
[2012.03.16 01:57:17 | 001,768,994 | ---- | C] () -- C:\Users\Heckler\Desktop\IMG_0012.JPG
[2012.03.16 01:57:14 | 001,793,678 | ---- | C] () -- C:\Users\Heckler\Desktop\IMG_0011.JPG
[2012.03.16 01:57:11 | 001,819,848 | ---- | C] () -- C:\Users\Heckler\Desktop\IMG_0010.JPG
[2012.03.16 01:57:08 | 001,832,865 | ---- | C] () -- C:\Users\Heckler\Desktop\IMG_0009.JPG
[2012.03.14 23:43:57 | 000,000,050 | ---- | C] () -- C:\Windows\Winamp.ini
[2012.03.14 23:43:53 | 000,000,041 | ---- | C] () -- C:\Windows\winampa.ini
[2012.03.14 19:42:38 | 000,200,468 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2012.03.04 19:50:26 | 000,000,960 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012.03.01 14:23:47 | 000,000,657 | ---- | C] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2012.02.27 23:08:19 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.02.27 23:08:19 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2012.02.27 23:08:18 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.02.27 23:08:18 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.02.27 23:08:16 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.02.19 19:14:55 | 000,000,965 | ---- | C] () -- C:\Users\Heckler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.11.15 20:23:49 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.10.13 12:22:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.10.13 12:22:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.10.13 12:22:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.10.13 12:22:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.10.13 12:22:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.09.02 14:14:54 | 000,000,120 | ---- | C] () -- C:\Users\Heckler\AppData\Local\Bqolebici.dat
[2011.09.02 14:14:54 | 000,000,000 | ---- | C] () -- C:\Users\Heckler\AppData\Local\Hyofezipaha.bin
[2011.08.10 15:29:46 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.07.20 21:12:27 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.07.01 22:58:34 | 000,000,061 | ---- | C] () -- C:\Windows\sbwin.ini
[2011.06.06 21:44:55 | 000,372,736 | ---- | C] () -- C:\Windows\SysWow64\RSLSP.dll
[2011.05.18 18:20:00 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.05.17 16:31:28 | 000,000,281 | ---- | C] () -- C:\Windows\game.ini
[2011.05.16 22:17:39 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.05.16 22:17:39 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.04.17 20:19:07 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011.04.17 20:19:07 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011.04.17 20:19:07 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011.04.16 17:48:04 | 000,000,644 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.04.06 08:47:19 | 000,000,128 | ---- | C] () -- C:\ProgramData\~41869064r
[2011.04.06 08:47:15 | 000,000,384 | ---- | C] () -- C:\ProgramData\41869064
[2011.04.05 13:53:52 | 001,596,894 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.31 18:20:21 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.03.31 18:20:20 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.03.30 23:01:19 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.03.30 23:01:19 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.03.30 22:52:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.12.06 14:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
[2010.06.15 23:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.03.18 18:59:54 | 000,050,439 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010.03.18 18:59:50 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010.03.18 18:19:58 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll
[2010.03.18 18:18:32 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010.03.18 18:17:50 | 000,037,888 | ---- | C] () -- C:\Windows\SysWow64\psconv.exe
[2010.03.18 18:07:54 | 000,386,852 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010.03.18 18:07:54 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010.03.18 17:59:56 | 000,313,207 | ---- | C] () -- C:\Windows\SysWow64\ctstatic.dat
[2010.03.18 17:59:56 | 000,053,932 | ---- | C] () -- C:\Windows\SysWow64\ctdaught.dat
[2010.03.18 17:59:54 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2010.03.18 17:59:50 | 000,010,240 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
 
========== LOP Check ==========
 
[2011.08.09 08:12:38 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\abgx360
[2012.02.10 18:43:55 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Braid
[2012.03.05 00:07:08 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\calibre
[2011.03.31 15:48:01 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Cherry
[2011.03.31 16:39:33 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Dev-Cpp
[2012.03.17 15:38:21 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Dropbox
[2011.12.13 15:51:51 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\DVDVideoSoft
[2011.12.13 15:50:01 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.05 13:47:27 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Easy Image Modifier
[2011.04.04 16:50:38 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\FileZilla
[2011.12.06 11:42:24 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Foxit Software
[2011.08.07 18:45:35 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Gizmo
[2011.07.17 21:06:34 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\go
[2011.10.31 16:27:06 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\gtk-2.0
[2011.08.09 09:54:37 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\ImgBurn
[2011.03.31 08:31:13 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\JAM Software
[2011.05.18 00:25:56 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\LolClient
[2012.03.17 17:09:25 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\MediaMonkey
[2011.03.31 08:13:23 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Miranda
[2011.04.05 13:45:31 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\ObviousIdea
[2011.03.31 18:20:19 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\PunkBuster
[2011.03.31 07:55:05 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\QuickScan
[2011.08.07 18:53:00 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Recorder
[2012.02.07 19:13:03 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Trine2
[2011.04.01 21:47:48 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\TrueCrypt
[2012.01.26 19:41:45 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\XnView
[2012.03.17 15:36:41 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009.07.14 06:08:49 | 000,031,374 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.08.09 08:12:38 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\abgx360
[2012.03.04 19:54:07 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Adobe
[2011.03.31 17:29:58 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Ahead
[2011.04.06 08:53:52 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Avira
[2012.02.10 18:43:55 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Braid
[2012.03.05 00:07:08 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\calibre
[2011.03.31 15:48:01 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Cherry
[2012.02.05 22:42:32 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Creative
[2011.03.31 16:39:33 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Dev-Cpp
[2011.04.06 12:20:09 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\DivX
[2012.03.17 15:38:21 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Dropbox
[2012.03.04 16:48:45 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\dvdcss
[2011.12.13 15:51:51 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\DVDVideoSoft
[2011.12.13 15:50:01 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.05 13:47:27 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Easy Image Modifier
[2011.04.04 16:50:38 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\FileZilla
[2011.12.06 11:42:24 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Foxit Software
[2011.08.07 18:45:35 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Gizmo
[2011.07.17 21:06:34 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\go
[2011.05.13 21:56:56 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Google
[2011.10.31 16:27:06 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\gtk-2.0
[2011.03.30 22:57:44 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Identities
[2011.08.09 09:54:37 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\ImgBurn
[2011.03.31 08:31:13 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\JAM Software
[2011.05.18 00:25:56 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\LolClient
[2011.03.31 07:12:49 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Macromedia
[2011.04.06 08:58:07 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Malwarebytes
[2010.11.21 07:28:37 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Media Center Programs
[2011.06.23 22:49:57 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Media Player Classic
[2012.03.17 17:09:25 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\MediaMonkey
[2012.01.30 16:18:10 | 000,000,000 | --SD | M] -- C:\Users\Heckler\AppData\Roaming\Microsoft
[2011.03.31 08:13:23 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Miranda
[2011.12.14 17:20:54 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Mozilla
[2011.04.05 13:45:31 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\ObviousIdea
[2011.03.31 18:20:19 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\PunkBuster
[2011.03.31 07:55:05 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\QuickScan
[2011.03.31 08:29:05 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Realtime Soft
[2011.08.07 18:53:00 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Recorder
[2012.01.18 18:00:55 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Skype
[2011.06.04 23:00:23 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\skypePM
[2012.02.07 19:13:03 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Trine2
[2011.04.01 21:47:48 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\TrueCrypt
[2012.03.17 15:58:07 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\vlc
[2011.03.31 07:15:56 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\WinRAR
[2012.01.26 19:41:45 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\XnView
 
< %APPDATA%\*.exe /s >
[2012.02.15 00:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Heckler\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 00:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\Heckler\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2008.12.06 00:00:00 | 000,037,176 | ---- | M] () -- C:\Users\Heckler\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.12.14 17:41:40 | 008,111,264 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Heckler\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2011.02.24 16:07:45 | 000,835,440 | R--- | M] () -- C:\Users\Heckler\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe
 
< %SYSTEMDRIVE%\*.exe >
[2011.04.06 08:57:36 | 007,622,112 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\saywhat.exe
[2012.02.12 17:33:03 | 001,490,553 | ---- | M] () -- C:\SystemCheck_deDE.exe
[2011.04.06 09:19:17 | 000,504,657 | ---- | M] () -- C:\unhide.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2011.10.30 20:35:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=0A8910F85D554ADB5C7F5B157FEE8622 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\ProgramData\Microsoft\Windows\RAI\32\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Users\All Users\Microsoft\Windows\RAI\32\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\ERDNT\cache86\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2011.10.30 20:35:22 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=D186BABDFAE7C0D93C9F6AE63957EE96 -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\ProgramData\Microsoft\Windows\RAI\64\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Users\All Users\Microsoft\Windows\RAI\64\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\ERDNT\cache64\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\ProgramData\Microsoft\Windows\RAI\64\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Users\All Users\Microsoft\Windows\RAI\64\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.08.14 10:37:49 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=87A00ED70FEC36D0DD968E5058C29AA1 -- C:\Windows\SysNative\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         

Alt 17.03.2012, 16:33   #10
SirusV
 
BOO/TDss.M in Masterbootsektor - Standard

BOO/TDss.M in Masterbootsektor



Hier die OTL

Code:
ATTFilter
OTL logfile created on: 17.03.2012 17:09:47 - Run 1
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Heckler\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,45 Gb Available Physical Memory | 74,20% Memory free
12,00 Gb Paging File | 10,40 Gb Available in Paging File | 86,69% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 27,54 Gb Free Space | 18,48% Space Free | Partition Type: NTFS
 
Computer Name: HECKLER-PC | User Name: Heckler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2012.03.17 17:08:01 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Heckler\Desktop\OTL.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.02 14:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011.08.15 14:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011.06.29 10:50:25 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.07 13:29:19 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.31 18:20:20 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.03.30 22:59:15 | 001,496,528 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files\TrueCrypt\TrueCrypt.exe
PRC - [2011.03.04 13:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.01 14:56:54 | 000,254,004 | ---- | M] (ZF Electronics GmbH) -- C:\Program Files (x86)\Cherry\KeyMan\KeyMan.exe
PRC - [2010.08.25 13:09:24 | 000,577,582 | ---- | M] (ZF Electronics GmbH) -- C:\Program Files (x86)\Cherry\CDI\cdi.exe
PRC - [2010.03.18 18:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CtHelper.exe
PRC - [2010.02.12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009.12.21 07:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
PRC - [2009.08.29 07:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Heckler\Local Settings\Apps\F.lux\flux.exe
PRC - [2009.03.13 02:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
PRC - [2009.01.15 15:58:02 | 000,430,968 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe
PRC - [2008.06.11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2006.11.17 16:42:46 | 000,053,341 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.08.29 07:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Heckler\Local Settings\Apps\F.lux\flux.exe
MOD - [2009.03.26 13:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009.03.13 02:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
MOD - [2006.02.22 14:47:44 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Cherry\KeyMan\zlib1.dll
MOD - [2006.02.22 14:47:16 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Cherry\KeyMan\libpng13.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.12.10 13:02:12 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010.08.26 02:57:14 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.10 12:59:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.09.02 14:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.06.29 10:50:25 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.18 21:53:51 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011.05.07 13:29:19 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.31 18:20:20 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.03.30 23:02:02 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011.03.30 22:59:15 | 001,496,528 | ---- | M] (TrueCrypt Foundation) [Auto | Stopped] -- C:\Windows\SysWOW64\TrueCrypt.exe -- (TrueCryptSystemFavorites)
SRV - [2010.08.25 13:09:24 | 000,577,582 | ---- | M] (ZF Electronics GmbH) [On_Demand | Running] -- C:\Program Files (x86)\Cherry\CDI\cdi.exe -- (Cherry Device Interface)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.08.07 18:45:33 | 000,034,704 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gizmodrv.sys -- (GizmoDrv)
DRV:64bit: - [2011.06.29 10:50:26 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.29 10:50:26 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.04.29 11:12:00 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011.03.30 22:59:15 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.03.04 20:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.08.26 04:37:26 | 007,767,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.08.26 04:37:26 | 007,767,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.08.26 02:20:56 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.03.18 19:52:18 | 000,295,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k)
DRV:64bit: - [2010.03.18 19:52:10 | 000,259,672 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k)
DRV:64bit: - [2010.03.18 19:52:02 | 001,360,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV:64bit: - [2010.03.18 19:51:50 | 000,147,544 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010.03.18 19:51:34 | 000,290,392 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010.03.18 19:51:26 | 000,016,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010.03.18 19:51:18 | 000,221,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010.03.18 19:50:52 | 000,866,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010.03.18 19:50:42 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010.03.18 19:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV:64bit: - [2010.03.18 19:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV:64bit: - [2010.03.18 19:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV:64bit: - [2010.03.18 19:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV:64bit: - [2010.03.18 19:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV:64bit: - [2010.03.18 19:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV:64bit: - [2010.03.18 19:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV:64bit: - [2010.03.18 19:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX)
DRV:64bit: - [2010.01.21 16:08:50 | 000,147,584 | ---- | M] (Cherry GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ch64USB.sys -- (Ch64USB)
DRV:64bit: - [2010.01.21 16:07:44 | 000,149,632 | ---- | M] (ZF Electronics GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ch64PS2.sys -- (Ch64PS2) Cherry PS/2 Tastatur Treiber (CDI)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.02.24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2009.02.17 18:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007.03.07 10:51:48 | 000,066,688 | ---- | M] (Cherry GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ch64USBM.sys -- (Ch64USBM)
DRV:64bit: - [2007.02.16 01:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2011.05.13 22:22:22 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.02.24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008.11.14 01:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2007.02.16 01:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 20 E6 3E 28 EF CB 01  [binary data]
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55151
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Heckler\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Heckler\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.14 17:20:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.15 00:24:12 | 000,000,000 | ---D | M]
 
[2011.12.14 17:20:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heckler\AppData\Roaming\Mozilla\Extensions
[2012.01.08 17:26:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heckler\AppData\Roaming\Mozilla\Firefox\Profiles\ksdlmmir.default\extensions
[2012.01.08 17:26:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Heckler\AppData\Roaming\Mozilla\Firefox\Profiles\ksdlmmir.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.12.14 17:20:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.11.21 05:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.21 02:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.21 02:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.21 02:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.21 02:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.21 02:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.21 02:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Heckler\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Heckler\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Heckler\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Heckler\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Speed Dial = C:\Users\Heckler\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.1_0\
CHR - Extension: AdBlock = C:\Users\Heckler\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.20_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Heckler\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.0.3_0\
CHR - Extension: Google Mail-Checker = C:\Users\Heckler\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: Hover Zoom = C:\Users\Heckler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\3.9_0\
 
O1 HOSTS File: ([2011.12.10 13:34:10 | 000,000,522 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3:64bit: - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CherryKeyMan] C:\Program Files (x86)\Cherry\KeyMan\KeyMan.exe (ZF Electronics GmbH)
O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001..\Run: [Creative Software Update] C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001..\Run: [CreativeTaskScheduler] C:\Program Files (x86)\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001..\Run: [F.lux] C:\Users\Heckler\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001..\Run: [GizmoDriveDelegate] "M:\Apps\gizmo\gizmo.exe" /RemountStartupImages File not found
O4 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - Startup: C:\Users\Heckler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Heckler\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O7 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O7 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Heckler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Heckler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.181.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5715636-215F-411A-A6BE-F904F807A3DD}: DhcpNameServer = 192.168.181.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Heckler^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Heckler\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig:64bit - StartUpFolder: C:^Users^Heckler^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk -  - File not found
MsConfig:64bit - StartUpReg: CloneCDTray - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: conhost - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: FILSHtray - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: GizmoDriveDelegate - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: TrueCryptSystemFavorites - C:\Windows\SysWOW64\TrueCrypt.exe (TrueCrypt Foundation)
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: TrueCryptSystemFavorites - C:\Windows\SysWOW64\TrueCrypt.exe (TrueCrypt Foundation)
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {819C9C37-EA28-4974-1EC9-6EBD9D04E907} - Internet Explorer
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {B3C881BD-4ABE-703A-C81F-D69D2A483A4C} - Themes Setup
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {76E76665-BBAD-5C10-4D3B-2D9CD729797F} - Microsoft Windows Media Player 12.0
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A6E6D93B-AE71-DE84-3F4D-F83D824CBC7F} - Microsoft Windows Media Player 12.0
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.17 17:08:03 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Heckler\Desktop\OTL.exe
[2012.03.16 21:19:11 | 000,000,000 | ---D | C] -- C:\Users\Heckler\Desktop\New folder (4)
[2012.03.16 18:51:08 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.03.16 18:42:57 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Heckler\Desktop\tdsskiller.exe
[2012.03.16 04:15:20 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Heckler\Desktop\dds.com
[2012.03.14 19:43:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.03.14 19:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.03.14 19:42:42 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012.03.14 19:42:42 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012.03.14 19:42:42 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012.03.14 19:42:42 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012.03.14 19:42:42 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012.03.14 19:42:38 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012.03.14 19:42:38 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012.03.14 19:42:38 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012.03.14 19:42:38 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012.03.14 19:42:38 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012.03.14 19:42:38 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012.03.14 19:42:37 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012.03.14 19:42:37 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012.03.14 19:42:35 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012.03.14 19:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.03.14 19:42:32 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012.03.04 19:50:34 | 000,000,000 | ---D | C] -- C:\Users\Heckler\AppData\Roaming\calibre
[2012.03.04 19:50:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2012.03.04 19:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2012.03.02 20:05:42 | 000,000,000 | ---D | C] -- C:\Users\Heckler\Desktop\New folder (3)
[2012.03.02 19:29:13 | 000,000,000 | ---D | C] -- C:\Users\Heckler\Desktop\New folder (2)
[2012.03.02 18:37:45 | 000,000,000 | ---D | C] -- C:\Users\Heckler\Desktop\New folder
[2012.03.01 14:23:59 | 000,000,000 | ---D | C] -- C:\Users\Heckler\AppData\Local\MediaMonkey
[2012.03.01 14:23:47 | 000,000,000 | ---D | C] -- C:\Users\Heckler\AppData\Roaming\MediaMonkey
[2012.03.01 14:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
[2012.03.01 14:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMonkey
[2012.02.29 19:43:23 | 000,000,000 | ---D | C] -- C:\11111
[2012.02.29 19:03:29 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Heckler\Desktop\HiJackThis204.exe
[2012.02.29 18:31:22 | 001,079,112 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Heckler\Desktop\procexp64.exe
[2012.02.27 23:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012.02.27 23:08:19 | 000,839,680 | ---- | C] (hxxp://www.mp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm
[2012.02.27 23:08:18 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2012.02.27 23:08:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2012.02.27 12:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.02.27 12:20:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.17 17:08:11 | 000,005,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.17 17:08:11 | 000,005,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.17 17:08:01 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Heckler\Desktop\OTL.exe
[2012.03.17 16:36:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1893283198-134746629-2419546519-1001UA.job
[2012.03.17 16:24:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.17 15:38:17 | 004,931,577 | ---- | M] () -- C:\Windows\{00000005-00000000-00000002-00001102-00000004-20021102}.CDF
[2012.03.17 15:37:45 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.17 15:36:41 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.03.17 15:36:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.17 15:36:21 | 535,662,591 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.17 02:34:21 | 000,036,016 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx
[2012.03.17 02:34:21 | 000,036,016 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx
[2012.03.17 02:34:21 | 000,032,088 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx
[2012.03.17 02:34:21 | 000,032,088 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx
[2012.03.17 02:34:21 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx
[2012.03.16 23:17:26 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.03.16 23:17:26 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.03.16 21:21:59 | 001,620,336 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.16 21:21:59 | 000,699,952 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.16 21:21:59 | 000,654,664 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.16 21:21:59 | 000,148,748 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.16 21:21:59 | 000,121,536 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.16 19:33:45 | 004,931,577 | ---- | M] () -- C:\Windows\{00000005-00000000-00000002-00001102-00000004-20021102}.BAK
[2012.03.16 18:43:25 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Heckler\Desktop\tdsskiller.exe
[2012.03.16 14:36:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1893283198-134746629-2419546519-1001Core.job
[2012.03.16 04:15:22 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Heckler\Desktop\dds.com
[2012.03.16 04:14:37 | 000,000,000 | ---- | M] () -- C:\Users\Heckler\defogger_reenable
[2012.03.16 04:13:47 | 000,050,477 | ---- | M] () -- C:\Users\Heckler\Desktop\Defogger.exe
[2012.03.16 01:59:37 | 001,798,716 | ---- | M] () -- C:\Users\Heckler\Desktop\IMG_0014.JPG
[2012.03.16 01:59:26 | 001,778,512 | ---- | M] () -- C:\Users\Heckler\Desktop\IMG_0013.JPG
[2012.03.16 01:57:51 | 001,793,678 | ---- | M] () -- C:\Users\Heckler\Desktop\IMG_0011.JPG
[2012.03.16 01:57:46 | 001,768,994 | ---- | M] () -- C:\Users\Heckler\Desktop\IMG_0012.JPG
[2012.03.16 01:57:44 | 001,880,915 | ---- | M] () -- C:\Users\Heckler\Desktop\IMG_0006.JPG
[2012.03.16 01:57:25 | 001,825,938 | ---- | M] () -- C:\Users\Heckler\Desktop\IMG_0007.JPG
[2012.03.16 01:57:14 | 001,819,848 | ---- | M] () -- C:\Users\Heckler\Desktop\IMG_0010.JPG
[2012.03.16 01:57:11 | 001,832,865 | ---- | M] () -- C:\Users\Heckler\Desktop\IMG_0009.JPG
[2012.03.14 23:43:57 | 000,000,050 | ---- | M] () -- C:\Windows\Winamp.ini
[2012.03.14 23:43:53 | 000,000,041 | ---- | M] () -- C:\Windows\winampa.ini
[2012.03.14 21:14:35 | 000,000,965 | ---- | M] () -- C:\Users\Heckler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.03.14 19:39:55 | 000,002,409 | ---- | M] () -- C:\Users\Heckler\Desktop\Google Chrome.lnk
[2012.03.04 19:50:26 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012.03.04 15:12:32 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2012.03.04 15:12:32 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2012.03.01 21:48:15 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.03.01 14:23:47 | 000,000,657 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2012.02.29 19:03:28 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Heckler\Desktop\HiJackThis204.exe
[2012.02.29 18:31:22 | 001,079,112 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Heckler\Desktop\procexp64.exe
 
========== Files Created - No Company Name ==========
 
[2012.03.17 15:36:41 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.03.16 04:14:37 | 000,000,000 | ---- | C] () -- C:\Users\Heckler\defogger_reenable
[2012.03.16 04:13:58 | 000,050,477 | ---- | C] () -- C:\Users\Heckler\Desktop\Defogger.exe
[2012.03.16 01:59:15 | 001,798,716 | ---- | C] () -- C:\Users\Heckler\Desktop\IMG_0014.JPG
[2012.03.16 01:59:13 | 001,778,512 | ---- | C] () -- C:\Users\Heckler\Desktop\IMG_0013.JPG
[2012.03.16 01:57:22 | 001,825,938 | ---- | C] () -- C:\Users\Heckler\Desktop\IMG_0007.JPG
[2012.03.16 01:57:19 | 001,880,915 | ---- | C] () -- C:\Users\Heckler\Desktop\IMG_0006.JPG
[2012.03.16 01:57:17 | 001,768,994 | ---- | C] () -- C:\Users\Heckler\Desktop\IMG_0012.JPG
[2012.03.16 01:57:14 | 001,793,678 | ---- | C] () -- C:\Users\Heckler\Desktop\IMG_0011.JPG
[2012.03.16 01:57:11 | 001,819,848 | ---- | C] () -- C:\Users\Heckler\Desktop\IMG_0010.JPG
[2012.03.16 01:57:08 | 001,832,865 | ---- | C] () -- C:\Users\Heckler\Desktop\IMG_0009.JPG
[2012.03.14 23:43:57 | 000,000,050 | ---- | C] () -- C:\Windows\Winamp.ini
[2012.03.14 23:43:53 | 000,000,041 | ---- | C] () -- C:\Windows\winampa.ini
[2012.03.14 19:42:38 | 000,200,468 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2012.03.04 19:50:26 | 000,000,960 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012.03.01 14:23:47 | 000,000,657 | ---- | C] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2012.02.27 23:08:19 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.02.27 23:08:19 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2012.02.27 23:08:18 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.02.27 23:08:18 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.02.27 23:08:16 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.02.19 19:14:55 | 000,000,965 | ---- | C] () -- C:\Users\Heckler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.11.15 20:23:49 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.10.13 12:22:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.10.13 12:22:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.10.13 12:22:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.10.13 12:22:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.10.13 12:22:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.09.02 14:14:54 | 000,000,120 | ---- | C] () -- C:\Users\Heckler\AppData\Local\Bqolebici.dat
[2011.09.02 14:14:54 | 000,000,000 | ---- | C] () -- C:\Users\Heckler\AppData\Local\Hyofezipaha.bin
[2011.08.10 15:29:46 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.07.20 21:12:27 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.07.01 22:58:34 | 000,000,061 | ---- | C] () -- C:\Windows\sbwin.ini
[2011.06.06 21:44:55 | 000,372,736 | ---- | C] () -- C:\Windows\SysWow64\RSLSP.dll
[2011.05.18 18:20:00 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.05.17 16:31:28 | 000,000,281 | ---- | C] () -- C:\Windows\game.ini
[2011.05.16 22:17:39 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.05.16 22:17:39 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.04.17 20:19:07 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011.04.17 20:19:07 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011.04.17 20:19:07 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011.04.16 17:48:04 | 000,000,644 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.04.06 08:47:19 | 000,000,128 | ---- | C] () -- C:\ProgramData\~41869064r
[2011.04.06 08:47:15 | 000,000,384 | ---- | C] () -- C:\ProgramData\41869064
[2011.04.05 13:53:52 | 001,596,894 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.31 18:20:21 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.03.31 18:20:20 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.03.30 23:01:19 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.03.30 23:01:19 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.03.30 22:52:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.12.06 14:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
[2010.06.15 23:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.03.18 18:59:54 | 000,050,439 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010.03.18 18:59:50 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010.03.18 18:19:58 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll
[2010.03.18 18:18:32 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010.03.18 18:17:50 | 000,037,888 | ---- | C] () -- C:\Windows\SysWow64\psconv.exe
[2010.03.18 18:07:54 | 000,386,852 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010.03.18 18:07:54 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010.03.18 17:59:56 | 000,313,207 | ---- | C] () -- C:\Windows\SysWow64\ctstatic.dat
[2010.03.18 17:59:56 | 000,053,932 | ---- | C] () -- C:\Windows\SysWow64\ctdaught.dat
[2010.03.18 17:59:54 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2010.03.18 17:59:50 | 000,010,240 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
 
========== LOP Check ==========
 
[2011.08.09 08:12:38 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\abgx360
[2012.02.10 18:43:55 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Braid
[2012.03.05 00:07:08 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\calibre
[2011.03.31 15:48:01 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Cherry
[2011.03.31 16:39:33 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Dev-Cpp
[2012.03.17 15:38:21 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Dropbox
[2011.12.13 15:51:51 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\DVDVideoSoft
[2011.12.13 15:50:01 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.05 13:47:27 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Easy Image Modifier
[2011.04.04 16:50:38 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\FileZilla
[2011.12.06 11:42:24 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Foxit Software
[2011.08.07 18:45:35 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Gizmo
[2011.07.17 21:06:34 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\go
[2011.10.31 16:27:06 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\gtk-2.0
[2011.08.09 09:54:37 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\ImgBurn
[2011.03.31 08:31:13 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\JAM Software
[2011.05.18 00:25:56 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\LolClient
[2012.03.17 17:09:25 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\MediaMonkey
[2011.03.31 08:13:23 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Miranda
[2011.04.05 13:45:31 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\ObviousIdea
[2011.03.31 18:20:19 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\PunkBuster
[2011.03.31 07:55:05 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\QuickScan
[2011.08.07 18:53:00 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Recorder
[2012.02.07 19:13:03 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Trine2
[2011.04.01 21:47:48 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\TrueCrypt
[2012.01.26 19:41:45 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\XnView
[2012.03.17 15:36:41 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009.07.14 06:08:49 | 000,031,374 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.08.09 08:12:38 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\abgx360
[2012.03.04 19:54:07 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Adobe
[2011.03.31 17:29:58 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Ahead
[2011.04.06 08:53:52 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Avira
[2012.02.10 18:43:55 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Braid
[2012.03.05 00:07:08 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\calibre
[2011.03.31 15:48:01 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Cherry
[2012.02.05 22:42:32 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Creative
[2011.03.31 16:39:33 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Dev-Cpp
[2011.04.06 12:20:09 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\DivX
[2012.03.17 15:38:21 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Dropbox
[2012.03.04 16:48:45 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\dvdcss
[2011.12.13 15:51:51 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\DVDVideoSoft
[2011.12.13 15:50:01 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.05 13:47:27 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Easy Image Modifier
[2011.04.04 16:50:38 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\FileZilla
[2011.12.06 11:42:24 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Foxit Software
[2011.08.07 18:45:35 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Gizmo
[2011.07.17 21:06:34 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\go
[2011.05.13 21:56:56 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Google
[2011.10.31 16:27:06 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\gtk-2.0
[2011.03.30 22:57:44 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Identities
[2011.08.09 09:54:37 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\ImgBurn
[2011.03.31 08:31:13 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\JAM Software
[2011.05.18 00:25:56 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\LolClient
[2011.03.31 07:12:49 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Macromedia
[2011.04.06 08:58:07 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Malwarebytes
[2010.11.21 07:28:37 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Media Center Programs
[2011.06.23 22:49:57 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Media Player Classic
[2012.03.17 17:09:25 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\MediaMonkey
[2012.01.30 16:18:10 | 000,000,000 | --SD | M] -- C:\Users\Heckler\AppData\Roaming\Microsoft
[2011.03.31 08:13:23 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Miranda
[2011.12.14 17:20:54 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Mozilla
[2011.04.05 13:45:31 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\ObviousIdea
[2011.03.31 18:20:19 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\PunkBuster
[2011.03.31 07:55:05 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\QuickScan
[2011.03.31 08:29:05 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Realtime Soft
[2011.08.07 18:53:00 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Recorder
[2012.01.18 18:00:55 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Skype
[2011.06.04 23:00:23 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\skypePM
[2012.02.07 19:13:03 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\Trine2
[2011.04.01 21:47:48 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\TrueCrypt
[2012.03.17 15:58:07 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\vlc
[2011.03.31 07:15:56 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\WinRAR
[2012.01.26 19:41:45 | 000,000,000 | ---D | M] -- C:\Users\Heckler\AppData\Roaming\XnView
 
< %APPDATA%\*.exe /s >
[2012.02.15 00:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Heckler\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 00:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\Heckler\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2008.12.06 00:00:00 | 000,037,176 | ---- | M] () -- C:\Users\Heckler\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.12.14 17:41:40 | 008,111,264 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Heckler\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2011.02.24 16:07:45 | 000,835,440 | R--- | M] () -- C:\Users\Heckler\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe
 
< %SYSTEMDRIVE%\*.exe >
[2011.04.06 08:57:36 | 007,622,112 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\saywhat.exe
[2012.02.12 17:33:03 | 001,490,553 | ---- | M] () -- C:\SystemCheck_deDE.exe
[2011.04.06 09:19:17 | 000,504,657 | ---- | M] () -- C:\unhide.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2011.10.30 20:35:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=0A8910F85D554ADB5C7F5B157FEE8622 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\ProgramData\Microsoft\Windows\RAI\32\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Users\All Users\Microsoft\Windows\RAI\32\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\ERDNT\cache86\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2011.10.30 20:35:22 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=D186BABDFAE7C0D93C9F6AE63957EE96 -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\ProgramData\Microsoft\Windows\RAI\64\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Users\All Users\Microsoft\Windows\RAI\64\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\ERDNT\cache64\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\ProgramData\Microsoft\Windows\RAI\64\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Users\All Users\Microsoft\Windows\RAI\64\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.08.14 10:37:49 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=87A00ED70FEC36D0DD968E5058C29AA1 -- C:\Windows\SysNative\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         

Alt 19.03.2012, 14:15   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO/TDss.M in Masterbootsektor - Standard

BOO/TDss.M in Masterbootsektor



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 20 E6 3E 28 EF CB 01  [binary data]
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55151
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001..\Run: [GizmoDriveDelegate] "M:\Apps\gizmo\gizmo.exe" /RemountStartupImages File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O7 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O7 - HKU\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
[2011.04.06 08:47:19 | 000,000,128 | ---- | C] () -- C:\ProgramData\~41869064r
[2011.04.06 08:47:15 | 000,000,384 | ---- | C] () -- C:\ProgramData\41869064
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.03.2012, 16:12   #12
SirusV
 
BOO/TDss.M in Masterbootsektor - Standard

BOO/TDss.M in Masterbootsektor



Hi. Hier die OTL

Code:
ATTFilter
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
HKU\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1893283198-134746629-2419546519-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}\ not found.
HKEY_USERS\S-1-5-21-1893283198-134746629-2419546519-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1893283198-134746629-2419546519-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1893283198-134746629-2419546519-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
HKU\S-1-5-21-1893283198-134746629-2419546519-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1893283198-134746629-2419546519-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-1893283198-134746629-2419546519-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0\ deleted successfully.
C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll moved successfully.
File C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll not found.
File C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1893283198-134746629-2419546519-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GizmoDriveDelegate deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-1893283198-134746629-2419546519-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMBalloonTip deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFavoritesMenu deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuPinnedList deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1893283198-134746629-2419546519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
C:\ProgramData\~41869064r moved successfully.
C:\ProgramData\41869064 moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Heckler
->Temp folder emptied: 2501355724 bytes
->Temporary Internet Files folder emptied: 386396194 bytes
->Java cache emptied: 73990 bytes
->FireFox cache emptied: 110458687 bytes
->Google Chrome cache emptied: 219177033 bytes
->Flash cache emptied: 8185061 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 104032861 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 3.175,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.1 log created on 03192012_170519

Files\Folders moved on Reboot...
File move failed. C:\Users\Heckler\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
C:\Users\Heckler\AppData\Local\Temp\~DFCB61F3C40FC2B2BA.TMP moved successfully.

Registry entries deleted on Reboot...
         

Alt 19.03.2012, 16:59   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO/TDss.M in Masterbootsektor - Standard

BOO/TDss.M in Masterbootsektor



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.03.2012, 17:59   #14
SirusV
 
BOO/TDss.M in Masterbootsektor - Standard

BOO/TDss.M in Masterbootsektor



Hi. Hier ist die log.txt als Anhang, da zu groß.

Alt 19.03.2012, 18:02   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BOO/TDss.M in Masterbootsektor - Standard

BOO/TDss.M in Masterbootsektor



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu BOO/TDss.M in Masterbootsektor
4d36e972-e325-11ce-bfc1-08002be10318, acrobat update, ad-aware, antivir, antivir guard, avira, bonjour, browser, converter, cpu, desktop, device driver, error, failed, firefox, flash player, google, google earth, hängen, maus, mozilla, mp3, preferences, problem, realtek, software, svchost.exe, tastatur, third party, usb, visual studio, windows



Ähnliche Themen: BOO/TDss.M in Masterbootsektor


  1. Virus 'BOO/TDss.O' im Masterbootsektor
    Log-Analyse und Auswertung - 08.09.2014 (24)
  2. Windows 7: Virus 'BOO/TDss.O' im Masterbootsektor
    Log-Analyse und Auswertung - 08.05.2014 (33)
  3. BOO/TDss.M im Masterbootsektor/HD0 entdeckt
    Plagegeister aller Art und deren Bekämpfung - 07.05.2014 (3)
  4. BOO/TDss.O im Masterbootsektor
    Log-Analyse und Auswertung - 17.04.2014 (11)
  5. Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden
    Log-Analyse und Auswertung - 22.01.2014 (23)
  6. BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte
    Plagegeister aller Art und deren Bekämpfung - 07.01.2014 (33)
  7. Windows 7: BOO/TDss.O in Masterbootsektor nach Formatierung
    Log-Analyse und Auswertung - 17.11.2013 (6)
  8. BOO/TDss.m Masterbootsektor verseucht! versuch zu bereinigen gescheitert
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (27)
  9. BOO/TDss.M im Masterbootsektor gefunden.(Antivir) Auch nach Systemrücksetzung mit Samsung Recovery
    Plagegeister aller Art und deren Bekämpfung - 03.11.2011 (36)
  10. Malware "B00/TDss.M" auf Masterbootsektor HD0/Laufwerk C + D
    Plagegeister aller Art und deren Bekämpfung - 25.10.2011 (31)
  11. Dringend Hilfe gesucht!! Virus "BOO/TDss.D" auf dem Bootsektor, Masterbootsektor HD0
    Log-Analyse und Auswertung - 11.10.2011 (1)
  12. Masterbootsektor HD0 Virus BOO/TDss.D
    Plagegeister aller Art und deren Bekämpfung - 24.09.2011 (35)
  13. BOO/TDss.M im Masterbootsektor/HD0 entdeckt
    Plagegeister aller Art und deren Bekämpfung - 25.07.2011 (27)
  14. Virus "BOO/TDss.m" im Masterbootsektor HD0
    Log-Analyse und Auswertung - 27.05.2011 (16)
  15. BOO/TDss.M im Masterbootsektor gefunden - wie entfernen?
    Log-Analyse und Auswertung - 20.05.2011 (26)
  16. Masterbootsektor mit BOO/TDss.M vereucht
    Plagegeister aller Art und deren Bekämpfung - 05.05.2011 (32)
  17. 'Masterbootsektor HD0'' BOO/TDss.M' [virus].Laptop lässt sich nicht herunterfahren!
    Plagegeister aller Art und deren Bekämpfung - 03.05.2011 (15)

Zum Thema BOO/TDss.M in Masterbootsektor - Hallo zusammen. So wie es aussieht benötige ich Hilfe. Bei jedem Systemstart wird mir von antivir ein BOO/TDss.M im Masterbootsektor angezeigt. Antivir und Malwarebytes habe ich durchlaufen lassen, aber sie - BOO/TDss.M in Masterbootsektor...
Archiv
Du betrachtest: BOO/TDss.M in Masterbootsektor auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.