Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   BKA-trojaner, ukash (https://www.trojaner-board.de/108222-bka-trojaner-ukash.html)

leojadroe 17.01.2012 18:19
BKA-trojaner, ukash
 
Hallo,

ich wurde nun auch von dem, wie mir scheint im Moment sehr häufigen bka Trojaner befallen.
Nachdem ich mich jetzt mit dem Thema auseinandergesetzt habe wundert es mich nicht, denn in Sachen Virenschutz hab ich bisher nicht viel unternommen.

Als der Virus auftrat hab ich mich kurz informiert und habe kurzerhand über den abgesicherten Modus eine Systemwiederherstellung durchgeführt.

Das Problem wurde behoben allerdings die Ursache nicht. Ich habe dann einen Check mit Malwarebytes und ESET durchgeführt und es wurde einiges gefunden.
Ich hab bisher noch keinen scan mit Malwarebytes gemacht, daher ist dies der einzige Log. Ich habe außerdem die Viren mit Malwarebytes gelöscht, ich hoffe das war kein Fehler.
Code:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.17.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19170
leon :: LEON-PC [Administrator]

17.01.2012 13:57:29
mbam-log-2012-01-17 (13-57-29).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 478146
Laufzeit: 1 Stunde(n), 27 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\leon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\3a9fcf3b-7751dba7 (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\leon\AppData\Local\Temp\0.3598520040292984.exe (Exploit.Drop.2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\leon\AppData\Local\Temp\0.5324901587758533.exe (Exploit.Drop.2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\leon\AppData\Local\Temp\0.5594577602595693.exe (Exploit.Drop.2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\leon\AppData\Local\Temp\0.6317527163818346.exe (Exploit.Drop.2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\leon\AppData\Local\Temp\0.691575840140897.exe (Exploit.Drop.2) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=78f9628f4f3f664398b5bc9b02a2a5ab
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-17 02:49:32
# local_time=2012-01-17 03:49:32 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 262301 101708319 319747 0
# compatibility_mode=5892 16776573 100 56 4255 164335661 0 0
# compatibility_mode=8192 67108863 100 0 4048 4048 0 0
# scanned=84
# found=0
# cleaned=0
# scan_time=17
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=78f9628f4f3f664398b5bc9b02a2a5ab
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-17 04:26:30
# local_time=2012-01-17 05:26:30 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 262337 101708355 319783 0
# compatibility_mode=5892 16776573 100 56 4291 164335697 0 0
# compatibility_mode=8192 67108863 100 0 4084 4084 0 0
# scanned=334329
# found=14
# cleaned=0
# scan_time=5799
C:\Users\leon\AppData\Local\Temp\jar_cache5993408437794125822.tmp        Java/Exploit.CVE-2011-3544.U trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\leon\AppData\Local\Temp\jar_cache6841442664753669831.tmp        Java/Exploit.CVE-2010-0840.AG trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\leon\AppData\Local\Temp\SetupDataMngr_iMesh.exe        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I
C:\Users\leon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\78864d5d-51231ee2        Java/Agent.DU trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\leon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\7e7c695f-76b07f25        Java/Agent.DS trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\leon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-6447b881        a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\leon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-651c7868        a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\leon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-6821afc0        a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\leon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-6b21fd08        a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\leon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-7c8a5794        a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\leon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-7dd6becb        a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\leon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\1e80933c-179f759e        a variant of Win32/Kryptik.TON trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\leon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\20ac123c-69ccc47a        Java/Exploit.CVE-2011-3544.Y trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\leon\Downloads\SweetImSetup.exe        a variant of Win32/SweetIM.B application (unable to clean)        00000000000000000000000000000000        I
Schon mal vielen Dank für die Mühe,

Gruß
Leon

cosinus 18.01.2012 20:37
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

leojadroe 18.01.2012 23:10
Hallo,

nein es war das erste mal, dass ich malwarebytes benutzt habe, der obige Log ist der einzige der sich in dem Reiter befindet.

Gruß

cosinus 19.01.2012 10:17
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

leojadroe 19.01.2012 15:59
hier der log von OTL

Code:
OTL logfile created on: 19.01.2012 15:37:23 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\leon\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,75 Gb Available Physical Memory | 68,73% Memory free
8,21 Gb Paging File | 6,73 Gb Available in Paging File | 81,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 623,89 Gb Total Space | 351,39 Gb Free Space | 56,32% Space Free | Partition Type: NTFS
Drive I: | 244,14 Gb Total Space | 243,95 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive M: | 48,83 Gb Total Space | 47,51 Gb Free Space | 97,31% Space Free | Partition Type: NTFS
 
Computer Name: LEON-PC | User Name: leon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.19 15:33:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\leon\Downloads\OTL.exe
PRC - [2011.08.10 17:40:31 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.08.10 17:40:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.03 18:39:20 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.04 17:21:17 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009.03.09 04:19:24 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- M:\Java\bin\jucheck.exe
PRC - [2009.03.09 04:19:17 | 000,148,888 | ---- | M] (Sun Microsystems, Inc.) -- M:\Java\bin\jusched.exe
PRC - [2008.07.07 15:26:28 | 001,038,136 | ---- | M] (Packard Bell BV) -- C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe
PRC - [2007.09.10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2006.12.19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2008.01.21 03:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (usprserv)
SRV - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- M:\SASCORE64.EXE -- (!SASCORE)
SRV - [2011.08.10 17:40:31 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.08.10 17:40:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.04 17:21:17 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.17 01:39:00 | 002,736,890 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2008.10.21 13:00:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.07.16 14:00:00 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2007.09.10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2006.12.19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.08.10 17:40:31 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.08.10 17:40:31 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.07.27 08:14:24 | 006,465,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C270(UVC)
DRV:64bit: - [2010.06.10 00:01:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.02.03 16:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV:64bit: - [2008.10.17 10:00:00 | 000,179,768 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mkd3kfNt.sys -- (Mkd3kfNt)
DRV:64bit: - [2008.10.17 10:00:00 | 000,106,040 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV:64bit: - [2008.04.16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007.02.08 18:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV:64bit: - [2006.06.14 15:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2011.10.06 12:53:12 | 000,040,672 | ---- | M] (Hitachi Semiconductor and Devices Sales Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\CESG502.SYS -- (PVUSB)
DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] () [Kernel | System | Running] -- M:\\SASDIFSV64.SYS -- (SASDIFSV)
DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] () [Kernel | System | Running] -- M:\\SASKUTIL64.SYS -- (SASKUTIL)
DRV - [2008.07.16 13:56:06 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
DRV - [2005.01.03 07:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0109&m=imedia_x5500_ge
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0109&m=imedia_x5500_ge
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0109&m=imedia_x5500_ge
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0109&m=imedia_x5500_ge
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0109&m=imedia_x5500_ge
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0109&m=imedia_x5500_ge
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: M:\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Firefox\components [2012.01.08 19:26:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Firefox\plugins [2011.12.08 15:58:48 | 000,000,000 | ---D | M]
 
[2009.01.05 18:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\leon\AppData\Roaming\mozilla\Extensions
[2012.01.07 23:21:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\leon\AppData\Roaming\mozilla\Firefox\Profiles\vyggxc4n.default\extensions
[2009.08.31 22:11:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\leon\AppData\Roaming\mozilla\Firefox\Profiles\vyggxc4n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.12 18:53:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\leon\AppData\Roaming\mozilla\Firefox\Profiles\vyggxc4n.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.08.28 13:33:54 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\leon\AppData\Roaming\mozilla\Firefox\Profiles\vyggxc4n.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.07 23:21:35 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\leon\AppData\Roaming\mozilla\Firefox\Profiles\vyggxc4n.default\extensions\support@predictad.com
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2010.04.27 13:28:05 | 000,000,987 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1      static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1      ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1      onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1      orbitservice.ubi.com
O1 - Hosts: 127.0.0.1      ubisoft-orbit-savegames.s3.amazonaws.com
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - M:\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKLM..\Run: [SunJavaUpdateSched] M:\Java\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKCU..\Run: [SUPERAntiSpyware] M:\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\leon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\leon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\leon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAD1B8C9-3501-4D91-BB57-F98241E200E8}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\leon\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\leon\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cd482b3b-ae22-11df-b0fb-00226838a449}\Shell\AutoRun\command - "" = J:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Iolo Macro Magic.lnk - C:\PROGRA~2\Iolo\MACROM~1\Macros.exe - ()
MsConfig:64bit - StartUpFolder: C:^Users^leon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\leon\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig:64bit - StartUpFolder: C:^Users^leon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk - M:\openoffice\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig:64bit - StartUpReg: CurseClient - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: !SASCORE - M:\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: !SASCORE - M:\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.divxa32 - DivXa32.acm File not found
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.xvid - C:\Windows\SysWow64\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.17 18:11:46 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{A9BBAE0F-C4CF-4BD6-917C-7F163358C3DA}
[2012.01.17 18:11:45 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{00D7E8ED-4324-42AD-AC0B-6D06D6C047BF}
[2012.01.17 15:41:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.01.17 15:41:43 | 002,322,184 | ---- | C] (ESET) -- C:\Users\leon\Desktop\esetsmartinstaller_enu.exe
[2012.01.17 15:33:20 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Roaming\SUPERAntiSpyware.com
[2012.01.17 15:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.01.17 15:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.01.17 13:55:49 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Roaming\Malwarebytes
[2012.01.17 13:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.17 13:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.17 13:55:32 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.01.17 13:55:32 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2012.01.16 21:34:32 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{6457B732-3402-4177-963B-F7647278C1C1}
[2012.01.16 21:34:28 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{D7A590AF-24C4-419A-8096-90678E10CF4F}
[2012.01.15 14:46:44 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{E1056E67-26D6-4079-B4DF-4680E27F7CC5}
[2012.01.15 14:46:43 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{72E802B2-AD1D-4F56-878B-2D51A4763C20}
[2012.01.14 15:59:24 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{00620D53-4F2E-43B9-A09D-908E1878947C}
[2012.01.14 15:59:23 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{9E7AB179-84BE-4AC0-8061-42C59E0C35DD}
[2012.01.13 21:59:32 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{38D09863-AD53-40F9-A290-316F37A22587}
[2012.01.13 21:59:29 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{D2A735BC-D4A4-45AE-8294-F2602BA403B1}
[2012.01.12 16:06:31 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{B6FC55D3-2CB2-4829-9E03-23BA90E8AC81}
[2012.01.12 16:06:29 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{6ED014EC-AF32-42B0-B3E8-02C5989AFC12}
[2012.01.11 21:36:23 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{CA07D67B-35EF-4EAD-BAF7-7662394FC966}
[2012.01.11 21:36:22 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{FBE98FE7-E288-49EF-AA12-4B10DC5B2153}
[2012.01.10 13:44:06 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{BDE5858F-6D30-452E-A8BF-E953F1A4A9E4}
[2012.01.10 13:44:05 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{20114FE2-D195-4983-A238-82028F890BDB}
[2012.01.09 20:35:23 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{FA7DD910-ED07-4570-9190-408F6E5AE415}
[2012.01.09 20:35:22 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{01ED3C02-77B2-4D0E-B9D5-7F7DFA34BB82}
[2012.01.08 15:47:16 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{DA4B7037-17AA-4B33-B3CC-EF06627DE409}
[2012.01.08 15:47:16 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{85D32734-5F32-4904-9A1A-E51171E343A2}
[2012.01.07 23:21:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutocompletePro
[2012.01.07 12:21:10 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{8F971144-EC72-41AB-967B-F937086EF683}
[2012.01.07 12:21:09 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{63AA0E16-7959-4D2C-91BC-6308E198F6DD}
[2012.01.06 20:14:27 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{7FD660EE-61F3-4F26-BA95-108B005BCC45}
[2012.01.06 20:14:25 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{58B03D49-03D4-490F-911B-0BE70C25DFCC}
[2012.01.05 16:31:35 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{28263EFA-6E91-44C6-B22D-29C45B5674D4}
[2012.01.05 16:31:34 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{F842BFEF-88C6-404A-85F6-851756EE56A8}
[2012.01.04 21:36:00 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{E5895A2C-3AED-421D-9B74-31562219DADC}
[2012.01.04 21:35:58 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{A33D24E0-03A5-45F3-B353-FDEB2412A48F}
[2012.01.03 15:35:12 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{03C1D324-AEFA-478E-8998-93CB9A592611}
[2012.01.03 15:35:11 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{52A8F511-45E3-431C-BA3C-95B47F40F612}
[2012.01.02 21:25:26 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{A0DAD41F-98B9-410B-8817-C3B4CD56CAAC}
[2012.01.02 21:25:24 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{AD435F79-E78F-4162-97E5-C0D0B5CD8A2A}
[2012.01.01 16:41:22 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{06C9D5A7-944A-4753-9237-35F82262BC2A}
[2012.01.01 16:41:19 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{214318B9-773A-4C25-A9B3-C5D7CB17F26A}
[2011.12.31 14:57:33 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{6C8951DA-0E39-401A-BAAA-221943182F37}
[2011.12.31 14:57:32 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{14C3FCC4-86ED-49A0-8311-221498620D9F}
[2011.12.30 15:25:06 | 000,000,000 | ---D | C] -- C:\Users\leon\Desktop\Neuer Ordner (2)
[2011.12.30 14:55:31 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{F85A8F06-0C42-4474-91EF-FF71C55CB132}
[2011.12.30 14:55:30 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{58C65D32-7A77-45B2-8A2A-39F5A79559CE}
[2011.12.22 11:21:20 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{FD1E03CF-A038-458B-8DD9-7647875C48EE}
[2011.12.22 11:21:18 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{33C84E4F-FDDB-4620-B4C5-B8705089A04D}
[2011.12.21 16:09:38 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{CDBF2151-5AC3-44B7-BA4C-63551E842D20}
[2011.12.21 16:09:37 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{69E463B5-6C80-412C-8B0E-A0CF7997FA6A}
[2011.12.21 00:54:14 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{14184F0B-5F86-40C7-9B55-A6848195DC53}
[2011.12.21 00:54:13 | 000,000,000 | ---D | C] -- C:\Users\leon\AppData\Local\{11A18BD6-2A73-4146-B3CF-85DCA5D0EA4F}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\leon\*.tmp files -> C:\Users\leon\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.19 15:40:09 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.19 15:30:39 | 001,458,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.19 15:30:39 | 000,633,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.19 15:30:39 | 000,599,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.19 15:30:39 | 000,128,784 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.19 15:30:39 | 000,105,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.19 15:27:10 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.19 15:24:13 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.01.19 15:24:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2012.01.19 15:24:00 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.19 15:24:00 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.19 15:23:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.19 15:23:52 | 4293,120,000 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.17 15:41:44 | 002,322,184 | ---- | M] (ESET) -- C:\Users\leon\Desktop\esetsmartinstaller_enu.exe
[2012.01.17 15:26:56 | 000,000,307 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.01.09 23:24:21 | 000,000,959 | ---- | M] () -- C:\Users\leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.01.09 20:35:19 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.12.30 15:33:53 | 000,066,048 | ---- | M] () -- C:\Users\leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\leon\*.tmp files -> C:\Users\leon\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.17 15:26:56 | 000,000,307 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.01.17 13:43:09 | 4293,120,000 | -HS- | C] () -- C:\hiberfil.sys
[2012.01.09 23:24:21 | 000,000,959 | ---- | C] () -- C:\Users\leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.12.15 19:19:16 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2011.10.06 12:54:11 | 000,000,008 | ---- | C] () -- C:\Windows\SysWow64\tcdl2.dll
[2011.10.06 12:54:11 | 000,000,008 | ---- | C] () -- C:\Windows\SysWow64\ctsn32.dll
[2011.09.18 15:02:10 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2010.07.27 08:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010.07.27 08:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010.07.27 08:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010.07.25 16:45:40 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.01.04 17:21:25 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.01.04 17:21:17 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.01.02 20:01:53 | 000,000,000 | ---- | C] () -- C:\Windows\scummvm.ini
[2009.12.03 14:27:30 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.12.03 14:27:06 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.12.03 14:26:44 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.11.27 16:51:20 | 000,000,680 | ---- | C] () -- C:\Users\leon\AppData\Local\d3d9caps.dat
[2009.04.12 01:45:03 | 000,000,552 | ---- | C] () -- C:\Users\leon\AppData\Local\d3d8caps.dat
[2009.03.29 20:05:38 | 000,000,273 | ---- | C] () -- C:\Windows\game.ini
[2009.02.08 15:10:47 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2009.02.08 15:10:47 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2009.02.08 15:10:47 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2009.01.06 23:22:54 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.01.06 15:36:21 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.01.05 21:36:30 | 000,024,226 | ---- | C] () -- C:\Users\leon\AppData\Roaming\UserTile.png
[2009.01.05 20:47:31 | 000,066,048 | ---- | C] () -- C:\Users\leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.05 18:59:29 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.10.21 13:08:41 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.10.21 12:59:06 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005.04.06 16:27:14 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2005.04.06 16:24:40 | 001,216,512 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2002.10.12 15:41:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\px.ini
[2002.05.24 00:00:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\lockout.dll
[2002.05.24 00:00:00 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\lockres.dll
[2002.04.21 19:30:14 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2002.04.01 23:16:30 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\VorbisEnc.dll
[2002.04.01 23:16:14 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2002.04.01 23:15:40 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
[2001.08.31 14:33:58 | 000,425,984 | ---- | C] () -- C:\Windows\SysWow64\VxDMDcDlg.dll
 
========== LOP Check ==========
 
[2009.01.06 00:02:34 | 000,000,000 | -HSD | M] -- C:\Users\leon\AppData\Roaming\.#
[2010.12.31 13:44:28 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Audio Record Edit Toolbox
[2010.11.06 21:03:14 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Audio Recorder for Free 2010
[2012.01.19 15:28:24 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Dropbox
[2011.08.28 13:34:08 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\DVDVideoSoft
[2011.08.28 13:33:54 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.15 20:21:15 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\ICQ
[2011.09.07 16:11:55 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\IrfanView
[2010.05.31 10:11:06 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\LolClient
[2010.03.04 19:34:28 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009.02.08 12:14:49 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\OpenArena
[2009.05.25 19:15:15 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\OpenOffice.org
[2010.01.26 13:59:34 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\PacificPoker
[2009.02.22 18:32:51 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Packard Bell
[2009.01.05 21:36:30 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\PeerNetworking
[2009.06.15 18:05:12 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\ScummVM
[2010.04.23 14:57:04 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\TS3Client
[2011.08.27 17:41:49 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Ubisoft
[2011.08.27 17:39:22 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\uTorrent
[2009.06.30 21:00:50 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\VERITAS
[2011.08.28 21:21:24 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Windows Live Writer
[2011.12.12 22:31:16 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\xm1
[2012.01.18 23:49:47 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.01.06 00:02:34 | 000,000,000 | -HSD | M] -- C:\Users\leon\AppData\Roaming\.#
[2011.09.07 16:08:38 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Adobe
[2011.08.24 18:13:01 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Apple Computer
[2010.12.31 13:44:28 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Audio Record Edit Toolbox
[2010.11.06 21:03:14 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Audio Recorder for Free 2010
[2011.04.03 18:35:32 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Avira
[2010.08.03 19:58:03 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\DivX
[2012.01.19 15:28:24 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Dropbox
[2011.11.23 21:48:50 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\dvdcss
[2011.08.28 13:34:08 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\DVDVideoSoft
[2011.08.28 13:33:54 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.15 20:21:15 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\ICQ
[2009.01.05 18:44:29 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Identities
[2011.09.07 16:11:55 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\IrfanView
[2010.05.31 10:11:06 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\LolClient
[2010.03.04 19:34:28 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009.01.05 18:48:46 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Macromedia
[2012.01.17 13:55:49 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Malwarebytes
[2006.11.02 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Media Center Programs
[2011.10.06 12:54:06 | 000,000,000 | --SD | M] -- C:\Users\leon\AppData\Roaming\Microsoft
[2011.12.13 15:14:41 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\MiKTeX
[2009.01.05 18:59:29 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Mozilla
[2009.02.08 12:14:49 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\OpenArena
[2009.05.25 19:15:15 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\OpenOffice.org
[2010.01.26 13:59:34 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\PacificPoker
[2009.02.22 18:32:51 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Packard Bell
[2009.01.05 21:36:30 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\PeerNetworking
[2009.06.15 18:05:12 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\ScummVM
[2011.11.18 20:58:58 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Skype
[2011.08.29 16:17:17 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\skypePM
[2010.08.09 12:14:52 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Sun
[2012.01.17 15:33:20 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\SUPERAntiSpyware.com
[2009.01.05 18:45:03 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Symantec
[2010.08.10 19:24:10 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\teamspeak2
[2010.04.23 14:57:04 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\TS3Client
[2011.08.27 17:41:49 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Ubisoft
[2011.08.27 17:39:22 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\uTorrent
[2010.06.06 14:44:08 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Ventrilo
[2009.06.30 21:00:50 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\VERITAS
[2009.04.01 19:05:34 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\vlc
[2011.08.28 21:21:24 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\Windows Live Writer
[2009.01.06 15:48:04 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\WinRAR
[2011.12.12 22:31:16 | 000,000,000 | ---D | M] -- C:\Users\leon\AppData\Roaming\xm1
 
< %APPDATA%\*.exe /s >
[2011.09.02 01:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\leon\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.09.02 01:42:12 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\leon\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2010.03.04 18:23:56 | 000,038,784 | ---- | M] () -- C:\Users\leon\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.10.06 12:54:06 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\leon\AppData\Roaming\Microsoft\Installer\{71F205E9-C01C-47C5-B029-8AAC14AF03F1}\ARPPRODUCTICON.exe
[2011.10.06 12:54:06 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\leon\AppData\Roaming\Microsoft\Installer\{71F205E9-C01C-47C5-B029-8AAC14AF03F1}\NewShortcut1_71F205E9C01C47C5B0298AAC14AF03F1.exe
[2011.10.06 12:54:06 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\leon\AppData\Roaming\Microsoft\Installer\{71F205E9-C01C-47C5-B029-8AAC14AF03F1}\NewShortcut2_71F205E9C01C47C5B0298AAC14AF03F1.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

cosinus 19.01.2012 21:20
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cd482b3b-ae22-11df-b0fb-00226838a449}\Shell\AutoRun\command - "" = J:\Menu.exe
MsConfig:64bit - StartUpReg: CurseClient - hkey= - key= -  File not found
[2012.01.07 23:21:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutocompletePro
[2009.01.06 00:02:34 | 000,000,000 | -HSD | M] -- C:\Users\leon\AppData\Roaming\.#
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

leojadroe 19.01.2012 21:41
Hallo,

der fix ist durchgeführt. Am Anfang hat er mir eine Fehlermeldung gegeben, dass kein Datenträger in Laufwerk H ist. Ich hab dann auf abbrechen geklickt, der rest wurde soweit ich das sehe vernünftig ausgeführt.
Danke ;)


Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd482b3b-ae22-11df-b0fb-00226838a449}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd482b3b-ae22-11df-b0fb-00226838a449}\ not found.
File J:\Menu.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\CurseClient\ not found.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\defaults\preferences folder moved successfully.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\defaults folder moved successfully.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\chrome\content folder moved successfully.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\chrome folder moved successfully.
C:\Program Files (x86)\AutocompletePro\support@predictad.com folder moved successfully.
C:\Program Files (x86)\AutocompletePro\chrome folder moved successfully.
C:\Program Files (x86)\AutocompletePro folder moved successfully.
C:\Users\leon\AppData\Roaming\.# folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: leon
->Temp folder emptied: 905441198 bytes
->Temporary Internet Files folder emptied: 300786600 bytes
->Java cache emptied: 63827 bytes
->FireFox cache emptied: 353569265 bytes
->Google Chrome cache emptied: 6099312 bytes
->Flash cache emptied: 47944 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 134253943 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 963247353 bytes
 
Total Files Cleaned = 2.540,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01192012_213322

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 19.01.2012 23:43
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

leojadroe 20.01.2012 01:04
scan fertig, hat aber nichts gefunden.

Code:
01:02:05.0863 2524        TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
01:02:06.0041 2524        ============================================================
01:02:06.0041 2524        Current date / time: 2012/01/20 01:02:06.0041
01:02:06.0041 2524        SystemInfo:
01:02:06.0041 2524       
01:02:06.0041 2524        OS Version: 6.0.6002 ServicePack: 2.0
01:02:06.0041 2524        Product type: Workstation
01:02:06.0041 2524        ComputerName: LEON-PC
01:02:06.0041 2524        UserName: leon
01:02:06.0041 2524        Windows directory: C:\Windows
01:02:06.0041 2524        System windows directory: C:\Windows
01:02:06.0041 2524        Running under WOW64
01:02:06.0041 2524        Processor architecture: Intel x64
01:02:06.0041 2524        Number of processors: 4
01:02:06.0041 2524        Page size: 0x1000
01:02:06.0041 2524        Boot type: Normal boot
01:02:06.0042 2524        ============================================================
01:02:06.0383 2524        Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:02:06.0399 2524        Drive \Device\Harddisk5\DR5 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:02:06.0528 2524        Initialize success
01:02:11.0448 0544        ============================================================
01:02:11.0449 0544        Scan started
01:02:11.0449 0544        Mode: Manual; SigCheck; TDLFS;
01:02:11.0449 0544        ============================================================
01:02:12.0553 0544        ACPI            (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
01:02:12.0671 0544        ACPI - ok
01:02:12.0835 0544        adp94xx        (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
01:02:12.0871 0544        adp94xx - ok
01:02:12.0926 0544        adpahci        (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
01:02:12.0950 0544        adpahci - ok
01:02:13.0086 0544        adpu160m        (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
01:02:13.0101 0544        adpu160m - ok
01:02:13.0146 0544        adpu320        (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
01:02:13.0162 0544        adpu320 - ok
01:02:13.0236 0544        AFD            (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
01:02:13.0321 0544        AFD - ok
01:02:13.0432 0544        agp440          (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
01:02:13.0447 0544        agp440 - ok
01:02:13.0511 0544        aic78xx        (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
01:02:13.0525 0544        aic78xx - ok
01:02:13.0564 0544        aliide          (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
01:02:13.0575 0544        aliide - ok
01:02:13.0596 0544        amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
01:02:13.0607 0544        amdide - ok
01:02:13.0644 0544        AmdK8          (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
01:02:13.0796 0544        AmdK8 - ok
01:02:13.0962 0544        arc            (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
01:02:13.0977 0544        arc - ok
01:02:14.0041 0544        arcsas          (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
01:02:14.0056 0544        arcsas - ok
01:02:14.0095 0544        AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
01:02:14.0146 0544        AsyncMac - ok
01:02:14.0186 0544        atapi          (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
01:02:14.0199 0544        atapi - ok
01:02:14.0270 0544        avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
01:02:14.0308 0544        avgntflt - ok
01:02:14.0361 0544        avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
01:02:14.0376 0544        avipbb - ok
01:02:14.0447 0544        blbdrive        (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
01:02:14.0499 0544        blbdrive - ok
01:02:14.0566 0544        bowser          (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
01:02:14.0641 0544        bowser - ok
01:02:14.0685 0544        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
01:02:14.0842 0544        BrFiltLo - ok
01:02:14.0938 0544        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
01:02:14.0975 0544        BrFiltUp - ok
01:02:15.0041 0544        Brserid        (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
01:02:15.0191 0544        Brserid - ok
01:02:15.0220 0544        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
01:02:15.0291 0544        BrSerWdm - ok
01:02:15.0313 0544        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
01:02:15.0378 0544        BrUsbMdm - ok
01:02:15.0401 0544        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
01:02:15.0465 0544        BrUsbSer - ok
01:02:15.0512 0544        BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
01:02:15.0577 0544        BTHMODEM - ok
01:02:15.0626 0544        cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
01:02:15.0665 0544        cdfs - ok
01:02:15.0714 0544        cdrom          (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
01:02:15.0754 0544        cdrom - ok
01:02:15.0789 0544        circlass        (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
01:02:15.0841 0544        circlass - ok
01:02:15.0889 0544        CLFS            (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
01:02:15.0945 0544        CLFS - ok
01:02:16.0000 0544        cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
01:02:16.0011 0544        cmdide - ok
01:02:16.0034 0544        Compbatt        (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
01:02:16.0046 0544        Compbatt - ok
01:02:16.0068 0544        crcdisk        (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
01:02:16.0080 0544        crcdisk - ok
01:02:16.0155 0544        DfsC            (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
01:02:16.0207 0544        DfsC - ok
01:02:16.0256 0544        disk            (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
01:02:16.0271 0544        disk - ok
01:02:16.0331 0544        drmkaud        (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
01:02:16.0368 0544        drmkaud - ok
01:02:16.0384 0544        dump_wmimmc - ok
01:02:16.0441 0544        DXGKrnl        (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
01:02:16.0517 0544        DXGKrnl - ok
01:02:16.0579 0544        E1G60          (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
01:02:16.0642 0544        E1G60 - ok
01:02:16.0699 0544        Ecache          (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
01:02:16.0718 0544        Ecache - ok
01:02:16.0752 0544        elxstor        (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
01:02:16.0801 0544        elxstor - ok
01:02:16.0841 0544        ErrDev          (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
01:02:16.0884 0544        ErrDev - ok
01:02:16.0976 0544        exfat          (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
01:02:17.0041 0544        exfat - ok
01:02:17.0083 0544        fastfat        (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
01:02:17.0141 0544        fastfat - ok
01:02:17.0180 0544        fdc            (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
01:02:17.0212 0544        fdc - ok
01:02:17.0238 0544        FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
01:02:17.0253 0544        FileInfo - ok
01:02:17.0278 0544        Filetrace      (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
01:02:17.0333 0544        Filetrace - ok
01:02:17.0362 0544        flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
01:02:17.0393 0544        flpydisk - ok
01:02:17.0431 0544        FltMgr          (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
01:02:17.0464 0544        FltMgr - ok
01:02:17.0497 0544        Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
01:02:17.0543 0544        Fs_Rec - ok
01:02:17.0563 0544        gagp30kx        (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
01:02:17.0583 0544        gagp30kx - ok
01:02:17.0609 0544        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:02:17.0620 0544        GEARAspiWDM - ok
01:02:17.0686 0544        HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
01:02:17.0777 0544        HdAudAddService - ok
01:02:17.0832 0544        HDAudBus        (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:02:17.0927 0544        HDAudBus - ok
01:02:17.0972 0544        HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
01:02:18.0039 0544        HidBth - ok
01:02:18.0066 0544        HidIr          (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
01:02:18.0133 0544        HidIr - ok
01:02:18.0169 0544        HidUsb          (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
01:02:18.0222 0544        HidUsb - ok
01:02:18.0254 0544        HpCISSs        (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
01:02:18.0268 0544        HpCISSs - ok
01:02:18.0321 0544        HTTP            (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
01:02:18.0434 0544        HTTP - ok
01:02:18.0455 0544        i2omp          (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
01:02:18.0468 0544        i2omp - ok
01:02:18.0498 0544        i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
01:02:18.0534 0544        i8042prt - ok
01:02:18.0556 0544        iaStorV        (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
01:02:18.0577 0544        iaStorV - ok
01:02:18.0609 0544        iirsp          (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
01:02:18.0622 0544        iirsp - ok
01:02:18.0728 0544        int15          (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys
01:02:18.0738 0544        int15 - ok
01:02:18.0810 0544        IntcAzAudAddService (504eaa8a5a61b051ad5b26205fc00e12) C:\Windows\system32\drivers\RTKVHD64.sys
01:02:18.0916 0544        IntcAzAudAddService - ok
01:02:18.0980 0544        intelide        (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
01:02:18.0992 0544        intelide - ok
01:02:19.0017 0544        intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
01:02:19.0063 0544        intelppm - ok
01:02:19.0120 0544        IpFilterDriver  (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:02:19.0160 0544        IpFilterDriver - ok
01:02:19.0186 0544        IpInIp - ok
01:02:19.0214 0544        IPMIDRV        (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
01:02:19.0264 0544        IPMIDRV - ok
01:02:19.0284 0544        IPNAT          (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
01:02:19.0332 0544        IPNAT - ok
01:02:19.0359 0544        IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
01:02:19.0406 0544        IRENUM - ok
01:02:19.0431 0544        isapnp          (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
01:02:19.0443 0544        isapnp - ok
01:02:19.0488 0544        iScsiPrt        (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
01:02:19.0508 0544        iScsiPrt - ok
01:02:19.0526 0544        iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
01:02:19.0545 0544        iteatapi - ok
01:02:19.0563 0544        iteraid        (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
01:02:19.0576 0544        iteraid - ok
01:02:19.0599 0544        kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
01:02:19.0612 0544        kbdclass - ok
01:02:19.0629 0544        kbdhid          (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
01:02:19.0664 0544        kbdhid - ok
01:02:19.0701 0544        KSecDD          (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
01:02:19.0734 0544        KSecDD - ok
01:02:19.0780 0544        ksthunk        (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
01:02:19.0835 0544        ksthunk - ok
01:02:19.0864 0544        lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
01:02:19.0918 0544        lltdio - ok
01:02:19.0949 0544        LSI_FC          (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
01:02:19.0964 0544        LSI_FC - ok
01:02:19.0986 0544        LSI_SAS        (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
01:02:20.0001 0544        LSI_SAS - ok
01:02:20.0029 0544        LSI_SCSI        (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
01:02:20.0044 0544        LSI_SCSI - ok
01:02:20.0062 0544        luafv          (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
01:02:20.0107 0544        luafv - ok
01:02:20.0276 0544        LVUVC64        (bfba84b8a9c233ae42b11cf7bdfc6c01) C:\Windows\system32\DRIVERS\lvuvc64.sys
01:02:20.0921 0544        LVUVC64 - ok
01:02:21.0090 0544        megasas        (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
01:02:21.0103 0544        megasas - ok
01:02:21.0164 0544        MegaSR          (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
01:02:21.0197 0544        MegaSR - ok
01:02:21.0273 0544        Mkd2Nadr        (957cc0c0b992adbc625ae1858115487c) C:\Windows\system32\drivers\Mkd2Nadr.sys
01:02:21.0286 0544        Mkd2Nadr - ok
01:02:21.0334 0544        Mkd3kfNt        (a3ab450c7c31a546badc268d6b11703c) C:\Windows\system32\drivers\Mkd3kfNt.sys
01:02:21.0349 0544        Mkd3kfNt - ok
01:02:21.0370 0544        Modem          (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
01:02:21.0427 0544        Modem - ok
01:02:21.0466 0544        monitor        (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
01:02:21.0500 0544        monitor - ok
01:02:21.0519 0544        mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
01:02:21.0532 0544        mouclass - ok
01:02:21.0558 0544        mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
01:02:21.0604 0544        mouhid - ok
01:02:21.0624 0544        MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
01:02:21.0638 0544        MountMgr - ok
01:02:21.0661 0544        mpio            (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
01:02:21.0677 0544        mpio - ok
01:02:21.0704 0544        mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
01:02:21.0756 0544        mpsdrv - ok
01:02:21.0776 0544        Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
01:02:21.0788 0544        Mraid35x - ok
01:02:21.0824 0544        MRxDAV          (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
01:02:21.0911 0544        MRxDAV - ok
01:02:21.0933 0544        mrxsmb          (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:02:21.0992 0544        mrxsmb - ok
01:02:22.0017 0544        mrxsmb10        (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:02:22.0049 0544        mrxsmb10 - ok
01:02:22.0072 0544        mrxsmb20        (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:02:22.0103 0544        mrxsmb20 - ok
01:02:22.0156 0544        msahci          (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
01:02:22.0168 0544        msahci - ok
01:02:22.0188 0544        msdsm          (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
01:02:22.0204 0544        msdsm - ok
01:02:22.0237 0544        Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
01:02:22.0276 0544        Msfs - ok
01:02:22.0319 0544        msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
01:02:22.0331 0544        msisadrv - ok
01:02:22.0365 0544        MSKSSRV        (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
01:02:22.0404 0544        MSKSSRV - ok
01:02:22.0422 0544        MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
01:02:22.0461 0544        MSPCLOCK - ok
01:02:22.0479 0544        MSPQM          (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
01:02:22.0515 0544        MSPQM - ok
01:02:22.0556 0544        MsRPC          (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
01:02:22.0578 0544        MsRPC - ok
01:02:22.0601 0544        mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
01:02:22.0614 0544        mssmbios - ok
01:02:22.0653 0544        MSTEE          (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
01:02:22.0693 0544        MSTEE - ok
01:02:22.0705 0544        Mup            (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
01:02:22.0720 0544        Mup - ok
01:02:22.0765 0544        NativeWifiP    (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
01:02:22.0800 0544        NativeWifiP - ok
01:02:22.0866 0544        NDIS            (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
01:02:22.0914 0544        NDIS - ok
01:02:22.0957 0544        NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
01:02:22.0988 0544        NdisTapi - ok
01:02:23.0014 0544        Ndisuio        (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
01:02:23.0058 0544        Ndisuio - ok
01:02:23.0093 0544        NdisWan        (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
01:02:23.0132 0544        NdisWan - ok
01:02:23.0144 0544        NDProxy        (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
01:02:23.0178 0544        NDProxy - ok
01:02:23.0223 0544        NetBIOS        (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
01:02:23.0256 0544        NetBIOS - ok
01:02:23.0295 0544        netbt          (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
01:02:23.0327 0544        netbt - ok
01:02:23.0362 0544        nfrd960        (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
01:02:23.0374 0544        nfrd960 - ok
01:02:23.0412 0544        Npfs            (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
01:02:23.0442 0544        Npfs - ok
01:02:23.0452 0544        NPPTNT2 - ok
01:02:23.0467 0544        nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
01:02:23.0505 0544        nsiproxy - ok
01:02:23.0574 0544        Ntfs            (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
01:02:23.0691 0544        Ntfs - ok
01:02:23.0722 0544        Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
01:02:23.0766 0544        Null - ok
01:02:23.0852 0544        NVENETFD        (ae17aae41fc47ada0b989d1fa6fba60b) C:\Windows\system32\DRIVERS\nvmfdx64.sys
01:02:23.0989 0544        NVENETFD - ok
01:02:24.0191 0544        nvlddmkm        (2e46bf23f5a5dba03689cc9d2acc1dac) C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:02:24.0863 0544        nvlddmkm - ok
01:02:24.0995 0544        nvraid          (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
01:02:25.0010 0544        nvraid - ok
01:02:25.0024 0544        nvstor          (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
01:02:25.0037 0544        nvstor - ok
01:02:25.0081 0544        nvstor64        (d1f5dcf8d5a55c0fbbfb49c0ed1f2f5d) C:\Windows\system32\DRIVERS\nvstor64.sys
01:02:25.0089 0544        nvstor64 - ok
01:02:25.0112 0544        nv_agp          (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
01:02:25.0146 0544        nv_agp - ok
01:02:25.0154 0544        NwlnkFlt - ok
01:02:25.0165 0544        NwlnkFwd - ok
01:02:25.0231 0544        ohci1394        (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
01:02:25.0270 0544        ohci1394 - ok
01:02:25.0306 0544        Parport        (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
01:02:25.0367 0544        Parport - ok
01:02:25.0405 0544        partmgr        (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
01:02:25.0420 0544        partmgr - ok
01:02:25.0464 0544        pci            (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
01:02:25.0481 0544        pci - ok
01:02:25.0497 0544        pciide          (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
01:02:25.0511 0544        pciide - ok
01:02:25.0536 0544        pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
01:02:25.0553 0544        pcmcia - ok
01:02:25.0582 0544        PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
01:02:25.0702 0544        PEAUTH - ok
01:02:25.0794 0544        PptpMiniport    (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
01:02:25.0831 0544        PptpMiniport - ok
01:02:25.0863 0544        Processor      (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
01:02:25.0911 0544        Processor - ok
01:02:25.0959 0544        PSched          (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
01:02:25.0986 0544        PSched - ok
01:02:25.0993 0544        PVUSB - ok
01:02:26.0014 0544        PxHelp20 - ok
01:02:26.0045 0544        PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
01:02:26.0057 0544        PxHlpa64 - ok
01:02:26.0102 0544        ql2300          (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
01:02:26.0207 0544        ql2300 - ok
01:02:26.0233 0544        ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
01:02:26.0248 0544        ql40xx - ok
01:02:26.0278 0544        QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
01:02:26.0331 0544        QWAVEdrv - ok
01:02:26.0351 0544        RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
01:02:26.0395 0544        RasAcd - ok
01:02:26.0441 0544        Rasl2tp        (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:02:26.0481 0544        Rasl2tp - ok
01:02:26.0519 0544        RasPppoe        (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
01:02:26.0555 0544        RasPppoe - ok
01:02:26.0590 0544        RasSstp        (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
01:02:26.0609 0544        RasSstp - ok
01:02:26.0652 0544        rdbss          (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
01:02:26.0690 0544        rdbss - ok
01:02:26.0734 0544        RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:02:26.0765 0544        RDPCDD - ok
01:02:26.0797 0544        rdpdr          (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
01:02:26.0847 0544        rdpdr - ok
01:02:26.0855 0544        RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
01:02:26.0891 0544        RDPENCDD - ok
01:02:26.0935 0544        RDPWD          (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
01:02:26.0976 0544        RDPWD - ok
01:02:27.0032 0544        RimUsb          (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
01:02:27.0071 0544        RimUsb - ok
01:02:27.0109 0544        rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
01:02:27.0157 0544        rspndr - ok
01:02:27.0186 0544        SASDIFSV        (3289766038db2cb14d07dc84392138d5) M:\\SASDIFSV64.SYS
01:02:27.0196 0544        SASDIFSV - ok
01:02:27.0210 0544        SASKUTIL        (58a38e75f3316a83c23df6173d41f2b5) M:\\SASKUTIL64.SYS
01:02:27.0219 0544        SASKUTIL - ok
01:02:27.0243 0544        sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
01:02:27.0257 0544        sbp2port - ok
01:02:27.0286 0544        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:02:27.0342 0544        secdrv - ok
01:02:27.0370 0544        Serenum        (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
01:02:27.0435 0544        Serenum - ok
01:02:27.0454 0544        Serial          (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
01:02:27.0515 0544        Serial - ok
01:02:27.0541 0544        sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
01:02:27.0583 0544        sermouse - ok
01:02:27.0647 0544        sfdrv01        (4fcace92bb0345d58bb96adbd69f5237) C:\Windows\system32\drivers\sfdrv01.sys
01:02:27.0659 0544        sfdrv01 - ok
01:02:27.0686 0544        sffdisk        (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
01:02:27.0734 0544        sffdisk - ok
01:02:27.0761 0544        sffp_mmc        (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
01:02:27.0812 0544        sffp_mmc - ok
01:02:27.0833 0544        sffp_sd        (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
01:02:27.0881 0544        sffp_sd - ok
01:02:27.0915 0544        sfhlp02        (17f6bd95bf04b924f4c05ce78bef8ae6) C:\Windows\system32\drivers\sfhlp02.sys
01:02:27.0926 0544        sfhlp02 - ok
01:02:27.0950 0544        sfloppy        (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
01:02:28.0012 0544        sfloppy - ok
01:02:28.0052 0544        sfvfs02        (f3b72568a6fa36e5d63d30b8186d1c48) C:\Windows\system32\drivers\sfvfs02.sys
01:02:28.0067 0544        sfvfs02 - ok
01:02:28.0091 0544        SiSRaid2        (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
01:02:28.0104 0544        SiSRaid2 - ok
01:02:28.0127 0544        SiSRaid4        (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
01:02:28.0140 0544        SiSRaid4 - ok
01:02:28.0186 0544        Smb            (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
01:02:28.0212 0544        Smb - ok
01:02:28.0249 0544        spldr          (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
01:02:28.0263 0544        spldr - ok
01:02:28.0318 0544        srv            (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
01:02:28.0396 0544        srv - ok
01:02:28.0454 0544        srv2            (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
01:02:28.0503 0544        srv2 - ok
01:02:28.0556 0544        srvnet          (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
01:02:28.0583 0544        srvnet - ok
01:02:28.0647 0544        swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
01:02:28.0658 0544        swenum - ok
01:02:28.0686 0544        Symc8xx        (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
01:02:28.0699 0544        Symc8xx - ok
01:02:28.0723 0544        Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
01:02:28.0736 0544        Sym_hi - ok
01:02:28.0751 0544        Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
01:02:28.0764 0544        Sym_u3 - ok
01:02:28.0841 0544        Tcpip          (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
01:02:28.0948 0544        Tcpip - ok
01:02:29.0000 0544        Tcpip6          (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
01:02:29.0061 0544        Tcpip6 - ok
01:02:29.0092 0544        tcpipreg        (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
01:02:29.0167 0544        tcpipreg - ok
01:02:29.0207 0544        TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
01:02:29.0251 0544        TDPIPE - ok
01:02:29.0279 0544        TDTCP          (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
01:02:29.0331 0544        TDTCP - ok
01:02:29.0370 0544        tdx            (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
01:02:29.0404 0544        tdx - ok
01:02:29.0442 0544        TermDD          (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
01:02:29.0457 0544        TermDD - ok
01:02:29.0503 0544        tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:02:29.0550 0544        tssecsrv - ok
01:02:29.0568 0544        tunmp          (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
01:02:29.0612 0544        tunmp - ok
01:02:29.0656 0544        tunnel          (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
01:02:29.0676 0544        tunnel - ok
01:02:29.0700 0544        uagp35          (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
01:02:29.0714 0544        uagp35 - ok
01:02:29.0758 0544        udfs            (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
01:02:29.0801 0544        udfs - ok
01:02:29.0830 0544        uliagpkx        (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
01:02:29.0844 0544        uliagpkx - ok
01:02:29.0874 0544        uliahci        (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
01:02:29.0892 0544        uliahci - ok
01:02:29.0915 0544        UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
01:02:29.0931 0544        UlSata - ok
01:02:29.0948 0544        ulsata2        (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
01:02:29.0964 0544        ulsata2 - ok
01:02:29.0988 0544        umbus          (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
01:02:30.0020 0544        umbus - ok
01:02:30.0065 0544        USBAAPL64      (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
01:02:30.0113 0544        USBAAPL64 - ok
01:02:30.0158 0544        usbaudio        (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
01:02:30.0195 0544        usbaudio - ok
01:02:30.0239 0544        usbccgp        (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
01:02:30.0280 0544        usbccgp - ok
01:02:30.0306 0544        usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
01:02:30.0370 0544        usbcir - ok
01:02:30.0417 0544        usbehci        (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
01:02:30.0450 0544        usbehci - ok
01:02:30.0473 0544        usbhub          (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
01:02:30.0515 0544        usbhub - ok
01:02:30.0554 0544        usbohci        (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
01:02:30.0584 0544        usbohci - ok
01:02:30.0607 0544        usbprint        (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
01:02:30.0672 0544        usbprint - ok
01:02:30.0716 0544        USBSTOR        (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:02:30.0752 0544        USBSTOR - ok
01:02:30.0795 0544        usbuhci        (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
01:02:30.0834 0544        usbuhci - ok
01:02:30.0903 0544        usbvideo        (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
01:02:30.0938 0544        usbvideo - ok
01:02:30.0973 0544        vga            (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
01:02:31.0017 0544        vga - ok
01:02:31.0037 0544        VgaSave        (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
01:02:31.0074 0544        VgaSave - ok
01:02:31.0100 0544        viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
01:02:31.0112 0544        viaide - ok
01:02:31.0155 0544        volmgr          (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
01:02:31.0169 0544        volmgr - ok
01:02:31.0215 0544        volmgrx        (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
01:02:31.0250 0544        volmgrx - ok
01:02:31.0311 0544        volsnap        (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
01:02:31.0344 0544        volsnap - ok
01:02:31.0363 0544        vsmraid        (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
01:02:31.0379 0544        vsmraid - ok
01:02:31.0415 0544        WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
01:02:31.0462 0544        WacomPen - ok
01:02:31.0478 0544        Wanarp          (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
01:02:31.0523 0544        Wanarp - ok
01:02:31.0528 0544        Wanarpv6        (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
01:02:31.0550 0544        Wanarpv6 - ok
01:02:31.0575 0544        Wd              (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
01:02:31.0588 0544        Wd - ok
01:02:31.0628 0544        Wdf01000        (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
01:02:31.0698 0544        Wdf01000 - ok
01:02:31.0779 0544        WmiAcpi        (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
01:02:31.0813 0544        WmiAcpi - ok
01:02:31.0875 0544        WpdUsb          (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
01:02:31.0937 0544        WpdUsb - ok
01:02:31.0956 0544        ws2ifsl        (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
01:02:32.0007 0544        ws2ifsl - ok
01:02:32.0054 0544        WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:02:32.0093 0544        WUDFRd - ok
01:02:32.0117 0544        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
01:02:32.0370 0544        \Device\Harddisk0\DR0 - ok
01:02:32.0375 0544        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5
01:02:32.0562 0544        \Device\Harddisk5\DR5 - ok
01:02:32.0584 0544        Boot (0x1200)  (1dce710d85b93491cb351af27bd1c7cb) \Device\Harddisk0\DR0\Partition0
01:02:32.0585 0544        \Device\Harddisk0\DR0\Partition0 - ok
01:02:32.0607 0544        Boot (0x1200)  (df0dd3adad8082dba35e6a2694db2ceb) \Device\Harddisk0\DR0\Partition1
01:02:32.0607 0544        \Device\Harddisk0\DR0\Partition1 - ok
01:02:32.0627 0544        Boot (0x1200)  (ece99e35eba80aa353776c30378909c0) \Device\Harddisk0\DR0\Partition2
01:02:32.0627 0544        \Device\Harddisk0\DR0\Partition2 - ok
01:02:32.0631 0544        Boot (0x1200)  (eeb52f447b4c232c8ff94d5181ad6c8a) \Device\Harddisk5\DR5\Partition0
01:02:32.0633 0544        \Device\Harddisk5\DR5\Partition0 - ok
01:02:32.0634 0544        ============================================================
01:02:32.0634 0544        Scan finished
01:02:32.0634 0544        ============================================================
01:02:32.0646 0596        Detected object count: 0
01:02:32.0646 0596        Actual detected object count: 0

cosinus 20.01.2012 10:58
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

leojadroe 20.01.2012 20:33
hey, hier der combofix log


Code:
ComboFix 12-01-19.02 - leon 20.01.2012  20:07:42.1.4 - x64
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.4093.2496 [GMT 1:00]
ausgeführt von:: c:\users\leon\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\acer\Preload\Autorun\DRV\Pro-Nets Modem HPI56M3\_desktop.ini
c:\acer\Preload\Autorun\DRV\Pro-Nets Modem HPI56M3\98\_desktop.ini
c:\acer\Preload\Autorun\DRV\Pro-Nets Modem HPI56M3\ME\_desktop.ini
c:\acer\Preload\Autorun\DRV\Pro-Nets Modem HPI56M3\VISTAXP2K\_desktop.ini
c:\acer\Preload\Autorun\DRV\Pro-Nets Modem HPI56M3\VISTAXP2K\amd64\_desktop.ini
c:\acer\Preload\Autorun\DRV\Pro-Nets Modem HPI56M3\VISTAXP2K\x86\_desktop.ini
C:\serverg.Bin
c:\users\leon\ia_remove.sh5329.tmp
c:\windows\security\Database\tmp.edb
c:\windows\system32\Install.cmd
D:\Autorun.inf
M:\Uninstall.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-20 bis 2012-01-20  ))))))))))))))))))))))))))))))
.
.
2012-01-20 19:18 . 2012-01-20 19:18        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-01-19 20:33 . 2012-01-19 20:33        --------        d-----w-        C:\_OTL
2012-01-18 22:10 . 2011-11-21 11:40        8822856        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{70A205C7-BD20-440A-B7E3-67CDB111D26B}\mpengine.dll
2012-01-17 14:41 . 2012-01-17 14:41        --------        d-----w-        c:\program files (x86)\ESET
2012-01-17 14:33 . 2012-01-17 14:33        --------        d-----w-        c:\users\leon\AppData\Roaming\SUPERAntiSpyware.com
2012-01-17 14:26 . 2012-01-17 14:26        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2012-01-17 12:55 . 2012-01-17 12:55        --------        d-----w-        c:\users\leon\AppData\Roaming\Malwarebytes
2012-01-17 12:55 . 2012-01-17 12:55        --------        d-----w-        c:\programdata\Malwarebytes
2012-01-17 12:55 . 2012-01-17 12:55        --------        d-----w-        C:\Malwarebytes' Anti-Malware
2012-01-17 12:55 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-01-11 20:45 . 2011-12-01 15:29        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 20:45 . 2011-12-01 15:21        2409784        ----a-w-        c:\program files (x86)\Windows Mail\OESpamFilter.dat
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:57 . 2011-12-15 16:10        2764800        ----a-w-        c:\windows\system32\win32k.sys
2011-11-15 13:29 . 2009-10-03 09:53        270720        ------w-        c:\windows\system32\MpSigStub.exe
2011-11-08 14:58 . 2011-12-15 16:11        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-11-08 14:42 . 2011-12-15 16:11        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2011-11-03 06:55 . 2011-12-15 16:11        1147392        ----a-w-        c:\windows\system32\wininet.dll
2011-11-03 06:50 . 2011-12-15 16:11        56832        ----a-w-        c:\windows\system32\licmgr10.dll
2011-11-03 06:49 . 2011-12-15 16:11        1538560        ----a-w-        c:\windows\system32\inetcpl.cpl
2011-11-03 06:49 . 2011-12-15 16:11        77312        ----a-w-        c:\windows\system32\iesetup.dll
2011-11-03 06:49 . 2011-12-15 16:11        132096        ----a-w-        c:\windows\system32\iesysprep.dll
2011-11-03 06:22 . 2011-12-15 16:11        916992        ----a-w-        c:\windows\SysWow64\wininet.dll
2011-11-03 06:17 . 2011-12-15 16:11        43520        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2011-11-03 06:17 . 2011-12-15 16:11        1469440        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2011-11-03 06:17 . 2011-12-15 16:11        71680        ----a-w-        c:\windows\SysWow64\iesetup.dll
2011-11-03 06:17 . 2011-12-15 16:11        109056        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2011-11-03 05:54 . 2011-12-15 16:11        479232        ----a-w-        c:\windows\system32\html.iec
2011-11-03 05:22 . 2011-12-15 16:11        385024        ----a-w-        c:\windows\SysWow64\html.iec
2011-11-03 05:11 . 2011-12-15 16:11        162816        ----a-w-        c:\windows\system32\ieUnatt.exe
2011-11-03 05:10 . 2011-12-15 16:11        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2011-11-03 04:45 . 2011-12-15 16:11        133632        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2011-11-03 04:43 . 2011-12-15 16:11        1638912        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2011-10-25 16:09 . 2011-12-15 16:11        85504        ----a-w-        c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\leon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\leon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\leon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\leon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"SUPERAntiSpyware"="M:\SUPERAntiSpyware.exe" [2011-12-09 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-03 281768]
"SunJavaUpdateSched"="m:\java\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\leon\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24183152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Smart security registration status.lnk - c:\program files\Charismathics\Smart security interface 4.8\CSPregtool64.exe [2009-7-24 8067584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
S2 !SASCORE;SAS Core Service;M:\SASCORE64.EXE [2011-08-11 140672]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-03 18:48]
.
2012-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-03 18:48]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\leon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\leon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\leon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\leon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-04-24 6242816]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 15934496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0109&m=imedia_x5500_ge
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0109&m=imedia_x5500_ge
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to MP3 Converter - c:\users\leon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\leon\AppData\Roaming\Mozilla\Firefox\Profiles\vyggxc4n.default\
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-eRecoveryService - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Audio Recorder for FREE_is1 - d:\nanno\audio_recorder\Audio Recorder for FREE\unins000.exe
AddRemove-AutocompletePro3_is1 - c:\program files (x86)\AutocompletePro\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-20  20:30:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-20 19:30
.
Vor Suchlauf: 11 Verzeichnis(se), 378.084.933.632 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 377.880.285.184 Bytes frei
.
- - End Of File - - 14CD8C539B5DC1DFA99935494BEA34BC


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:27 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129