Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Broken.OpenCommand Virus (https://www.trojaner-board.de/110977-broken-opencommand-virus.html)

medico 05.03.2012 22:36

Broken.OpenCommand Virus
 
Guten Tag,
Leider habe ich auf meinen PC auch ein Virus bekommen, endeckt durch Malwarebytes. Name wie im Titel "Broken.OpenCommand" ist in der Registry drin und merhmalige versuchen auch mit Ordner löschen haben nicht geholfen, erstellt sich danach wieder.

Mein Virusprogramm Avast gibt keine Meldung, Spybot ebenso nicht, Ad-Aware zeigt nur Cookies an und Secure Banking gibt auch keine Rückmeldung.

Das Programm "Gmer" hat viren erkannt, einige davon sind allerdings das Programm selber oder Secure Banking, können also ignoriert werden.
Hab danach alle Programme ausgeschaltet.

Logfiles befinden sich im Anhang.

Vielen dank schonmal im Vorraus!

Grüße

Medico

cosinus 06.03.2012 14:41

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

medico 07.03.2012 01:06

Wie es aussieht bin ich sehr beliebt bei Virenentwickler.


Malwarebytes
Code:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.29.04

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Gast :: MEDICO-PC [limitiert]

06.03.2012 22:41:49
mbam-log-2012-03-06 (22-41-49).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 188124
Laufzeit: 13 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 2
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: () Gut: ("%1" /S) -> Löschen bei Neustart.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: () Gut: (regedit.exe "%1") -> Löschen bei Neustart.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Eset
Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=45344496915d7a45b7caec32b14db4b7
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-06 11:53:05
# local_time=2012-03-07 12:53:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=768 16777215 100 0 57743389 57743389 0 0
# compatibility_mode=5893 16776573 100 94 5967 82701321 0 0
# compatibility_mode=8192 67108863 100 0 1081 1081 0 0
# scanned=76705
# found=12
# cleaned=0
# scan_time=6515
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe        probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudAVSJhorwPa2.zip        Win32/Bagle.gen.zip worm (unable to clean)        00000000000000000000000000000000        I
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudAVSJhorwPa3.zip        Win32/Bagle.gen.zip worm (unable to clean)        00000000000000000000000000000000        I
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudAVSJhorwPa6.zip        Win32/Bagle.gen.zip worm (unable to clean)        00000000000000000000000000000000        I
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudAVSJhorwPa7.zip        Win32/Bagle.gen.zip worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\All Users\Spybot - Search & Destroy\Recovery\FraudAVSJhorwPa2.zip        Win32/Bagle.gen.zip worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\All Users\Spybot - Search & Destroy\Recovery\FraudAVSJhorwPa3.zip        Win32/Bagle.gen.zip worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\All Users\Spybot - Search & Destroy\Recovery\FraudAVSJhorwPa6.zip        Win32/Bagle.gen.zip worm (unable to clean)        00000000000000000000000000000000        I
C:\Users\All Users\Spybot - Search & Destroy\Recovery\FraudAVSJhorwPa7.zip        Win32/Bagle.gen.zip worm (unable to clean)        00000000000000000000000000000000        I

Habe bei 94 Prozent gestoppt mach morgen nochmal ein Scan, hatte nicht mehr die zeit.

Habe außerdem eine Toolbar namens Conduit auf den IE, wo sofort auch eine Meldung kommt, das dieses ein Link aufrufen möchte.

Vielen Dank nochmal!


Medico

cosinus 07.03.2012 09:22

Da liegt ja auch einiges in der Q von Spybot. Hast du die Logs davon noch?

medico 07.03.2012 13:00

Bestimmt, muss ich nach der Arbeit mal nachsehen

medico 07.03.2012 21:16

Wo sind die Logs? Habe mal nachgesehen. Google sagt die wären unter AppData aber ich finde den Spybot ordner nicht?

Gruß

Medico

cosinus 07.03.2012 23:28

Zitat:

Art des Suchlaufs: Quick-Scan
Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!

medico 08.03.2012 19:42

Code:

Gast :: MEDICO-PC [limitiert]

08.03.2012 17:03:07
mbam-log-2012-03-08 (19-39-05).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 410567
Laufzeit: 2 Stunde(n), 26 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 2
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: () Gut: ("%1" /S) -> Keine Aktion durchgeführt.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: () Gut: (regedit.exe "%1") -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Hab ich gemacht, kam gleiches Ergebnis raus.

cosinus 08.03.2012 20:25

Zitat:

Gast :: MEDICO-PC [limitiert]
Ohne Adminrechte! Sinnfreier gehts nicht!
Mach JEDEN Scan mit Adminrechten!

medico 08.03.2012 23:06

Sorry, wusste ich nicht, hier nochmal:

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.08.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Medico :: MEDICO-PC [Administrator]

Schutz: Aktiviert

08.03.2012 20:43:49
mbam-log-2012-03-08 (20-43-49).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 462288
Laufzeit: 2 Stunde(n), 13 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 2
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: () Gut: ("%1" /S) -> Löschen bei Neustart.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: () Gut: (regedit.exe "%1") -> Löschen bei Neustart.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


cosinus 08.03.2012 23:16

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT


medico 10.03.2012 12:59

Kann den Bericht nur als Anhang verschicken und den auch nur als Teil.

Der Rest vom Anhang ist hier:

Code:

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (InnoGames Toolbar) - {c7478d43-2bd5-4844-98b8-c2a6aa9ed677} - C:\Program Files (x86)\InnoGames\prxtbInn0.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (InnoGames Toolbar) - {c7478d43-2bd5-4844-98b8-c2a6aa9ed677} - C:\Program Files (x86)\InnoGames\prxtbInn0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-775227719-1777431515-2653404987-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-775227719-1777431515-2653404987-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-775227719-1777431515-2653404987-1001\..\Toolbar\WebBrowser: (InnoGames Toolbar) - {C7478D43-2BD5-4844-98B8-C2A6AA9ED677} - C:\Program Files (x86)\InnoGames\prxtbInn0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-775227719-1777431515-2653404987-501\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-775227719-1777431515-2653404987-501\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-775227719-1777431515-2653404987-501\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-775227719-1777431515-2653404987-501\..\Toolbar\WebBrowser: (InnoGames Toolbar) - {C7478D43-2BD5-4844-98B8-C2A6AA9ED677} - C:\Program Files (x86)\InnoGames\prxtbInn0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-775227719-1777431515-2653404987-1001..\Run: [AutoStart-Manager 2006] C:\Program Files (x86)\Tools&More\Autostart-Manager\AutoStart-Manager.exe (Wirth New Media Sarl )
O4 - HKU\S-1-5-21-775227719-1777431515-2653404987-1001..\Run: [SecureBanking] C:\Program Files (x86)\Secure Banking\v1.3\SecureBanking.exe (Secure Banking)
O4 - HKU\S-1-5-21-775227719-1777431515-2653404987-501..\Run: [GameXN] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKU\S-1-5-21-775227719-1777431515-2653404987-501..\Run: [GameXN (news)] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKU\S-1-5-21-775227719-1777431515-2653404987-501..\Run: [GameXN (update)] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKU\S-1-5-21-775227719-1777431515-2653404987-501..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - HKU\S-1-5-21-775227719-1777431515-2653404987-501..\Run: [SecureBanking] C:\Program Files (x86)\Secure Banking\v1.3\SecureBanking.exe (Secure Banking)
O4 - HKU\S-1-5-21-775227719-1777431515-2653404987-501..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-775227719-1777431515-2653404987-501..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start Freenet.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-775227719-1777431515-2653404987-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20F130E6-D7BD-4225-A82C-168B851A9B7B}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0EA15C1-C840-4214-AB96-A1EFDE080614}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4E56C8D-6D85-4C3E-A324-7D00022F8D22}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Air Mouse.lnk - C:\PROGRA~2\AIRMOU~1\AIRMOU~1\AIRMOU~1.EXE - ()
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVer HID Receiver.lnk - C:\PROGRA~2\COMMON~1\AVERME~1\AVERQU~1\AVERHI~1.EXE - ()
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk - C:\PROGRA~2\COMMON~1\AVERME~1\AVERQU~1\AVERQU~1.EXE - (AVerMedia TECHNOLOGIES, Inc.)
MsConfig:64bit - StartUpFolder: C:^Users^Medico^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^setup_9.0.0.722_14.04.2011_20-50.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Medico^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Wipe tray agent 2011.lnk -  - File not found
MsConfig:64bit - StartUpReg: Aim - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ArcadeDeluxeAgent - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: BackupManagerTray - hkey= - key= - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
MsConfig:64bit - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig:64bit - StartUpReg: Comrade.exe - hkey= - key= - C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.)
MsConfig:64bit - StartUpReg: DivX Download Manager - hkey= - key= - C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: Duden Korrektor SysTray - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: EA Core - hkey= - key= - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
MsConfig:64bit - StartUpReg: EgisTecLiveUpdate - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: iolo Startup - hkey= - key= - C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe ()
MsConfig:64bit - StartUpReg: LManager - hkey= - key= - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: NortonOnlineBackupReminder - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
MsConfig:64bit - StartUpReg: PlayMovie - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RGSC - hkey= - key= - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.


========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - Service
SafeBootMin:64bit: MCODS - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: ioloSystemService - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: mcmscsvc - Service
SafeBootNet:64bit: MCODS - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: ioloSystemService - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.07 23:13:05 | 000,000,000 | ---D | C] -- C:\Users\Medico\AppData\Roaming\gnupg
[2012.03.06 22:46:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.03.05 20:09:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012.03.05 18:07:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Banking
[2012.02.26 20:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2012.02.26 20:20:33 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2012.02.26 20:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2012.02.26 16:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tools&More
[2012.02.26 16:40:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tools&More
[2012.02.26 10:39:54 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.02.24 23:53:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.02.24 23:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.02.24 22:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.02.21 12:31:48 | 002,135,552 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysNative\Incinerator64.dll
[2012.02.21 12:31:45 | 002,077,184 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysWow64\Incinerator32.dll
[2012.02.21 01:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.02.19 17:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2012.02.19 17:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012.02.19 16:03:28 | 000,023,464 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\drivers\ElRawDsk.sys
[2012.02.19 16:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
[2012.02.19 16:02:40 | 000,091,136 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysNative\IncContxMenu.dll
[2012.02.19 16:02:25 | 000,015,360 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysNative\smrgdf.exe
[2012.02.19 16:02:24 | 000,046,080 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysNative\iolobtdfg.exe
[2012.02.19 16:01:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iolo
[2012.02.19 15:55:38 | 000,000,000 | ---D | C] -- C:\Users\Medico\AppData\Roaming\iolo
[2012.02.19 15:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2012.02.16 00:37:19 | 000,000,000 | ---D | C] -- C:\Users\Medico\AppData\Roaming\Malwarebytes
[2012.02.16 00:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.16 00:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.16 00:36:54 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.16 00:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.05.02 23:06:17 | 017,143,210 | ---- | C] (JonDos GmbH) -- C:\ProgramData\JonDoFox.paf.exe
[100 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.10 12:11:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.10 11:58:47 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.10 11:04:46 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.10 11:04:46 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.10 10:55:34 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr
[2012.03.10 10:54:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.10 10:53:32 | 3219,935,232 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.08 23:14:15 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.03.08 23:14:14 | 002,308,096 | ---- | M] () -- C:\Windows\SysNative\jscript9.dll
[2012.03.08 23:14:14 | 000,267,776 | ---- | M] () -- C:\Windows\SysNative\ieaksie.dll
[2012.03.08 23:14:14 | 000,163,840 | ---- | M] () -- C:\Windows\SysNative\ieakui.dll
[2012.03.08 23:14:14 | 000,114,176 | ---- | M] () -- C:\Windows\SysNative\admparse.dll
[2012.03.08 23:14:14 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.03.08 23:14:14 | 000,012,288 | ---- | M] () -- C:\Windows\SysNative\mshta.exe
[2012.03.08 22:13:58 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.03.08 19:36:19 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.03.08 19:36:19 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.03.05 20:42:55 | 000,000,000 | ---- | M] () -- C:\Users\Medico\defogger_reenable
[2012.02.26 20:20:50 | 000,000,879 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2012.02.26 20:20:34 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2012.02.26 17:03:43 | 553,785,881 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.02.26 16:40:30 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Autostart-Manager 2006.lnk
[2012.02.26 10:39:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.02.23 17:49:07 | 000,001,262 | ---- | M] () -- C:\Users\Medico\Desktop\Spybot - Search & Destroy.lnk
[2012.02.23 17:23:26 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.02.23 17:23:21 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.02.23 17:23:10 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.02.23 17:12:43 | 000,817,496 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.02.23 17:12:42 | 000,335,704 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.02.23 17:11:04 | 000,053,080 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.02.23 17:10:43 | 000,059,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.02.23 17:10:38 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.02.23 17:10:19 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.02.22 21:46:22 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\yaduktlx.sys
[2012.02.21 12:31:52 | 000,002,223 | ---- | M] () -- C:\Users\Medico\Desktop\System Mechanic.lnk
[2012.02.21 11:15:39 | 000,000,386 | ---- | M] () -- C:\Windows\SysWow64\ioloBootDefrag.cfg
[2012.02.21 01:23:28 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.02.19 17:29:49 | 000,001,662 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012.02.19 15:55:51 | 000,074,703 | ---- | M] () -- C:\Windows\SysWow64\mfc45.dll
[2012.02.16 13:15:47 | 000,455,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.16 01:45:30 | 001,557,816 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.16 01:45:30 | 000,668,250 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.16 01:45:30 | 000,627,786 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.16 01:45:30 | 000,135,886 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.16 01:45:30 | 000,111,364 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.16 00:36:58 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[100 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.10 10:55:34 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr
[2012.03.08 23:14:15 | 017,790,464 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2012.03.08 23:14:15 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.03.08 23:14:14 | 002,308,096 | ---- | C] () -- C:\Windows\SysNative\jscript9.dll
[2012.03.08 23:14:14 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2012.03.08 23:14:14 | 000,163,840 | ---- | C] () -- C:\Windows\SysNative\ieakui.dll
[2012.03.08 23:14:14 | 000,114,176 | ---- | C] () -- C:\Windows\SysNative\admparse.dll
[2012.03.08 23:14:14 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.03.08 23:14:14 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\mshta.exe
[2012.03.05 20:40:40 | 000,000,000 | ---- | C] () -- C:\Users\Medico\defogger_reenable
[2012.02.26 20:20:50 | 000,000,879 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2012.02.26 16:40:30 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Autostart-Manager 2006.lnk
[2012.02.24 22:11:21 | 553,785,881 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.02.23 20:00:21 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2012.02.22 21:46:21 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\yaduktlx.sys
[2012.02.21 01:23:28 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.02.19 17:29:49 | 000,001,662 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012.02.19 16:04:33 | 000,000,386 | ---- | C] () -- C:\Windows\SysWow64\ioloBootDefrag.cfg
[2012.02.19 16:02:51 | 000,002,223 | ---- | C] () -- C:\Users\Medico\Desktop\System Mechanic.lnk
[2012.02.19 15:55:51 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012.02.16 00:36:58 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011.06.10 23:38:31 | 000,000,000 | ---- | C] () -- C:\Users\Medico\AppData\Local\{3166108E-828C-47C6-AB03-041022BA93FB}
[2011.06.03 15:33:43 | 000,000,000 | ---- | C] () -- C:\Users\Medico\AppData\Local\{1218B187-6CFC-4BFD-AC41-6A84FA68BD90}
[2011.06.03 10:46:20 | 000,000,000 | ---- | C] () -- C:\Users\Medico\AppData\Local\{07DBA7D4-7535-4FCE-9946-9B7CE3C54D5D}
[2011.06.02 23:27:30 | 000,000,000 | ---- | C] () -- C:\Users\Medico\AppData\Local\{90C8A9EE-7C11-4FD8-B742-B2DA53431435}
[2011.05.18 22:15:09 | 000,143,360 | R--- | C] () -- C:\Windows\Vmix108.dll
[2011.05.18 22:15:00 | 000,000,410 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2011.05.18 22:14:10 | 000,002,029 | R--- | C] () -- C:\Windows\Cm108.ini.cfg
[2011.05.18 22:14:10 | 000,000,740 | ---- | C] () -- C:\Windows\Cm108.ini.imi
[2011.04.25 22:51:41 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.04.25 22:51:41 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.04.14 19:06:49 | 000,000,137 | ---- | C] () -- C:\ProgramData\avalon2.2.ini
[2011.04.14 19:06:36 | 000,219,136 | ---- | C] () -- C:\Windows\sqlite3_engine.dll
[2011.04.14 19:06:33 | 000,340,992 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.12.31 15:26:13 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.08.03 17:06:03 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.08.03 17:06:02 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.05.07 06:54:16 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2010.05.07 06:54:16 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2010.05.07 06:54:16 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2010.05.07 06:54:16 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010.04.24 00:35:08 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.04.24 00:35:08 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.03.13 21:57:46 | 000,000,064 | ---- | C] () -- C:\Windows\AVerText.ini
[2010.03.13 21:43:30 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\AVerIO.dll
[2010.03.13 21:43:30 | 000,003,456 | R--- | C] () -- C:\Windows\SysWow64\AVerIO.sys
[2010.03.13 21:43:02 | 000,598,016 | R--- | C] () -- C:\Windows\SysWow64\sptlib21.dll
[2010.03.13 21:43:02 | 000,294,912 | R--- | C] () -- C:\Windows\SysWow64\sptlib11.dll
[2010.03.13 21:43:02 | 000,290,816 | R--- | C] () -- C:\Windows\SysWow64\sptlib22.dll
[2010.03.13 21:43:02 | 000,249,856 | R--- | C] () -- C:\Windows\SysWow64\sptlib03.dll
[2010.03.13 21:43:02 | 000,249,856 | R--- | C] () -- C:\Windows\SysWow64\sptlib01.dll
[2010.03.13 21:43:02 | 000,225,280 | R--- | C] () -- C:\Windows\SysWow64\sptlib02.dll
[2010.03.13 21:43:02 | 000,135,168 | R--- | C] () -- C:\Windows\SysWow64\sptlib12.dll
 
========== LOP Check ==========
 
[2011.03.02 18:28:16 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\26337
[2011.04.11 22:11:18 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Canneverbe Limited
[2011.04.17 17:56:57 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Canon
[2010.07.19 19:40:31 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.10.13 20:06:09 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\FileZilla
[2011.03.06 21:50:13 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\GetRightToGo
[2012.03.10 11:02:53 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\go
[2012.02.19 16:28:23 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\iolo
[2011.12.01 22:36:19 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\JonDo
[2010.05.11 18:40:43 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Notepad++
[2010.09.05 20:03:46 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\OpenOffice.org
[2011.04.26 21:33:42 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Opera
[2010.05.29 00:00:32 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\PC Suite
[2012.02.19 17:33:47 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\PMCallCenter
[2011.07.23 14:37:11 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\PROject MT
[2011.07.23 14:58:13 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\PROMT
[2010.05.29 00:00:39 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Samsung
[2010.11.26 16:10:08 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\TeamViewer
[2010.04.28 20:41:45 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Template
[2011.11.23 23:15:35 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Thunderbird
[2012.02.27 14:12:49 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\TrueCrypt
[2011.07.26 09:35:44 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\WFDS
[2010.08.10 00:05:01 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Wimpomat2
[2012.01.17 00:02:27 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\WIPE
[2009.12.03 22:42:42 | 000,000,000 | -HSD | M] -- C:\Users\Medico\AppData\Roaming\.#
[2010.08.08 19:29:49 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\acccore
[2009.12.28 01:38:56 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\FileZilla
[2009.11.26 14:06:40 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\GameConsole
[2012.03.07 23:13:05 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\gnupg
[2012.02.19 16:18:27 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\iolo
[2011.06.12 21:06:42 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\JonDo
[2011.08.22 16:23:13 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\OpenCandy
[2010.01.15 20:34:45 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\Opera
[2010.06.19 12:47:21 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\PC Suite
[2010.05.28 23:57:02 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\Samsung
[2009.12.01 18:23:18 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\TeamViewer
[2010.01.24 12:33:19 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\Thunderbird
[2009.12.29 01:16:50 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\Trillian
[2011.04.16 11:47:02 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\WFDS
[2011.04.14 19:06:49 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\WIPE
[2010.04.30 19:45:57 | 000,000,000 | ---D | M] -- C:\Users\sdasd\AppData\Roaming\Notepad++
[2010.03.13 13:10:44 | 000,000,000 | ---D | M] -- C:\Users\sdasd\AppData\Roaming\Opera
[2010.05.18 17:10:23 | 000,000,000 | ---D | M] -- C:\Users\sdasd\AppData\Roaming\Template
[2012.03.06 21:13:59 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.12.03 22:42:42 | 000,000,000 | -HSD | M] -- C:\Users\Medico\AppData\Roaming\.#
[2010.08.08 19:29:49 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\acccore
[2010.07.19 19:42:14 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\Adobe
[2009.12.24 16:02:32 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\Ahead
[2011.12.12 21:05:59 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\Apple Computer
[2009.11.26 12:23:16 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\ATI
[2010.08.03 17:03:07 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\DivX
[2009.12.09 20:12:19 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\dvdcss
[2009.12.28 01:38:56 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\FileZilla
[2009.11.26 14:06:40 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\GameConsole
[2012.03.07 23:13:05 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\gnupg
[2009.11.26 12:26:26 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\Google
[2009.11.26 12:20:46 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\Identities
[2012.02.19 16:18:27 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\iolo
[2011.06.12 21:06:42 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\JonDo
[2009.11.26 12:22:27 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\Macromedia
[2012.02.16 00:37:19 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\Malwarebytes
[2009.08.22 07:05:58 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\Media Center Programs
[2012.01.29 15:45:16 | 000,000,000 | --SD | M] -- C:\Users\Medico\AppData\Roaming\Microsoft
[2009.11.26 12:36:00 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\Mozilla
[2011.08.22 16:23:13 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\OpenCandy
[2010.01.15 20:34:45 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\Opera
[2010.06.19 12:47:21 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\PC Suite
[2010.05.28 23:57:02 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\Samsung
[2009.11.26 14:32:19 | 000,000,000 | RH-D | M] -- C:\Users\Medico\AppData\Roaming\SecuROM
[2012.02.23 22:56:38 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\Skype
[2011.01.07 18:06:08 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\skypePM
[2009.12.01 18:23:18 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\TeamViewer
[2010.01.24 12:33:19 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\Thunderbird
[2009.12.29 01:16:50 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\Trillian
[2011.06.12 21:13:15 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\vlc
[2011.04.16 11:47:02 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\WFDS
[2009.12.03 17:57:13 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\WinRAR
[2011.04.14 19:06:49 | 000,000,000 | ---D | M] -- C:\Users\Medico\AppData\Roaming\WIPE
 
< %APPDATA%\*.exe /s >
[2009.12.27 19:35:11 | 000,010,134 | R--- | M] () -- C:\Users\Medico\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\Foren.exe
[2009.12.27 19:35:11 | 000,000,766 | R--- | M] () -- C:\Users\Medico\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\htmledit.exe
[2010.07.23 11:19:56 | 000,010,134 | R--- | M] () -- C:\Users\Medico\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011.08.22 16:23:14 | 000,416,160 | ---- | M] () -- C:\Users\Medico\AppData\Roaming\OpenCandy\OpenCandy_82A335B3E98045678A61589244799DC2\LatestDLMgr.exe
[2011.08.01 23:38:30 | 001,872,896 | ---- | M] (Speedchecker Limited                                        ) -- C:\Users\Medico\AppData\Roaming\OpenCandy\OpenCandy_82A335B3E98045678A61589244799DC2\pcspeedup.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1D32EC29

< End of report >


Gruß

Medico

cosinus 10.03.2012 16:35

Das Log zippen und anhängen=> http://www.trojaner-board.de/69886-a...tml#post566999

medico 10.03.2012 17:28

Bitte sehr.

cosinus 12.03.2012 12:52

Zitat:

O2 - BHO: (DivX Plus Web Player HTML5 <video>)
Gehörst du auch zur der Fraktion, die sich Serien und Kinofilme über dubiose Portale anschaut?
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten!

medico 12.03.2012 19:22

Quatsch, den DIvx player hab ich nurmal für ein Video runtergeladen.
Dies war aber Legal. Eigendlich kann ich den aber wieder deinstallieren, da ist der VLC player 100 mal besser.

cosinus 12.03.2012 19:54

Das war nur eine Frage ob du den dafür genutzt hast! Wenn ja, lass diese Streamingseiten links liegen, das ist das Haupteinfallstor für solche Windows-Blockierer!

Du hast dein System auch ganz schön mit Toolbars zugemüllt! Deinstallier alle über die Systemsteuerung, mach danach wieder ein neues OTL-Log

medico 16.03.2012 12:18

Hallo, Entschuldigung für die späte Meldung, ging leider nicht früher, hab die Toolbars deinstalliert. Werden im Log zwar angezeigt sind aber weg.

Log hab ich als zip angehängt.

gruß

Medico

cosinus 16.03.2012 17:08

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL
PRC - [2011.11.15 21:12:35 | 000,474,097 | ---- | M] () -- C:\Users\Gast\AppData\Local\Freenet\freenet.exe
MOD - [2012.03.15 16:43:48 | 000,079,234 | ---- | M] () -- C:\Users\Gast\AppData\Local\Temp\jbigi1640407753580134094lib.tmp
MOD - [2012.03.15 16:43:47 | 000,040,960 | ---- | M] () -- C:\Users\Gast\AppData\Local\Temp\jcpuid2190056868816643762lib.tmp
MOD - [2011.11.15 21:12:35 | 000,474,097 | ---- | M] () -- C:\Users\Gast\AppData\Local\Freenet\freenet.exe
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27361109i226l0348z195t4821a072
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27361109i226l0348z195t4821a072
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27361109i226l0348z195t4821a072
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27361109i226l0348z195t4821a072
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No CLSID value found
IE - HKLM\..\URLSearchHook: {c7478d43-2bd5-4844-98b8-c2a6aa9ed677} - SOFTWARE\Classes\CLSID\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351
IE - HKU\S-1-5-21-775227719-1777431515-2653404987-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27361109i226l0348z195t4821a072
IE - HKU\S-1-5-21-775227719-1777431515-2653404987-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1351351
IE - HKU\S-1-5-21-775227719-1777431515-2653404987-1001\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No CLSID value found
IE - HKU\S-1-5-21-775227719-1777431515-2653404987-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-775227719-1777431515-2653404987-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-775227719-1777431515-2653404987-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE355
IE - HKU\S-1-5-21-775227719-1777431515-2653404987-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-775227719-1777431515-2653404987-1001\..\SearchScopes\{88C87D8C-67A9-4708-80F2-DFFB7A4AC6C6}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-775227719-1777431515-2653404987-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351
IE - HKU\S-1-5-21-775227719-1777431515-2653404987-501\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27361109i226l0348z195t4821a072
IE - HKU\S-1-5-21-775227719-1777431515-2653404987-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27361109i226l0348z195t4821a072
IE - HKU\S-1-5-21-775227719-1777431515-2653404987-501\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-775227719-1777431515-2653404987-501\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-775227719-1777431515-2653404987-501\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=http://de.search.yahoo.com/search?ei=UTF-8&fr=ffpro&type=moz35awe&p="
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT1351351&SearchSource=13"
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p="
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
[2010.09.03 17:15:29 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\Medico\AppData\Roaming\mozilla\Firefox\Profiles\pqc8ijdu.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2009.05.19 10:24:54 | 000,000,894 | ---- | M] () -- C:\Users\Medico\AppData\Roaming\Mozilla\Firefox\Profiles\pqc8ijdu.default\searchplugins\conduit.xml
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No CLSID value found.
O2 - BHO: (InnoGames Toolbar) - {c7478d43-2bd5-4844-98b8-c2a6aa9ed677} - C:\Program Files (x86)\InnoGames\prxtbInn0.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No CLSID value found.
O3 - HKLM\..\Toolbar: (InnoGames Toolbar) - {c7478d43-2bd5-4844-98b8-c2a6aa9ed677} - C:\Program Files (x86)\InnoGames\prxtbInn0.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-775227719-1777431515-2653404987-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-775227719-1777431515-2653404987-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-775227719-1777431515-2653404987-1001\..\Toolbar\WebBrowser: (InnoGames Toolbar) - {C7478D43-2BD5-4844-98B8-C2A6AA9ED677} - C:\Program Files (x86)\InnoGames\prxtbInn0.dll File not found
O3 - HKU\S-1-5-21-775227719-1777431515-2653404987-501\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-775227719-1777431515-2653404987-501\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-775227719-1777431515-2653404987-501\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-775227719-1777431515-2653404987-501\..\Toolbar\WebBrowser: (InnoGames Toolbar) - {C7478D43-2BD5-4844-98B8-C2A6AA9ED677} - C:\Program Files (x86)\InnoGames\prxtbInn0.dll File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start Freenet.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O32 - HKLM CDRom: AutoRun - 1
MsConfig:64bit - StartUpReg: DivX Download Manager - hkey= - key= - C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: Duden Korrektor SysTray - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
[2011.05.02 23:06:17 | 017,143,210 | ---- | C] (JonDos GmbH) -- C:\ProgramData\JonDoFox.paf.exe
[2011.06.10 23:38:31 | 000,000,000 | ---- | C] () -- C:\Users\Medico\AppData\Local\{3166108E-828C-47C6-AB03-041022BA93FB}
[2011.06.03 15:33:43 | 000,000,000 | ---- | C] () -- C:\Users\Medico\AppData\Local\{1218B187-6CFC-4BFD-AC41-6A84FA68BD90}
[2011.06.03 10:46:20 | 000,000,000 | ---- | C] () -- C:\Users\Medico\AppData\Local\{07DBA7D4-7535-4FCE-9946-9B7CE3C54D5D}
[2011.06.02 23:27:30 | 000,000,000 | ---- | C] () -- C:\Users\Medico\AppData\Local\{90C8A9EE-7C11-4FD8-B742-B2DA53431435}
[2011.03.02 18:28:16 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\26337
[2009.12.03 22:42:42 | 000,000,000 | -HSD | M] -- C:\Users\Medico\AppData\Roaming\.#
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1D32EC29
:Files
C:\Users\Gast\AppData\Local\Freenet
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

medico 16.03.2012 18:34

Habe ich gemacht:

Code:

All processes killed
========== OTL ==========
No active process named freenet.exe was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677}\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-775227719-1777431515-2653404987-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-775227719-1777431515-2653404987-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-1001\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-1001\Software\Microsoft\Internet Explorer\SearchScopes\{88C87D8C-67A9-4708-80F2-DFFB7A4AC6C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C87D8C-67A9-4708-80F2-DFFB7A4AC6C6}\ not found.
Registry key HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-775227719-1777431515-2653404987-501\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-775227719-1777431515-2653404987-501\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-501\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found.
HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-501\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-501\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Prefs.js: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffpro&type=moz35awe&p=" removed from CommunityToolbar.SearchFromAddressBarSavedUrl
Prefs.js: "Softonic Deutsch Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "chr-greentree_ff&type=827316" removed from browser.search.param.yahoo-fr
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.conduit.com/?ctid=CT1351351&SearchSource=13" removed from browser.startup.homepage
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0\ deleted successfully.
C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0\ deleted successfully.
C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0\ deleted successfully.
C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@fileplanet.com/fpdlm\ deleted successfully.
C:\Program Files (x86)\Download Manager\npfpdlm.dll moved successfully.
C:\Users\Medico\AppData\Roaming\mozilla\Firefox\Profiles\pqc8ijdu.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\searchplugin folder moved successfully.
C:\Users\Medico\AppData\Roaming\mozilla\Firefox\Profiles\pqc8ijdu.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\META-INF folder moved successfully.
C:\Users\Medico\AppData\Roaming\mozilla\Firefox\Profiles\pqc8ijdu.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\lib folder moved successfully.
C:\Users\Medico\AppData\Roaming\mozilla\Firefox\Profiles\pqc8ijdu.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\defaults folder moved successfully.
C:\Users\Medico\AppData\Roaming\mozilla\Firefox\Profiles\pqc8ijdu.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\components folder moved successfully.
C:\Users\Medico\AppData\Roaming\mozilla\Firefox\Profiles\pqc8ijdu.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\chrome folder moved successfully.
C:\Users\Medico\AppData\Roaming\mozilla\Firefox\Profiles\pqc8ijdu.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} folder moved successfully.
C:\Users\Medico\AppData\Roaming\Mozilla\Firefox\Profiles\pqc8ijdu.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
File C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}\ deleted successfully.
File C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ deleted successfully.
File WebPrint EX\ewpexhlp.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ not found.
File WebPrint EX\ewpexhlp.dll not found.
Registry value HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C7478D43-2BD5-4844-98B8-C2A6AA9ED677} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7478D43-2BD5-4844-98B8-C2A6AA9ED677}\ not found.
Registry value HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-501\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-501\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-501\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ not found.
File WebPrint EX\ewpexhlp.dll not found.
Registry value HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-501\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C7478D43-2BD5-4844-98B8-C2A6AA9ED677} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7478D43-2BD5-4844-98B8-C2A6AA9ED677}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start Freenet.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn deleted successfully.
0 moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableUIADesktopToggle deleted successfully.
File 0 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures deleted successfully.
File 0 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername deleted successfully.
File 0 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption deleted successfully.
File 0 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken deleted successfully.
File 0 not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\DivX Download Manager\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\DivXUpdate\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Duden Korrektor SysTray\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SearchSettings\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SpybotSD TeaTimer\ not found.
C:\ProgramData\JonDoFox.paf.exe moved successfully.
C:\Users\Medico\AppData\Local\{3166108E-828C-47C6-AB03-041022BA93FB} moved successfully.
C:\Users\Medico\AppData\Local\{1218B187-6CFC-4BFD-AC41-6A84FA68BD90} moved successfully.
C:\Users\Medico\AppData\Local\{07DBA7D4-7535-4FCE-9946-9B7CE3C54D5D} moved successfully.
C:\Users\Medico\AppData\Local\{90C8A9EE-7C11-4FD8-B742-B2DA53431435} moved successfully.
C:\Users\Gast\AppData\Roaming\26337 folder moved successfully.
C:\Users\Medico\AppData\Roaming\.# folder moved successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
ADS C:\ProgramData\Temp:1D32EC29 deleted successfully.
========== FILES ==========
C:\Users\Gast\AppData\Local\Freenet\wrapper folder moved successfully.
C:\Users\Gast\AppData\Local\Freenet\updater folder moved successfully.
C:\Users\Gast\AppData\Local\Freenet\temp folder moved successfully.
C:\Users\Gast\AppData\Local\Freenet\plugins folder moved successfully.
C:\Users\Gast\AppData\Local\Freenet\persistent-temp-8311 folder moved successfully.
C:\Users\Gast\AppData\Local\Freenet\logs folder moved successfully.
C:\Users\Gast\AppData\Local\Freenet\licenses folder moved successfully.
C:\Users\Gast\AppData\Local\Freenet\extra-peer-data-8311 folder moved successfully.
C:\Users\Gast\AppData\Local\Freenet\downloads folder moved successfully.
C:\Users\Gast\AppData\Local\Freenet\datastore folder moved successfully.
C:\Users\Gast\AppData\Local\Freenet folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 412372846 bytes
->Temporary Internet Files folder emptied: 73516731 bytes
->Java cache emptied: 9915 bytes
->FireFox cache emptied: 76279543 bytes
->Google Chrome cache emptied: 216306131 bytes
->Opera cache emptied: 3791004 bytes
->Flash cache emptied: 16394 bytes
 
User: Medico
->Temp folder emptied: 31823839 bytes
->Temporary Internet Files folder emptied: 15472975 bytes
->Java cache emptied: 488 bytes
->FireFox cache emptied: 11644509 bytes
->Google Chrome cache emptied: 14774873 bytes
->Opera cache emptied: 220566 bytes
->Flash cache emptied: 13558 bytes
 
User: Public
 
User: sdasd
->Temp folder emptied: 145628058 bytes
->Temporary Internet Files folder emptied: 428894913 bytes
->FireFox cache emptied: 79467284 bytes
->Opera cache emptied: 925299 bytes
->Flash cache emptied: 3132 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 173499904 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 245565657 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36045668 bytes
RecycleBin emptied: 11389565 bytes
 
Total Files Cleaned = 1.886,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.36.2 log created on 03162012_181739

Files\Folders moved on Reboot...
File move failed. C:\Users\Gast\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
C:\Windows\temp\dbloomfLeA4c moved successfully.
File\Folder C:\Windows\temp\fb_2308.lck not found!

Registry entries deleted on Reboot...


cosinus 16.03.2012 19:11

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

medico 16.03.2012 20:00

1 Objekt gefunden:

Code:

19:53:44.0037 4140        TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43
19:53:44.0881 4140        ============================================================
19:53:44.0881 4140        Current date / time: 2012/03/16 19:53:44.0881
19:53:44.0881 4140        SystemInfo:
19:53:44.0881 4140       
19:53:44.0882 4140        OS Version: 6.1.7600 ServicePack: 0.0
19:53:44.0882 4140        Product type: Workstation
19:53:44.0882 4140        ComputerName: MEDICO-PC
19:53:44.0882 4140        UserName: Medico
19:53:44.0882 4140        Windows directory: C:\Windows
19:53:44.0882 4140        System windows directory: C:\Windows
19:53:44.0882 4140        Running under WOW64
19:53:44.0882 4140        Processor architecture: Intel x64
19:53:44.0882 4140        Number of processors: 2
19:53:44.0882 4140        Page size: 0x1000
19:53:44.0882 4140        Boot type: Normal boot
19:53:44.0882 4140        ============================================================
19:53:46.0434 4140        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:53:46.0440 4140        \Device\Harddisk0\DR0:
19:53:46.0440 4140        MBR used
19:53:46.0440 4140        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
19:53:46.0440 4140        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x38BE3030
19:53:46.0519 4140        Initialize success
19:53:46.0519 4140        ============================================================
19:54:03.0438 4724        ============================================================
19:54:03.0438 4724        Scan started
19:54:03.0438 4724        Mode: Manual; SigCheck; TDLFS;
19:54:03.0438 4724        ============================================================
19:54:05.0838 4724        1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
19:54:06.0218 4724        1394ohci - ok
19:54:06.0320 4724        94349651        (6c5461eeb3ffa1b1dcf9a07f8c3b3afe) C:\Windows\system32\DRIVERS\94349651.sys
19:54:07.0068 4724        94349651 - ok
19:54:07.0180 4724        94349652        (3ec7dfda521b4fb22ce9f76df15db099) C:\Windows\system32\DRIVERS\94349652.sys
19:54:07.0190 4724        94349652 - ok
19:54:07.0240 4724        ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:54:07.0260 4724        ACPI - ok
19:54:07.0382 4724        AcpiPmi        (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:54:07.0472 4724        AcpiPmi - ok
19:54:07.0602 4724        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:54:07.0632 4724        adp94xx - ok
19:54:07.0754 4724        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:54:07.0784 4724        adpahci - ok
19:54:07.0794 4724        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:54:07.0814 4724        adpu320 - ok
19:54:07.0966 4724        AFD            (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
19:54:08.0086 4724        AFD - ok
19:54:08.0306 4724        AgereSoftModem  (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
19:54:08.0416 4724        AgereSoftModem - ok
19:54:08.0536 4724        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:54:08.0556 4724        agp440 - ok
19:54:08.0566 4724        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:54:08.0591 4724        aliide - ok
19:54:08.0618 4724        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:54:08.0638 4724        amdide - ok
19:54:08.0648 4724        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:54:08.0688 4724        AmdK8 - ok
19:54:08.0828 4724        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:54:08.0868 4724        AmdPPM - ok
19:54:08.0948 4724        amdsata        (12a5062c06e03ff70db47800f91c7a13) C:\Windows\system32\DRIVERS\amdsata.sys
19:54:08.0978 4724        amdsata - ok
19:54:09.0068 4724        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:54:09.0088 4724        amdsbs - ok
19:54:09.0158 4724        amdxata        (8a7f289b45ceacac761e14d5fac59eb9) C:\Windows\system32\DRIVERS\amdxata.sys
19:54:09.0168 4724        amdxata - ok
19:54:09.0258 4724        AppID          (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:54:09.0378 4724        AppID - ok
19:54:09.0508 4724        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:54:09.0528 4724        arc - ok
19:54:09.0538 4724        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:54:09.0558 4724        arcsas - ok
19:54:09.0608 4724        aswFsBlk        (c7c69ed14a7ddecaf58e3dfd1fca6d37) C:\Windows\system32\drivers\aswFsBlk.sys
19:54:09.0620 4724        aswFsBlk - ok
19:54:09.0780 4724        aswMonFlt      (ad5276449159ba8d5206c6094c764249) C:\Windows\system32\drivers\aswMonFlt.sys
19:54:09.0800 4724        aswMonFlt - ok
19:54:09.0950 4724        aswRdr          (1e5ca4c89227df49c5fc779e7848ae8b) C:\Windows\System32\Drivers\aswrdr2.sys
19:54:09.0970 4724        aswRdr - ok
19:54:10.0050 4724        aswSnx          (45ad1ed2a0ccd582e32b10535f5c42e9) C:\Windows\system32\drivers\aswSnx.sys
19:54:10.0090 4724        aswSnx - ok
19:54:10.0282 4724        aswSP          (06fd751c1b15734e57df09614602be66) C:\Windows\system32\drivers\aswSP.sys
19:54:10.0342 4724        aswSP - ok
19:54:10.0472 4724        aswTdi          (bf670f65762ff8da7615d7b80914c0f8) C:\Windows\system32\drivers\aswTdi.sys
19:54:10.0492 4724        aswTdi - ok
19:54:10.0512 4724        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:54:10.0682 4724        AsyncMac - ok
19:54:10.0794 4724        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:54:10.0814 4724        atapi - ok
19:54:10.0936 4724        athr            (5d4529ac4156e16bedb01441ae0cf984) C:\Windows\system32\DRIVERS\athrx.sys
19:54:11.0158 4724        athr - ok
19:54:11.0278 4724        AtiHdmiService  (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
19:54:11.0298 4724        AtiHdmiService - ok
19:54:11.0448 4724        atikmdag        (c5758bf1dfd762a5b17041ff061b7750) C:\Windows\system32\DRIVERS\atikmdag.sys
19:54:11.0722 4724        atikmdag - ok
19:54:11.0834 4724        AtiPcie        (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
19:54:11.0854 4724        AtiPcie - ok
19:54:11.0934 4724        AVerAF15DMBTH64 (31f7096ab90f28b884b24ff1d75175dd) C:\Windows\system32\Drivers\AVerAF15DMBTH64.sys
19:54:12.0014 4724        AVerAF15DMBTH64 - ok
19:54:12.0134 4724        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:54:12.0244 4724        b06bdrv - ok
19:54:12.0366 4724        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:54:12.0426 4724        b57nd60a - ok
19:54:12.0576 4724        BCM43XX        (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
19:54:12.0656 4724        BCM43XX - ok
19:54:12.0778 4724        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:54:12.0848 4724        Beep - ok
19:54:13.0030 4724        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:54:13.0080 4724        blbdrive - ok
19:54:13.0140 4724        BlueletAudio    (44582f5543fd48afbe20e9d9287db0c0) C:\Windows\system32\DRIVERS\blueletaudio.sys
19:54:13.0170 4724        BlueletAudio - ok
19:54:13.0260 4724        BlueletSCOAudio (7e40dfb0cb6dd07eb63cf6f8c67c0962) C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys
19:54:13.0280 4724        BlueletSCOAudio - ok
19:54:13.0320 4724        bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:54:13.0400 4724        bowser - ok
19:54:13.0510 4724        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:54:13.0580 4724        BrFiltLo - ok
19:54:13.0782 4724        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:54:13.0812 4724        BrFiltUp - ok
19:54:13.0832 4724        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:54:13.0902 4724        Brserid - ok
19:54:14.0032 4724        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:54:14.0072 4724        BrSerWdm - ok
19:54:14.0082 4724        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:54:14.0122 4724        BrUsbMdm - ok
19:54:14.0254 4724        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:54:14.0304 4724        BrUsbSer - ok
19:54:14.0354 4724        BT              (0f890e854fcbe98f4574acc6423fccef) C:\Windows\system32\DRIVERS\btnetdrv.sys
19:54:14.0374 4724        BT - ok
19:54:14.0514 4724        Btcsrusb        (e0c1e6b70e0c626b37e643b799e434f3) C:\Windows\system32\Drivers\btcusb.sys
19:54:14.0534 4724        Btcsrusb - ok
19:54:14.0574 4724        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
19:54:14.0644 4724        BthEnum - ok
19:54:14.0766 4724        BTHidEnum      (e49a371185d5e79c103765da93856ee1) C:\Windows\system32\Drivers\vbtenum.sys
19:54:14.0786 4724        BTHidEnum - ok
19:54:14.0826 4724        BTHidMgr        (8fa060b557c7de309d2d5c16c3da2ef6) C:\Windows\system32\Drivers\BTHidMgr.sys
19:54:14.0846 4724        BTHidMgr - ok
19:54:14.0976 4724        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:54:15.0026 4724        BTHMODEM - ok
19:54:15.0096 4724        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
19:54:15.0136 4724        BthPan - ok
19:54:15.0306 4724        BTHPORT        (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
19:54:15.0356 4724        BTHPORT - ok
19:54:15.0526 4724        BTHUSB          (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
19:54:15.0576 4724        BTHUSB - ok
19:54:15.0736 4724        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:54:15.0816 4724        cdfs - ok
19:54:15.0835 4724        cdrom          (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:54:15.0858 4724        cdrom - ok
19:54:15.0868 4724        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:54:15.0888 4724        circlass - ok
19:54:15.0938 4724        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:54:15.0978 4724        CLFS - ok
19:54:16.0110 4724        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:54:16.0160 4724        CmBatt - ok
19:54:16.0200 4724        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:54:16.0210 4724        cmdide - ok
19:54:16.0260 4724        CNG            (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
19:54:16.0300 4724        CNG - ok
19:54:16.0422 4724        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:54:16.0432 4724        Compbatt - ok
19:54:16.0442 4724        CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:54:16.0502 4724        CompositeBus - ok
19:54:16.0512 4724        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:54:16.0532 4724        crcdisk - ok
19:54:16.0604 4724        DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:54:16.0674 4724        DfsC - ok
19:54:16.0796 4724        dgderdrv        (867fa8b9e9e3078f68c4089904bbf4b0) C:\Windows\system32\drivers\dgderdrv.sys
19:54:16.0816 4724        dgderdrv - ok
19:54:16.0866 4724        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:54:16.0946 4724        discache - ok
19:54:17.0028 4724        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:54:17.0048 4724        Disk - ok
19:54:17.0068 4724        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:54:17.0128 4724        drmkaud - ok
19:54:17.0198 4724        DXGKrnl        (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
19:54:17.0238 4724        DXGKrnl - ok
19:54:17.0410 4724        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:54:17.0572 4724        ebdrv - ok
19:54:17.0712 4724        ElRawDisk      (d38a883309e04b9fbffe1aca60ea3bbf) C:\Windows\system32\drivers\ElRawDsk.sys
19:54:17.0732 4724        ElRawDisk - ok
19:54:17.0782 4724        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:54:17.0804 4724        elxstor - ok
19:54:17.0916 4724        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:54:17.0966 4724        ErrDev - ok
19:54:18.0106 4724        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:54:18.0186 4724        exfat - ok
19:54:18.0201 4724        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:54:18.0258 4724        fastfat - ok
19:54:18.0380 4724        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:54:18.0440 4724        fdc - ok
19:54:18.0610 4724        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:54:18.0630 4724        FileInfo - ok
19:54:18.0640 4724        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:54:18.0690 4724        Filetrace - ok
19:54:18.0706 4724        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:54:18.0762 4724        flpydisk - ok
19:54:18.0872 4724        FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:54:18.0892 4724        FltMgr - ok
19:54:18.0912 4724        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:54:18.0936 4724        FsDepends - ok
19:54:18.0944 4724        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:54:18.0954 4724        Fs_Rec - ok
19:54:18.0994 4724        fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:54:19.0014 4724        fvevol - ok
19:54:19.0126 4724        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:54:19.0146 4724        gagp30kx - ok
19:54:19.0196 4724        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:54:19.0206 4724        GEARAspiWDM - ok
19:54:19.0268 4724        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:54:19.0348 4724        hcw85cir - ok
19:54:19.0448 4724        HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
19:54:19.0508 4724        HdAudAddService - ok
19:54:19.0628 4724        HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:54:19.0708 4724        HDAudBus - ok
19:54:19.0828 4724        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:54:19.0868 4724        HidBatt - ok
19:54:20.0008 4724        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:54:20.0078 4724        HidBth - ok
19:54:20.0218 4724        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:54:20.0278 4724        HidIr - ok
19:54:20.0288 4724        HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:54:20.0308 4724        HidUsb - ok
19:54:20.0338 4724        HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:54:20.0356 4724        HpSAMD - ok
19:54:20.0400 4724        HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:54:20.0501 4724        HTTP - ok
19:54:20.0622 4724        hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:54:20.0632 4724        hwpolicy - ok
19:54:20.0642 4724        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:54:20.0672 4724        i8042prt - ok
19:54:20.0724 4724        iaStorV        (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
19:54:20.0744 4724        iaStorV - ok
19:54:20.0986 4724        igfx            (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:54:21.0242 4724        igfx - ok
19:54:21.0352 4724        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:54:21.0372 4724        iirsp - ok
19:54:21.0444 4724        IntcAzAudAddService (9aa6a93852e36fe76c3f7fc2904f3b01) C:\Windows\system32\drivers\RTKVHD64.sys
19:54:21.0494 4724        IntcAzAudAddService - ok
19:54:21.0596 4724        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:54:21.0616 4724        intelide - ok
19:54:21.0626 4724        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:54:21.0676 4724        intelppm - ok
19:54:21.0828 4724        IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:54:21.0868 4724        IpFilterDriver - ok
19:54:21.0890 4724        IPMIDRV        (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:54:21.0930 4724        IPMIDRV - ok
19:54:21.0940 4724        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:54:22.0000 4724        IPNAT - ok
19:54:22.0112 4724        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:54:22.0192 4724        IRENUM - ok
19:54:22.0292 4724        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:54:22.0312 4724        isapnp - ok
19:54:22.0342 4724        iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:54:22.0362 4724        iScsiPrt - ok
19:54:22.0412 4724        k57nd60a        (249ee2d26cb1530f3bede0ac8b9e3099) C:\Windows\system32\DRIVERS\k57nd60a.sys
19:54:22.0442 4724        k57nd60a - ok
19:54:22.0542 4724        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:54:22.0562 4724        kbdclass - ok
19:54:22.0572 4724        kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:54:22.0622 4724        kbdhid - ok
19:54:22.0684 4724        KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
19:54:22.0704 4724        KSecDD - ok
19:54:22.0834 4724        KSecPkg        (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
19:54:22.0854 4724        KSecPkg - ok
19:54:22.0904 4724        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:54:23.0014 4724        ksthunk - ok
19:54:23.0176 4724        L1E            (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
19:54:23.0226 4724        L1E - ok
19:54:23.0368 4724        Lbd            (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
19:54:23.0388 4724        Lbd - ok
19:54:23.0418 4724        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:54:23.0508 4724        lltdio - ok
19:54:23.0650 4724        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:54:23.0670 4724        LSI_FC - ok
19:54:23.0680 4724        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:54:23.0710 4724        LSI_SAS - ok
19:54:23.0810 4724        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:54:23.0830 4724        LSI_SAS2 - ok
19:54:23.0850 4724        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:54:23.0882 4724        LSI_SCSI - ok
19:54:23.0992 4724        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:54:24.0074 4724        luafv - ok
19:54:24.0114 4724        MBAMProtector  (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
19:54:24.0134 4724        MBAMProtector - ok
19:54:24.0274 4724        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:54:24.0284 4724        megasas - ok
19:54:24.0314 4724        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:54:24.0346 4724        MegaSR - ok
19:54:24.0446 4724        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:54:24.0526 4724        Modem - ok
19:54:24.0568 4724        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:54:24.0618 4724        monitor - ok
19:54:24.0730 4724        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:54:24.0750 4724        mouclass - ok
19:54:24.0760 4724        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:54:24.0799 4724        mouhid - ok
19:54:24.0802 4724        mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:54:24.0822 4724        mountmgr - ok
19:54:24.0845 4724        mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:54:24.0874 4724        mpio - ok
19:54:24.0934 4724        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:54:25.0031 4724        mpsdrv - ok
19:54:25.0126 4724        MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:54:25.0176 4724        MRxDAV - ok
19:54:25.0266 4724        mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:54:25.0306 4724        mrxsmb - ok
19:54:25.0416 4724        mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:54:25.0446 4724        mrxsmb10 - ok
19:54:25.0516 4724        mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:54:25.0566 4724        mrxsmb20 - ok
19:54:25.0656 4724        msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
19:54:25.0676 4724        msahci - ok
19:54:25.0726 4724        msdsm          (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:54:25.0746 4724        msdsm - ok
19:54:25.0766 4724        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:54:25.0840 4724        Msfs - ok
19:54:25.0850 4724        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:54:25.0942 4724        mshidkmdf - ok
19:54:26.0020 4724        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:54:26.0040 4724        msisadrv - ok
19:54:26.0092 4724        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:54:26.0185 4724        MSKSSRV - ok
19:54:26.0264 4724        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:54:26.0345 4724        MSPCLOCK - ok
19:54:26.0396 4724        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:54:26.0466 4724        MSPQM - ok
19:54:26.0598 4724        MsRPC          (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:54:26.0628 4724        MsRPC - ok
19:54:26.0738 4724        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:54:26.0748 4724        mssmbios - ok
19:54:26.0758 4724        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:54:26.0838 4724        MSTEE - ok
19:54:26.0875 4724        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:54:26.0920 4724        MTConfig - ok
19:54:27.0060 4724        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:54:27.0080 4724        Mup - ok
19:54:27.0100 4724        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:54:27.0160 4724        NativeWifiP - ok
19:54:27.0300 4724        NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
19:54:27.0330 4724        NDIS - ok
19:54:27.0462 4724        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:54:27.0532 4724        NdisCap - ok
19:54:27.0664 4724        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:54:27.0734 4724        NdisTapi - ok
19:54:27.0836 4724        Ndisuio        (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:54:27.0916 4724        Ndisuio - ok
19:54:28.0048 4724        NdisWan        (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:54:28.0108 4724        NdisWan - ok
19:54:28.0121 4724        NDProxy        (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:54:28.0230 4724        NDProxy - ok
19:54:28.0362 4724        Netaapl        (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
19:54:28.0452 4724        Netaapl - ok
19:54:28.0562 4724        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:54:28.0632 4724        NetBIOS - ok
19:54:28.0764 4724        NetBT          (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:54:28.0834 4724        NetBT - ok
19:54:28.0976 4724        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:54:28.0996 4724        nfrd960 - ok
19:54:29.0026 4724        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:54:29.0096 4724        Npfs - ok
19:54:29.0218 4724        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:54:29.0268 4724        nsiproxy - ok
19:54:29.0350 4724        Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
19:54:29.0430 4724        Ntfs - ok
19:54:29.0552 4724        NTIDrvr        (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
19:54:29.0572 4724        NTIDrvr - ok
19:54:29.0612 4724        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:54:29.0682 4724        Null - ok
19:54:29.0794 4724        nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
19:54:29.0824 4724        nvraid - ok
19:54:29.0884 4724        nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
19:54:29.0904 4724        nvstor - ok
19:54:30.0014 4724        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:54:30.0034 4724        nv_agp - ok
19:54:30.0054 4724        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:54:30.0104 4724        ohci1394 - ok
19:54:30.0154 4724        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:54:30.0184 4724        Parport - ok
19:54:30.0254 4724        partmgr        (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
19:54:30.0274 4724        partmgr - ok
19:54:30.0336 4724        pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
19:54:30.0396 4724        pccsmcfd - ok
19:54:30.0506 4724        pci            (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:54:30.0526 4724        pci - ok
19:54:30.0556 4724        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
19:54:30.0573 4724        pciide - ok
19:54:30.0592 4724        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:54:30.0608 4724        pcmcia - ok
19:54:30.0698 4724        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:54:30.0728 4724        pcw - ok
19:54:30.0758 4724        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:54:30.0850 4724        PEAUTH - ok
19:54:31.0024 4724        PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:54:31.0104 4724        PptpMiniport - ok
19:54:31.0226 4724        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:54:31.0286 4724        Processor - ok
19:54:31.0416 4724        Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:54:31.0496 4724        Psched - ok
19:54:31.0618 4724        ptlnaas - ok
19:54:31.0708 4724        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:54:31.0758 4724        ql2300 - ok
19:54:31.0860 4724        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:54:31.0880 4724        ql40xx - ok
19:54:31.0890 4724        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:54:31.0950 4724        QWAVEdrv - ok
19:54:32.0070 4724        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:54:32.0150 4724        RasAcd - ok
19:54:32.0202 4724        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:54:32.0282 4724        RasAgileVpn - ok
19:54:32.0414 4724        Rasl2tp        (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:54:32.0484 4724        Rasl2tp - ok
19:54:32.0505 4724        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:54:32.0576 4724        RasPppoe - ok
19:54:32.0678 4724        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:54:32.0758 4724        RasSstp - ok
19:54:32.0890 4724        rdbss          (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:54:32.0990 4724        rdbss - ok
19:54:33.0132 4724        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:54:33.0162 4724        rdpbus - ok
19:54:33.0172 4724        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:54:33.0242 4724        RDPCDD - ok
19:54:33.0364 4724        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:54:33.0414 4724        RDPENCDD - ok
19:54:33.0435 4724        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:54:33.0489 4724        RDPREFMP - ok
19:54:33.0528 4724        RDPWD          (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
19:54:33.0628 4724        RDPWD - ok
19:54:33.0748 4724        rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
19:54:33.0768 4724        rdyboost - ok
19:54:33.0838 4724        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
19:54:33.0878 4724        RFCOMM - ok
19:54:33.0998 4724        ROOTMODEM      (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
19:54:34.0068 4724        ROOTMODEM - ok
19:54:34.0210 4724        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:54:34.0290 4724        rspndr - ok
19:54:34.0442 4724        RSUSBSTOR      (2db8116d52b19216812c4e6d5d837810) C:\Windows\System32\Drivers\RtsUStor.sys
19:54:34.0492 4724        RSUSBSTOR - ok
19:54:34.0592 4724        RtsUIR - ok
19:54:34.0632 4724        sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:54:34.0662 4724        sbp2port - ok
19:54:34.0832 4724        scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:54:34.0912 4724        scfilter - ok
19:54:34.0947 4724        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:54:35.0004 4724        secdrv - ok
19:54:35.0156 4724        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:54:35.0176 4724        Serenum - ok
19:54:35.0186 4724        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:54:35.0236 4724        Serial - ok
19:54:35.0366 4724        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:54:35.0406 4724        sermouse - ok
19:54:35.0536 4724        setup_9.0.0.722_14.04.2011_20-50drv (8423db42808e94847ec4e53efda6bee2) C:\Windows\system32\DRIVERS\9434965.sys
19:54:35.0566 4724        setup_9.0.0.722_14.04.2011_20-50drv - ok
19:54:35.0646 4724        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:54:35.0696 4724        sffdisk - ok
19:54:35.0748 4724        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:54:35.0798 4724        sffp_mmc - ok
19:54:35.0878 4724        sffp_sd        (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:54:35.0928 4724        sffp_sd - ok
19:54:35.0978 4724        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:54:36.0038 4724        sfloppy - ok
19:54:36.0158 4724        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:54:36.0178 4724        SiSRaid2 - ok
19:54:36.0218 4724        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:54:36.0238 4724        SiSRaid4 - ok
19:54:36.0258 4724        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:54:36.0330 4724        Smb - ok
19:54:36.0502 4724        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:54:36.0522 4724        spldr - ok
19:54:36.0662 4724        srv            (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:54:36.0712 4724        srv - ok
19:54:36.0852 4724        srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:54:36.0892 4724        srv2 - ok
19:54:37.0042 4724        SrvHsfHDA      (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:54:37.0102 4724        SrvHsfHDA - ok
19:54:37.0262 4724        SrvHsfV92      (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
19:54:37.0342 4724        SrvHsfV92 - ok
19:54:37.0492 4724        SrvHsfWinac    (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
19:54:37.0522 4724        SrvHsfWinac - ok
19:54:37.0662 4724        srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:54:37.0752 4724        srvnet - ok
19:54:37.0882 4724        StarOpen        (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
19:54:37.0912 4724        StarOpen ( UnsignedFile.Multi.Generic ) - warning
19:54:37.0912 4724        StarOpen - detected UnsignedFile.Multi.Generic (1)
19:54:37.0962 4724        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:54:37.0972 4724        stexstor - ok
19:54:38.0124 4724        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:54:38.0144 4724        swenum - ok
19:54:38.0184 4724        SynTP          (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
19:54:38.0204 4724        SynTP - ok
19:54:38.0406 4724        Tcpip          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
19:54:38.0456 4724        Tcpip - ok
19:54:38.0638 4724        TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
19:54:38.0690 4724        TCPIP6 - ok
19:54:38.0820 4724        tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:54:38.0871 4724        tcpipreg - ok
19:54:38.0888 4724        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:54:38.0952 4724        TDPIPE - ok
19:54:39.0082 4724        TDTCP          (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
19:54:39.0132 4724        TDTCP - ok
19:54:39.0172 4724        tdx            (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:54:39.0248 4724        tdx - ok
19:54:39.0364 4724        TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:54:39.0374 4724        TermDD - ok
19:54:39.0424 4724        TFsExDisk      (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
19:54:39.0434 4724        TFsExDisk - ok
19:54:39.0644 4724        truecrypt      (370a6907ddf79532a39319492b1fa38a) C:\Windows\system32\drivers\truecrypt.sys
19:54:39.0664 4724        truecrypt - ok
19:54:39.0744 4724        tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:54:39.0824 4724        tssecsrv - ok
19:54:39.0926 4724        tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:54:40.0006 4724        tunnel - ok
19:54:40.0038 4724        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:54:40.0058 4724        uagp35 - ok
19:54:40.0180 4724        UBHelper        (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
19:54:40.0190 4724        UBHelper - ok
19:54:40.0220 4724        udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
19:54:40.0310 4724        udfs - ok
19:54:40.0442 4724        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:54:40.0452 4724        uliagpkx - ok
19:54:40.0472 4724        umbus          (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:54:40.0514 4724        umbus - ok
19:54:40.0554 4724        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:54:40.0594 4724        UmPass - ok
19:54:40.0726 4724        USBAAPL64      (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:54:40.0796 4724        USBAAPL64 - ok
19:54:40.0836 4724        usbaudio        (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
19:54:40.0876 4724        usbaudio - ok
19:54:40.0988 4724        usbccgp        (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
19:54:41.0068 4724        usbccgp - ok
19:54:41.0158 4724        USBCCID - ok
19:54:41.0188 4724        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:54:41.0238 4724        usbcir - ok
19:54:41.0398 4724        usbehci        (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
19:54:41.0448 4724        usbehci - ok
19:54:41.0568 4724        usbfilter      (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
19:54:41.0588 4724        usbfilter - ok
19:54:41.0638 4724        usbhub          (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
19:54:41.0698 4724        usbhub - ok
19:54:41.0828 4724        usbohci        (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
19:54:41.0878 4724        usbohci - ok
19:54:41.0958 4724        USBPNPA        (0a89f75bb756604bbd995f2a0c8144f3) C:\Windows\system32\drivers\CM10864.sys
19:54:42.0038 4724        USBPNPA - ok
19:54:42.0148 4724        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:54:42.0208 4724        usbprint - ok
19:54:42.0328 4724        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:54:42.0358 4724        usbscan - ok
19:54:42.0408 4724        USBSTOR        (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:54:42.0508 4724        USBSTOR - ok
19:54:42.0608 4724        usbuhci        (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
19:54:42.0658 4724        usbuhci - ok
19:54:42.0708 4724        usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
19:54:42.0788 4724        usbvideo - ok
19:54:42.0908 4724        VComm          (b9b0a0b9232a51bbde9f28ca41716d61) C:\Windows\system32\DRIVERS\VComm.sys
19:54:42.0928 4724        VComm - ok
19:54:42.0948 4724        VcommMgr        (f1b2d9ac422f8b72bf417c8d77c85a3b) C:\Windows\system32\Drivers\VcommMgr.sys
19:54:42.0968 4724        VcommMgr - ok
19:54:43.0088 4724        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:54:43.0108 4724        vdrvroot - ok
19:54:43.0128 4724        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:54:43.0155 4724        vga - ok
19:54:43.0170 4724        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:54:43.0240 4724        VgaSave - ok
19:54:43.0272 4724        vhdmp          (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:54:43.0292 4724        vhdmp - ok
19:54:43.0392 4724        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:54:43.0412 4724        viaide - ok
19:54:43.0422 4724        volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:54:43.0442 4724        volmgr - ok
19:54:43.0462 4724        volmgrx        (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:54:43.0492 4724        volmgrx - ok
19:54:43.0522 4724        volsnap        (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
19:54:43.0552 4724        volsnap - ok
19:54:43.0662 4724        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:54:43.0682 4724        vsmraid - ok
19:54:43.0702 4724        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:54:43.0732 4724        vwifibus - ok
19:54:43.0754 4724        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:54:43.0814 4724        vwififlt - ok
19:54:43.0944 4724        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:54:43.0994 4724        WacomPen - ok
19:54:44.0004 4724        WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:54:44.0064 4724        WANARP - ok
19:54:44.0078 4724        Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:54:44.0126 4724        Wanarpv6 - ok
19:54:44.0268 4724        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:54:44.0288 4724        Wd - ok
19:54:44.0318 4724        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:54:44.0349 4724        Wdf01000 - ok
19:54:44.0500 4724        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:54:44.0550 4724        WfpLwf - ok
19:54:44.0564 4724        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:54:44.0581 4724        WIMMount - ok
19:54:44.0692 4724        WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
19:54:44.0732 4724        WinUsb - ok
19:54:44.0872 4724        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:54:44.0912 4724        WmiAcpi - ok
19:54:44.0952 4724        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:54:45.0002 4724        ws2ifsl - ok
19:54:45.0045 4724        WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
19:54:45.0105 4724        WudfPf - ok
19:54:45.0119 4724        WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:54:45.0195 4724        WUDFRd - ok
19:54:45.0256 4724        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:54:45.0418 4724        \Device\Harddisk0\DR0 - ok
19:54:45.0418 4724        Boot (0x1200)  (f6db4357816cb62e20c12650128fa49f) \Device\Harddisk0\DR0\Partition0
19:54:45.0418 4724        \Device\Harddisk0\DR0\Partition0 - ok
19:54:45.0448 4724        Boot (0x1200)  (855427b9fd2ceb3b180b160feda57196) \Device\Harddisk0\DR0\Partition1
19:54:45.0448 4724        \Device\Harddisk0\DR0\Partition1 - ok
19:54:45.0448 4724        ============================================================
19:54:45.0448 4724        Scan finished
19:54:45.0448 4724        ============================================================
19:54:45.0468 4704        Detected object count: 1
19:54:45.0468 4704        Actual detected object count: 1
19:55:07.0068 4704        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
19:55:07.0068 4704        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip

Vermutlich von CDBurnerXP oder?

cosinus 16.03.2012 21:10

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

medico 16.03.2012 22:27

Bitte sehr!

Code:

ComboFix 12-03-16.03 - Medico 16.03.2012  21:33:17.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.4094.2738 [GMT 1:00]
ausgeführt von:: c:\users\Gast\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\users\Gast\install64.exe
c:\users\Gast\OTL.exe
c:\users\Gast\videos\PROMT9_Professional_EngGer_EGE.exe
c:\users\Gast\VobSub_2.23.exe
c:\windows\SysWow64\pthreadVC.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-16 bis 2012-03-16  ))))))))))))))))))))))))))))))
.
.
2012-03-16 20:44 . 2012-03-16 20:44        --------        d-----w-        c:\users\sdasd\AppData\Local\temp
2012-03-16 20:44 . 2012-03-16 20:44        --------        d-----w-        c:\users\Medico\AppData\Local\temp
2012-03-16 20:44 . 2012-03-16 20:44        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-03-16 18:45 . 2012-03-16 18:45        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{25FE9BF2-95AD-461A-B3E6-16FDE1AD820B}\offreg.dll
2012-03-16 17:17 . 2012-03-16 17:17        --------        d-----w-        C:\_OTL
2012-03-16 09:47 . 2012-02-08 07:13        8643640        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{25FE9BF2-95AD-461A-B3E6-16FDE1AD820B}\mpengine.dll
2012-03-14 23:21 . 2011-11-19 18:30        5504880        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-03-14 23:21 . 2011-11-19 14:25        3957616        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 23:21 . 2011-11-19 14:25        3902320        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 12:06 . 2012-02-03 04:16        3143168        ----a-w-        c:\windows\system32\win32k.sys
2012-03-14 12:06 . 2012-02-10 06:18        1541120        ----a-w-        c:\windows\system32\DWrite.dll
2012-03-14 12:06 . 2012-02-10 05:41        1074176        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-03-14 12:06 . 2012-02-10 06:17        320512        ----a-w-        c:\windows\system32\d3d10_1core.dll
2012-03-14 12:06 . 2012-02-10 05:41        218624        ----a-w-        c:\windows\SysWow64\d3d10_1core.dll
2012-03-14 12:06 . 2012-02-10 06:17        1837568        ----a-w-        c:\windows\system32\d3d10warp.dll
2012-03-14 12:06 . 2012-02-10 05:41        1170944        ----a-w-        c:\windows\SysWow64\d3d10warp.dll
2012-03-14 12:06 . 2012-02-10 06:17        902656        ----a-w-        c:\windows\system32\d2d1.dll
2012-03-14 12:06 . 2012-02-10 05:41        739840        ----a-w-        c:\windows\SysWow64\d2d1.dll
2012-03-14 12:06 . 2012-02-10 06:17        197120        ----a-w-        c:\windows\system32\d3d10_1.dll
2012-03-14 12:06 . 2012-02-10 05:41        161792        ----a-w-        c:\windows\SysWow64\d3d10_1.dll
2012-03-14 11:55 . 2012-01-25 06:20        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-03-14 11:55 . 2012-01-25 06:27        76288        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-03-14 11:55 . 2012-01-25 06:27        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-03-14 11:54 . 2012-02-15 06:27        1031680        ----a-w-        c:\windows\system32\rdpcore.dll
2012-03-14 11:54 . 2012-02-15 05:44        826368        ----a-w-        c:\windows\SysWow64\rdpcore.dll
2012-03-14 11:54 . 2012-02-15 04:47        204800        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-03-14 11:54 . 2012-02-15 04:46        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2012-03-13 10:20 . 2012-03-13 10:20        --------        d-----w-        c:\windows\Options
2012-03-10 09:51 . 2012-03-10 09:51        --------        d-----w-        c:\windows\SysWow64\wbem\en-US
2012-03-10 09:51 . 2012-03-10 09:51        --------        d-----w-        c:\windows\system32\wbem\en-US
2012-03-07 22:13 . 2012-03-12 20:06        --------        d-----w-        c:\users\Medico\AppData\Roaming\gnupg
2012-03-06 21:46 . 2012-03-06 21:46        --------        d-----w-        c:\program files (x86)\ESET
2012-03-05 19:09 . 2012-03-05 19:09        388096        ----a-r-        c:\users\Gast\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-05 19:09 . 2012-03-05 19:09        --------        d-----w-        c:\program files (x86)\Trend Micro
2012-03-05 17:07 . 2012-03-05 17:07        --------        d-----w-        c:\program files (x86)\Secure Banking
2012-03-03 17:52 . 2012-03-03 20:33        --------        d-----w-        c:\users\Gast\AppData\Local\Vidalia
2012-02-26 19:21 . 2012-02-27 13:12        --------        d-----w-        c:\users\Gast\AppData\Roaming\TrueCrypt
2012-02-26 19:20 . 2012-02-26 19:20        231376        ----a-w-        c:\windows\system32\drivers\truecrypt.sys
2012-02-26 19:19 . 2012-02-26 19:24        --------        d-----w-        c:\program files\TrueCrypt
2012-02-26 15:40 . 2012-02-26 15:40        --------        d-----w-        c:\program files (x86)\Tools&More
2012-02-26 09:39 . 2012-02-23 16:11        53080        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2012-02-24 22:53 . 2012-02-24 22:53        --------        d-----w-        c:\program files (x86)\Common Files\Java
2012-02-24 22:53 . 2012-02-24 22:52        476904        ----a-w-        c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-24 21:55 . 2012-02-24 21:57        --------        d-----w-        c:\program files\Oracle
2012-02-24 21:54 . 2011-11-08 18:40        750488        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-02-24 21:54 . 2011-11-08 18:40        660368        ----a-w-        c:\windows\system32\deployJava1.dll
2012-02-23 19:00 . 2011-10-17 17:17        16432        ----a-w-        c:\windows\system32\lsdelete.exe
2012-02-22 20:46 . 2012-02-22 20:46        61440        ----a-w-        c:\windows\SysWow64\drivers\yaduktlx.sys
2012-02-21 11:31 . 2012-01-26 10:54        2135552        ----a-w-        c:\windows\system32\Incinerator64.dll
2012-02-21 11:31 . 2012-01-26 10:54        2077184        ----a-w-        c:\windows\SysWow64\Incinerator32.dll
2012-02-19 16:29 . 2012-02-19 16:29        --------        d-----w-        c:\program files\Recuva
2012-02-19 15:28 . 2012-02-19 15:28        --------        d-----w-        c:\users\Gast\AppData\Roaming\iolo
2012-02-19 15:03 . 2008-12-09 09:59        23464        ----a-w-        c:\windows\system32\drivers\ElRawDsk.sys
2012-02-19 15:02 . 2010-09-23 12:29        511328        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
2012-02-19 15:02 . 2011-04-04 15:38        91136        ----a-w-        c:\windows\system32\IncContxMenu.dll
2012-02-19 15:02 . 2012-01-26 10:40        15360        ----a-w-        c:\windows\system32\smrgdf.exe
2012-02-19 15:02 . 2012-01-26 10:41        46080        ----a-w-        c:\windows\system32\iolobtdfg.exe
2012-02-19 15:01 . 2010-02-08 22:36        69000        ----a-w-        c:\windows\system32\offreg.dll
2012-02-19 15:01 . 2010-02-08 21:59        56200        ----a-w-        c:\windows\SysWow64\offreg.dll
2012-02-19 15:01 . 2012-02-19 15:01        --------        d-----w-        c:\program files (x86)\iolo
2012-02-19 14:55 . 2012-02-19 14:55        74703        ----a-w-        c:\windows\SysWow64\mfc45.dll
2012-02-19 14:55 . 2012-02-22 19:39        --------        d-----w-        c:\programdata\iolo
2012-02-19 14:55 . 2012-02-19 15:18        --------        d-----w-        c:\users\Medico\AppData\Roaming\iolo
2012-02-16 13:40 . 2012-02-16 13:40        --------        d-----w-        c:\users\Gast\AppData\Roaming\Malwarebytes
2012-02-15 23:37 . 2012-02-15 23:37        --------        d-----w-        c:\users\Medico\AppData\Roaming\Malwarebytes
2012-02-15 23:36 . 2012-02-15 23:36        --------        d-----w-        c:\programdata\Malwarebytes
2012-02-15 23:36 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-02-15 23:36 . 2012-02-15 23:37        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-24 22:52 . 2011-06-20 00:22        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-02-23 16:23 . 2010-11-24 14:06        41184        ----a-w-        c:\windows\avastSS.scr
2012-02-23 16:23 . 2010-11-24 14:06        201352        ----a-w-        c:\windows\SysWow64\aswBoot.exe
2012-02-23 16:23 . 2011-01-21 17:51        258520        ----a-w-        c:\windows\system32\aswBoot.exe
2012-02-23 16:12 . 2011-04-11 19:32        817496        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2012-02-23 16:12 . 2010-11-24 14:07        335704        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2012-02-23 16:10 . 2010-11-24 14:07        59224        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2012-02-23 16:10 . 2010-11-24 14:07        69976        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2012-02-23 16:10 . 2010-11-24 14:07        24408        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18 . 2009-11-26 21:24        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-01-04 09:58 . 2012-02-15 09:34        509952        ----a-w-        c:\windows\system32\ntshrui.dll
2012-01-04 09:03 . 2012-02-15 09:34        442880        ----a-w-        c:\windows\SysWow64\ntshrui.dll
2012-01-03 06:24 . 2012-02-15 09:34        515584        ----a-w-        c:\windows\system32\timedate.cpl
2012-01-03 05:44 . 2012-02-15 09:34        478208        ----a-w-        c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-15 09:33        499200        ----a-w-        c:\windows\system32\drivers\afd.sys
2010-01-24 11:32 . 2010-01-24 11:32        8840816        ----a-w-        c:\program files\Thunderbird Setup 3.0.1.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-03-08 22:14 . 95EB6A01C0A4CB9514EE30768A5379BA . 17790464 . . [------] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16441_none_87cbb105f4dd75a9\mshtml.dll
[7] 2011-12-16 . A668888B8AA45E8C21A451A936B589A2 . 9019904 . . [8.00.7601.17744] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17744_none_8c02f34aafe34bfb\mshtml.dll
[7] 2011-12-16 . 7F821BED26D263F3853C6AAA62DF5B43 . 9335296 . . [8.00.7600.16930] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16930_none_8a236508b2b85ec2\mshtml.dll
[7] 2011-12-16 . 3B3CBA1C6F0F83ED1B869C66EA31E36E . 9019392 . . [8.00.7601.21878] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21878_none_8c702179c915a4f4\mshtml.dll
[7] 2011-12-16 . 0FBD1ED7A6B4F15B767A9AEF12E4C135 . 9338368 . . [8.00.7600.21108] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21108_none_8ad54c09cbb6a8b3\mshtml.dll
[-] 2012-03-08 22:14 . 95EB6A01C0A4CB9514EE30768A5379BA . 17790464 . . [------] .. c:\windows\system32\mshtml.dll
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStart-Manager 2006"="c:\program files (x86)\Tools&More\Autostart-Manager\AutoStart-Manager.exe" [2005-12-23 397312]
"SecureBanking"="c:\program files (x86)\Secure Banking\v1.3\SecureBanking.exe" [2012-02-13 258048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-02-23 4031368]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 GNUnet;GNUnet;c:\program files (x86)\GNU\GNUnet\bin\gnunetd.exe [2010-02-23 12288]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-01 135664]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-01-26 722616]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-27 2152152]
R3 AVerAF15DMBTH64;AVerMedia A850 USB;c:\windows\system32\Drivers\AVerAF15DMBTH64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-01 135664]
R3 KiesAllShare;SAMSUNG KiesAllShare Service;c:\program files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe [2010-05-04 9241088]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-05-01 16392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys [x]
S0 94349652;94349652 Boot Guard Driver;c:\windows\system32\DRIVERS\94349652.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 94349651;94349651;c:\windows\system32\DRIVERS\94349651.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x]
S1 setup_9.0.0.722_14.04.2011_20-50drv;setup_9.0.0.722_14.04.2011_20-50drv;c:\windows\system32\DRIVERS\9434965.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2009-04-08 344064]
S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-12-09 405504]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-05-01 119632]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-05 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-01-26 722616]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-05-01 20568]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 37280981
*Deregistered* - 37280981
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-01 21:52]
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-01 21:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23        135408        ----a-w-        c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Medico\AppData\Roaming\Mozilla\Firefox\Profiles\pqc8ijdu.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:c3,ba,2a,14,76,5c,f9,70,ba,8d,e3,ec,da,42,86,f1,ee,b4,a6,96,e2,
  5d,6f,2b,d5,09,94,30,5f,cb,a6,0c,73,52,52,62,35,f9,c6,bd,ef,bc,79,c1,69,54,\
"rkeysecu"=hex:ab,c8,d4,b3,7f,96,cb,e9,cd,19,35,13,59,9c,81,f5
.
[HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-501\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ba,84,85,d5,0a,f0,ff,45,80,d4,ee,5c,26,eb,be,51,1c,c7,00,c8,29,36,4a,
  cd,59,15,f3,56,f6,b1,87,34,d4,08,43,74,0b,8c,2e,c6,bc,0a,77,c9,88,c5,e0,a0,\
"??"=hex:8b,d1,ae,7c,94,b7,39,61,8e,0a,bb,ac,7b,17,5a,b8
.
[HKEY_USERS\S-1-5-21-775227719-1777431515-2653404987-501\Software\SecuROM\License information*]
"datasecu"=hex:8e,5e,63,ec,72,fe,72,ed,27,20,a9,9f,94,c1,b9,fc,76,be,b0,85,f5,
  d0,55,c7,28,64,7e,99,0a,50,c4,30,2e,d7,72,e4,99,90,2c,73,62,c1,fb,f2,9d,fc,\
"rkeysecu"=hex:04,f1,cb,4d,c9,be,51,30,fe,c2,99,a0,19,6f,d9,45
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-16  21:50:32
ComboFix-quarantined-files.txt  2012-03-16 20:50
.
Vor Suchlauf: 19 Verzeichnis(se), 82.609.102.848 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 89.698.738.176 Bytes frei
.
- - End Of File - - 3B53AF93744CECA2EA182B4C60F263D4


cosinus 17.03.2012 14:40

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

medico 17.03.2012 17:29

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-17 17:13:41
-----------------------------
17:13:41.226    OS Version: Windows x64 6.1.7600
17:13:41.226    Number of processors: 2 586 0x602
17:13:41.229    ComputerName: MEDICO-PC  UserName: Medico
17:13:42.084    Initialize success
17:13:45.386    AVAST engine defs: 12031700
17:13:48.676    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006b
17:13:48.679    Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 11
17:13:48.706    Disk 0 MBR read successfully
17:13:48.709    Disk 0 MBR scan
17:13:48.711    Disk 0 Windows VISTA default MBR code
17:13:48.726    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        12000 MB offset 2048
17:13:48.739    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 24578048
17:13:48.751    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      464838 MB offset 24782848
17:13:48.796    Disk 0 scanning C:\Windows\system32\drivers
17:13:58.179    Service scanning
17:14:26.407    Modules scanning
17:14:26.414    Disk 0 trace - called modules:
17:14:26.487    ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys storport.sys hal.dll amdsata.sys
17:14:26.817    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003da0060]
17:14:26.822    3 CLASSPNP.SYS[fffff8800174143f] -> nt!IofCallDriver -> [0xfffffa8003d90040]
17:14:26.829    5 amdxata.sys[fffff8800106b8b9] -> nt!IofCallDriver -> [0xfffffa8003d8c040]
17:14:26.837    7 ACPI.sys[fffff88000ef1781] -> nt!IofCallDriver -> \Device\0000006b[0xfffffa8003d8c660]
17:14:28.157    AVAST engine scan C:\Windows
17:14:36.125    AVAST engine scan C:\Windows\system32
17:18:14.976    AVAST engine scan C:\Windows\system32\drivers
17:18:27.471    AVAST engine scan C:\Users\Medico
17:22:36.198    AVAST engine scan C:\ProgramData
17:24:51.039    Scan finished successfully
17:26:42.941    Disk 0 MBR has been saved successfully to "C:\Users\Gast\Desktop\MBR.dat"
17:26:42.948    The log file has been saved successfully to "C:\Users\Gast\Desktop\aswMBR.txt"


cosinus 19.03.2012 15:11

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

medico 21.03.2012 01:48

Habe ein Virus gefunden, bez. nicht den es exestiert laut System nicht.

Code:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/21/2012 at 01:33 AM

Application Version : 5.0.1146

Core Rules Database Version : 8355
Trace Rules Database Version: 6167

Scan type      : Complete Scan
Total Scan Time : 01:29:56

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Administrator

Memory items scanned      : 585
Memory threats detected  : 0
Registry items scanned    : 72320
Registry threats detected : 0
File items scanned        : 85659
File threats detected    : 1

Adware.Tracking Cookie
        zensiert [ C:\USERS\GAST\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YE3VCMP6 ]

hab schon mehrmals gescannt, und nach dem löschen kam es immer wieder, bin dann im Ordner gegangen und wollte die Datei löschen ging ebenso nicht..
Da die datei nicht mehr exestieren würde unter eigenschaften hab ich herausgefunden das dies eine Shell datei ist, was mich beunruhigt. War zu 100 % noch nie auf die Seite. Namen habe ich zensiert da diese ein Sexnamen hat.

Da ich aber grundsätzlich solch seiten nicht besuch, hab ich mir die dort auch nicht eingefangen. Was kann ich machen? Google sagt zum Namen auch nix.

Würde mein System ja neu aufsetzen, nur hab ich ein Laptop und kein Backup.

medico 21.03.2012 02:09

nach recherche: http://www.trojaner-board.de/99715-b...chsorge-3.html
Name der Datei befindet sich dort auch in einen Log mit SuperAntiSpyware

cosinus 21.03.2012 15:18

Das ist KEIN Virus sondern ein Cookie!
Was ist mit Malwarebytes?

medico 21.03.2012 20:21

Hier:
Code:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.16.03

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Medico :: MEDICO-PC [Administrator]

21.03.2012 15:51:56
mbam-log-2012-03-21 (15-51-56).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 461905
Laufzeit: 1 Stunde(n), 51 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


cosinus 22.03.2012 11:40

Zitat:

Datenbank Version: v2012.03.16.03
Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.

medico 22.03.2012 20:48

Again:
Code:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.22.03

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Medico :: MEDICO-PC [Administrator]

22.03.2012 18:25:34
mbam-log-2012-03-22 (18-25-34).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 463700
Laufzeit: 1 Stunde(n), 36 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


cosinus 23.03.2012 21:11

Keine Funde! :daumenhoc
Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

medico 24.03.2012 00:12

Nein mir liegen keine Befunde vor und das Broken.OpenCommand virus ist ja offenbar auch nicht mehr im System. Vielen Dank nochmal für die Hilfe.

vom Trojaner-Board Spendenkonto habe ich gebrauch gemacht.

cosinus 24.03.2012 18:21

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

medico 28.03.2012 21:24

Mal eine Kurze frage: Soll ich Malwarebytes Kaufen oder reicht auch die Normale Version? Den im Internet wird angegeben das Malwarebytes mehr auf Verhaltenanalysen besteht und weniger Signaturbasiert und Chip sagt das Malwarebytes kein gutes Programm wär und man lieber Spyware Terminator benutzen soll? Warum setzt man dann hier mehr auf Malwarebytes?

gruß

Medico

cosinus 29.03.2012 12:50

Normale Version reicht.
Warum Chip das so sagt weiß ich nicht, AFAIR haben die kritisiert, dass man MBAM in der freien Version immer manuell aktualisieren musst. Aber naja :balla: das ist einem User schon zumutbar vor einem Scan mal auf den Updatebutton zu klicken
Der Hintergrundschutz durch MBAM ist ebenfalls nicht notwendig, MBAM soll ja auch nicht nicht den anderen Virenscanner den man eh schon installiert hat ersetzen, noch sollte IMHO ein zusätzlicher Wächter neben dem vom Virenscanner zusätzlich hinzukommen


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:31 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132