Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   System Check Virus + Gema Trojaner eingefangen... (https://www.trojaner-board.de/112033-system-check-virus-gema-trojaner-eingefangen.html)

jowizzzal 21.03.2012 14:56
System Check Virus + Gema Trojaner eingefangen...
 
Hallo zusammen,

ich habe mir vor 2 Tagen den System Check Virus eingefangen + die Woche davor den Gema Trojaner (danach lief mein Laptop eigtl. noch ganz gut:headbang: ) Naja spätestens seit "System Check" geht nichts mehr...ich habe die Malwarebytes Software gestern durchlaufen lassen und sage und schreibe 21 Viren entfernt...jetzt ist das komplette System Check Fenster weg aber leider sind meine ganzen Dateien noch "versteckt".

Ich wäre Euch sehr dankbar wenn sich jemand mir annimmt und weiter helfen kann!

beste Grüße

Jo

Ich hab jetzt nachdem ich einige Themen mit den gleichen Problemen durchgelesen habe zwei OTL Log files mit dem OTL (Old Timer Scanner) erstellt.

Welche wie folgt aussehen

[quote]
OTL Logfile:
OTL EXTRAS Logfile:
Code:
OTL logfile created on: 21.03.2012 15:06:45 - Run 2
OTL by OldTimer - Version 3.2.39.1    Folder = C:\Users\Jo\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 58,20% Memory free
3,93 Gb Paging File | 2,85 Gb Available in Paging File | 72,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218,20 Gb Total Space | 130,64 Gb Free Space | 59,87% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Jo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jo\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\3 Mobile Broadband\3Connect\BecHelperService.exe ()
PRC - C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\xammp\xampp\mysql\bin\mysqld.exe (MySQL AB)
PRC - C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
PRC - c:\Programme\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
PRC - c:\Programme\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
PRC - C:\Programme\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
PRC - C:\Programme\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE (Dell Inc.)
PRC - C:\Programme\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Google\Chrome\Application\17.0.963.79\ppgooglenaclpluginchrome.dll ()
MOD - C:\Programme\Google\Chrome\Application\17.0.963.79\pdf.dll ()
MOD - C:\Programme\Google\Chrome\Application\17.0.963.79\avutil-51.dll ()
MOD - C:\Programme\Google\Chrome\Application\17.0.963.79\avformat-53.dll ()
MOD - C:\Programme\Google\Chrome\Application\17.0.963.79\avcodec-53.dll ()
MOD - C:\Programme\Google\Chrome\Application\17.0.963.79\gcswf32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Notepad++\NppShell_01.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (BecHelperService) -- C:\Programme\3 Mobile Broadband\3Connect\BecHelperService.exe ()
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (MySQL) -- C:\xammp\xampp\mysql\bin\mysqld.exe (MySQL AB)
SRV - (Apache2.2) -- C:\xammp\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (tmproxy) -- c:\Programme\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV - (TMBMServer) -- c:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (TmPfw) -- c:\Programme\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV - (SfCtlCom) -- c:\Programme\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV - (TOSHIBA Bluetooth Service) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (TrojanKillerDriver) -- C:\Windows\System32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mdvrmng) -- C:\Windows\System32\drivers\mdvrmng.sys ()
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (tmxpflt) -- C:\Windows\System32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (tmpreflt) -- C:\Windows\System32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (vsapint) -- C:\Windows\System32\drivers\vsapint.sys (Trend Micro Inc.)
DRV - (tmwfp) -- C:\Windows\System32\drivers\tmwfp.sys (Trend Micro Inc.)
DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmlwf) -- C:\Windows\System32\drivers\tmlwf.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (tmactmon) -- C:\Windows\System32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\Windows\System32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (rixdpcie) -- C:\Windows\System32\drivers\rixdpe86.sys (REDC)
DRV - (rimspci) -- C:\Windows\System32\drivers\rimspe86.sys (REDC)
DRV - (risdpcie) -- C:\Windows\System32\drivers\risdpe86.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV - (CtAudDrv) -- C:\Windows\System32\drivers\CtAudDrv.sys (Creative Technology Ltd.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {4031213B-2279-418F-81C5-A2F5CE04EF46}
IE - HKLM\..\SearchScopes\{4031213B-2279-418F-81C5-A2F5CE04EF46}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {4031213B-2279-418F-81C5-A2F5CE04EF46}
IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKCU\..\SearchScopes\{2781380E-042A-48DC-ADCD-24554EC175A9}: "URL" = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{3C74D455-EA77-4868-AFC2-FA8D4DE18714}: "URL" = hxxp://go.web.de/tb/ie_lastminute_sp/?searchText={searchTerms}
IE - HKCU\..\SearchScopes\{79817182-B2D0-41A4-AF82-743AE2044FD5}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{A335781F-692C-42E6-ADB2-1292F66B8D62}: "URL" = hxxp://go.web.de/tb2/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{CF27C2CB-2BE3-4295-BEA2-D6BB073DD605}: "URL" = hxxp://go.web.de/tb/ie_ebay_sp/?su={searchTerms}
IE - HKCU\..\SearchScopes\{E5E01A93-5788-418C-ABD4-A269D2DC0631}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{F6F847D7-BB45-4F75-A366-F6183FA44994}: "URL" = hxxp://go.web.de/tb/ie_amazon_sp/?field-keywords={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: Google Mail = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UfSeAgnt.exe] c:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CA6CC16-C409-41D1-989C-CB04DD2106EB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B00989C-9452-44BD-B6B9-D5D8BF77283C}: NameServer = 217.171.135.1 217.171.132.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b1bb0327-8dbf-11e0-9a75-b8ac6f5d75af}\Shell - "" = AutoRun
O33 - MountPoints2\{b1bb0327-8dbf-11e0-9a75-b8ac6f5d75af}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.20 16:43:29 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Malwarebytes
[2012.03.20 16:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.20 16:43:19 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.20 16:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.20 16:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.20 16:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012.03.20 16:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012.03.19 23:42:09 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.19 23:34:46 | 000,000,000 | -H-D | C] -- C:\Users\Jo\Desktop\Saukrates-The_Underground_Tapes_Volume_2-Limited_Edition-EP-1999-FTD
[2012.03.19 23:16:41 | 000,000,000 | -H-D | C] -- C:\Users\Jo\Desktop\Saukrates - The Underground Tapes (1999)
[2012.03.18 18:23:54 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\UAs
[2012.03.18 13:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.03.18 13:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.03.18 13:36:30 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Local\Google
[2012.03.18 13:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.03.18 13:35:09 | 003,628,016 | -H-- | C] (Piriform Ltd) -- C:\Users\Jo\Desktop\ccsetup316.exe
[2012.03.17 21:12:41 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\xmldm
[2012.03.17 21:12:40 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\kock
[2012.03.15 03:36:57 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\gema
[2012.03.15 03:36:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\gema
[2012.03.15 03:01:04 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.03.15 03:01:03 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.03.14 14:51:54 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.03.14 14:51:53 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.03.14 14:50:18 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.03.14 14:50:17 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.03.14 14:50:17 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.03.14 14:50:16 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012.03.10 21:34:49 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vGrabber
[2012.03.10 21:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\v-Grabber
[1 C:\Users\Jo\AppData\Roaming\*.tmp files -> C:\Users\Jo\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.21 14:47:01 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.21 14:16:19 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.21 14:16:19 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.21 14:09:14 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.21 14:08:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.21 14:08:47 | 1582,583,808 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.20 21:27:31 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.20 21:27:31 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.20 21:27:31 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.20 21:27:31 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.20 16:43:20 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.20 16:19:23 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.03.19 23:43:51 | 000,000,456 | -H-- | M] () -- C:\ProgramData\bWNUBzRXeGIbSm
[2012.03.19 23:42:10 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~bWNUBzRXeGIbSm
[2012.03.19 23:42:10 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~bWNUBzRXeGIbSmr
[2012.03.19 23:42:09 | 000,000,655 | -H-- | M] () -- C:\Users\Jo\Desktop\System Check.lnk
[2012.03.19 23:27:07 | 041,363,404 | -H-- | M] () -- C:\Users\Jo\Desktop\Saukrates-The_Underground_Tapes_Volume_2-Limited_Edition-EP-1999-FTD.zip
[2012.03.19 22:06:28 | 152,825,420 | -H-- | M] () -- C:\Users\Jo\Desktop\TONY MATTERHORN B-DAY PARTY (PART 2) (MARCH 17th 2012) (MIAMI) CODE RED, INNOCENT, TONY MATTERHORN.mp3
[2012.03.19 16:06:48 | 000,005,624 | -H-- | M] () -- C:\Users\Jo\AppData\Roaming\BAcroIEHelpe089.dll
[2012.03.18 16:12:04 | 142,114,730 | -H-- | M] () -- C:\Users\Jo\Desktop\PLAYMAKER MEETS LUV INJECTION.zip
[2012.03.18 14:40:49 | 000,016,081 | -HS- | M] () -- C:\Users\Jo\Desktop\Folder.jpg
[2012.03.18 14:40:49 | 000,004,877 | -HS- | M] () -- C:\Users\Jo\Desktop\AlbumArtSmall.jpg
[2012.03.18 13:35:15 | 003,628,016 | -H-- | M] (Piriform Ltd) -- C:\Users\Jo\Desktop\ccsetup316.exe
[2012.03.15 15:35:05 | 067,033,172 | -H-- | M] () -- C:\Users\Jo\Desktop\Runnsound Remembers Gregory Isaacs - Cool Ruler Audiomentary-17 Tracks Dubplate Tribute.mp3
[2012.03.15 03:21:29 | 000,265,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.14 03:30:38 | 000,000,444 | -H-- | M] () -- C:\Users\Jo\Desktop\Breanne Benson Videos (242)  4tube.website
[2012.03.13 14:17:26 | 003,457,036 | -H-- | M] () -- C:\Users\Jo\Desktop\template9.zip
[2012.03.05 17:40:52 | 000,000,028 | -HS- | M] () -- C:\Users\Jo\Desktop\AlbumArt_{F2586D5B-53ED-46D6-9CFF-70BFE5EB3DA7}_Small.jpg
[2012.03.05 17:40:52 | 000,000,028 | -HS- | M] () -- C:\Users\Jo\Desktop\AlbumArt_{F2586D5B-53ED-46D6-9CFF-70BFE5EB3DA7}_Large.jpg
[2012.02.25 13:22:09 | 000,000,477 | -H-- | M] () -- C:\Users\Jo\Desktop\Download Solid Selection.rar from Sendspace.com - send big files the easy way.website
[2012.02.23 22:09:44 | 000,000,463 | -H-- | M] () -- C:\Users\Jo\Desktop\Supersonic, Recorded on 12-11-11 Mitch_YBS on USTREAM. Radio.website
[2012.02.23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[1 C:\Users\Jo\AppData\Roaming\*.tmp files -> C:\Users\Jo\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.20 16:43:20 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.20 16:19:23 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.03.19 23:42:10 | 000,000,264 | -H-- | C] () -- C:\ProgramData\~bWNUBzRXeGIbSm
[2012.03.19 23:42:10 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~bWNUBzRXeGIbSmr
[2012.03.19 23:42:09 | 000,000,655 | -H-- | C] () -- C:\Users\Jo\Desktop\System Check.lnk
[2012.03.19 23:42:05 | 000,000,456 | -H-- | C] () -- C:\ProgramData\bWNUBzRXeGIbSm
[2012.03.19 23:23:49 | 041,363,404 | -H-- | C] () -- C:\Users\Jo\Desktop\Saukrates-The_Underground_Tapes_Volume_2-Limited_Edition-EP-1999-FTD.zip
[2012.03.19 21:54:37 | 152,825,420 | -H-- | C] () -- C:\Users\Jo\Desktop\TONY MATTERHORN B-DAY PARTY (PART 2) (MARCH 17th 2012) (MIAMI) CODE RED, INNOCENT, TONY MATTERHORN.mp3
[2012.03.19 16:06:48 | 000,005,624 | -H-- | C] () -- C:\Users\Jo\AppData\Roaming\BAcroIEHelpe089.dll
[2012.03.18 16:01:09 | 142,114,730 | -H-- | C] () -- C:\Users\Jo\Desktop\PLAYMAKER MEETS LUV INJECTION.zip
[2012.03.18 13:36:35 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.18 13:36:34 | 000,001,086 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.15 15:28:50 | 067,033,172 | -H-- | C] () -- C:\Users\Jo\Desktop\Runnsound Remembers Gregory Isaacs - Cool Ruler Audiomentary-17 Tracks Dubplate Tribute.mp3
[2012.03.13 14:17:20 | 003,457,036 | -H-- | C] () -- C:\Users\Jo\Desktop\template9.zip
[2012.03.05 17:40:52 | 000,000,028 | -HS- | C] () -- C:\Users\Jo\Desktop\AlbumArt_{F2586D5B-53ED-46D6-9CFF-70BFE5EB3DA7}_Small.jpg
[2012.03.05 17:40:52 | 000,000,028 | -HS- | C] () -- C:\Users\Jo\Desktop\AlbumArt_{F2586D5B-53ED-46D6-9CFF-70BFE5EB3DA7}_Large.jpg
[2012.02.24 00:54:54 | 000,000,477 | -H-- | C] () -- C:\Users\Jo\Desktop\Download Solid Selection.rar from Sendspace.com - send big files the easy way.website
[2012.02.20 16:00:20 | 000,000,463 | -H-- | C] () -- C:\Users\Jo\Desktop\Supersonic, Recorded on 12-11-11 Mitch_YBS on USTREAM. Radio.website
[2011.06.03 10:04:49 | 000,010,240 | ---- | C] () -- C:\Windows\System32\drivers\mdvrmng.sys
[2010.11.18 15:42:34 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010.11.05 16:05:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.08.25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.08.16 18:48:32 | 000,009,728 | -H-- | C] () -- C:\Users\Jo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.27 14:10:54 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010.03.27 13:57:33 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010.03.27 13:57:32 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2010.03.27 13:54:02 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
 
========== Files - Unicode (All) ==========
[2012.03.10 14:12:57 | 000,000,618 | -H-- | M] ()(C:\Users\Jo\Desktop\? Slow Jams Pt.2.mp3 (full) by K'Ress.website) -- C:\Users\Jo\Desktop\▶ Slow Jams Pt.2.mp3 (full) by K'Ress.website
[2012.02.17 19:24:19 | 000,000,618 | -H-- | C] ()(C:\Users\Jo\Desktop\? Slow Jams Pt.2.mp3 (full) by K'Ress.website) -- C:\Users\Jo\Desktop\▶ Slow Jams Pt.2.mp3 (full) by K'Ress.website
 
< End of report >
--- --- ---

--- --- ---


OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 21.03.2012 15:06:45 - Run 2
OTL by OldTimer - Version 3.2.39.1    Folder = C:\Users\Jo\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 58,20% Memory free
3,93 Gb Paging File | 2,85 Gb Available in Paging File | 72,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218,20 Gb Total Space | 130,64 Gb Free Space | 59,87% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Jo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54F5197C-9A19-4BCF-98A1-514C5A832D84}" = Dell Backup and Recovery Manager
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D71174A-31A3-4523-8A52-8602B6099AC2}" = ITCH
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro Internet Security
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Dell Webcam Central" = Dell Webcam Central
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"FileZilla Client" = FileZilla Client 3.2.7.1
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
"Google Chrome" = Google Chrome
"GridinSoft Trojan Killer" = Trojan Killer
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Notepad++" = Notepad++
"Opera 11.61.1250" = Opera 11.61
"TVWiz" = Intel(R) TV Wizard
"Veetle TV" = Veetle TV 0.9.18
"Visual Slideshow" = Visual Slideshow
"VLC media player" = VLC media player 1.0.5
"vShare" = vShare Plugin
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"ZTE_1.2059.0.8" = ZTE_1.2059.0.8
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.05.2011 07:30:17 | Computer Name = Laptop | Source = EventSystem | ID = 4622
Description =
 
Error - 15.05.2011 20:46:16 | Computer Name = Laptop | Source = EventSystem | ID = 4621
Description =
 
Error - 16.05.2011 13:16:23 | Computer Name = Laptop | Source = EventSystem | ID = 4622
Description =
 
Error - 17.05.2011 05:41:42 | Computer Name = Laptop | Source = EventSystem | ID = 4622
Description =
 
Error - 17.05.2011 08:44:23 | Computer Name = Laptop | Source = EventSystem | ID = 4622
Description =
 
Error - 17.05.2011 11:10:48 | Computer Name = Laptop | Source = EventSystem | ID = 4621
Description =
 
Error - 17.05.2011 12:02:31 | Computer Name = Laptop | Source = EventSystem | ID = 4621
Description =
 
Error - 17.05.2011 14:14:14 | Computer Name = Laptop | Source = EventSystem | ID = 4622
Description =
 
Error - 18.05.2011 11:34:10 | Computer Name = Laptop | Source = EventSystem | ID = 4622
Description =
 
Error - 18.05.2011 15:30:07 | Computer Name = Laptop | Source = EventSystem | ID = 4622
Description =
 
[ Media Center Events ]
Error - 24.04.2011 07:46:45 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 13:46:45 - Fehler beim Herstellen der Internetverbindung.  13:46:45
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 24.04.2011 07:46:56 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 13:46:50 - Fehler beim Herstellen der Internetverbindung.  13:46:50
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 13.05.2011 06:42:59 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 12:42:59 - Fehler beim Herstellen der Internetverbindung.  12:42:59
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 13.05.2011 06:43:11 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 12:43:04 - Fehler beim Herstellen der Internetverbindung.  12:43:04
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 13.05.2011 07:46:16 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 13:46:16 - Fehler beim Herstellen der Internetverbindung.  13:46:16
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 13.05.2011 07:46:23 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 13:46:21 - Fehler beim Herstellen der Internetverbindung.  13:46:21
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 26.10.2011 07:02:03 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 13:02:03 - Fehler beim Herstellen der Internetverbindung.  13:02:03
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 26.10.2011 07:02:16 | Computer Name = Laptop | Source = MCUpdate | ID = 0
Description = 13:02:08 - Fehler beim Herstellen der Internetverbindung.  13:02:08
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 20.03.2012 10:51:21 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 20.03.2012 10:51:29 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 20.03.2012 10:51:29 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 20.03.2012 10:51:29 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 20.03.2012 10:52:56 | Computer Name = Laptop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%1.
 
Error - 20.03.2012 10:52:59 | Computer Name = Laptop | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Server" wurde mit folgendem Fehler beendet:  %%1062
 
Error - 20.03.2012 11:12:26 | Computer Name = Laptop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%1.
 
Error - 20.03.2012 13:27:57 | Computer Name = Laptop | Source = DCOM | ID = 10010
Description =
 
Error - 20.03.2012 13:29:23 | Computer Name = Laptop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%1.
 
Error - 21.03.2012 09:09:10 | Computer Name = Laptop | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%1.
 
 
< End of report >
--- --- ---

cosinus 21.03.2012 17:58
Zitat:
..ich habe die Malwarebytes Software gestern durchlaufen lassen und sage und schreibe 21 Viren entfernt..
Du bist auch so einer der die Logs von Malwarebytes nicht postet! :(
Ohne die Logs von Malwarebytes und Co wird das hier nichts. :glaskugel:
Alles von Malwarebytes (und evtl. anderen Scannern) muss hier gepostet werden.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

jowizzzal 21.03.2012 18:16
hi arne,

herzlichen dank für deine antwort :)

Hier sind noch meine Malwarebytes Logs:

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.20.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jo :: LAPTOP [Administrator]

Schutz: Aktiviert

20.03.2012 16:44:32
mbam-log-2012-03-20 (16-44-32).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 304181
Laufzeit: 1 Stunde(n), 15 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKCR\CLSID\{975670D0-7EFB-4fa8-90FA-3AE575B9FB77} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{975670D0-7EFB-4FA8-90FA-3AE575B9FB77} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{975670D0-7EFB-4FA8-90FA-3AE575B9FB77} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{975670D0-7EFB-4FA8-90FA-3AE575B9FB77} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|QkMNyhGuJTxqPg.exe (Rogue.FakeHDD) -> Daten: C:\ProgramData\QkMNyhGuJTxqPg.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\Jo\AppData\Roaming\appconf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|gema. (Trojan.Ransom.ICL) -> Daten: C:\ProgramData\gema\gema.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|gema (Trojan.Ransom.ICL) -> Daten: C:\Users\Jo\AppData\Roaming\gema\gema.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|gema (Trojan.Ransom) -> Daten: C:\Windows\system32\gema.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 10
C:\ProgramData\QkMNyhGuJTxqPg.exe (Rogue.FakeHDD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jo\AppData\Roaming\AcroIEHelpe089.dll (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\bWNUBzRXeGIbSm.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jo\AppData\Local\Temp\7Y1v0zdoTtZ9mU.exe.tmp (Rogue.FakeHDD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jo\AppData\Local\Temp\E50C.tmp (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jo\AppData\Local\Temp\unregmp2.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jo\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Löschen bei Neustart.
C:\ProgramData\gema\gema.exe (Trojan.Ransom.ICL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Jo\AppData\Roaming\gema\gema.exe (Trojan.Ransom.ICL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\gema.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Wie kann ich weiter gegen den abfuck vorgehen? :kloppen:

Mein laptop läuft soweit im abgesicherten Modus mit Netzbetrieb..:aufsmaul:

cosinus 21.03.2012 18:24
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


jowizzzal 21.03.2012 19:37
Ich konnte leider den Inet Explorer nicht als allg. Administrator ausführen.

Code:
C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe        a variant of Win32/1AntiVirus application
C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003        a variant of Win32/1AntiVirus application
C:\Users\Jo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\766dec4c-376321fc        Java/Exploit.CVE-2011-3544.T trojan
C:\Users\Jo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\6db7628d-617483b2        Java/Agent.EA trojan
C:\Users\Jo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\698f8e56-16b5e36a        Java/TrojanDownloader.OpenStream.NCO trojan
C:\Users\Jo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\e8bb03b-279364fa        multiple threats
C:\Users\Jo\AppData\Roaming\BAcroIEHelpe089.dll        Win32/Spy.Agent.NYS trojan
C:\Users\Jo\Downloads\gtk2119-setup.exe        a variant of Win32/1AntiVirus application
8 Funde sind es insgesamt

cosinus 22.03.2012 11:34
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

jowizzzal 22.03.2012 13:09
Code:
OTL logfile created on: 22.03.2012 12:54:31 - Run 4
OTL by OldTimer - Version 3.2.39.1    Folder = C:\Users\Jo\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 81,98% Memory free
3,93 Gb Paging File | 3,60 Gb Available in Paging File | 91,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218,20 Gb Total Space | 130,55 Gb Free Space | 59,83% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Jo | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jo\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (BecHelperService) -- C:\Programme\3 Mobile Broadband\3Connect\BecHelperService.exe ()
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (MySQL) -- C:\xammp\xampp\mysql\bin\mysqld.exe (MySQL AB)
SRV - (Apache2.2) -- C:\xammp\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (tmproxy) -- c:\Programme\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV - (TMBMServer) -- c:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (TmPfw) -- c:\Programme\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV - (SfCtlCom) -- c:\Programme\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV - (TOSHIBA Bluetooth Service) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (TrojanKillerDriver) -- C:\Windows\System32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mdvrmng) -- C:\Windows\System32\drivers\mdvrmng.sys ()
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (tmxpflt) -- C:\Windows\System32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (tmpreflt) -- C:\Windows\System32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (vsapint) -- C:\Windows\System32\drivers\vsapint.sys (Trend Micro Inc.)
DRV - (tmwfp) -- C:\Windows\System32\drivers\tmwfp.sys (Trend Micro Inc.)
DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmlwf) -- C:\Windows\System32\drivers\tmlwf.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (tmactmon) -- C:\Windows\System32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\Windows\System32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (rixdpcie) -- C:\Windows\System32\drivers\rixdpe86.sys (REDC)
DRV - (rimspci) -- C:\Windows\System32\drivers\rimspe86.sys (REDC)
DRV - (risdpcie) -- C:\Windows\System32\drivers\risdpe86.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV - (CtAudDrv) -- C:\Windows\System32\drivers\CtAudDrv.sys (Creative Technology Ltd.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {4031213B-2279-418F-81C5-A2F5CE04EF46}
IE - HKLM\..\SearchScopes\{4031213B-2279-418F-81C5-A2F5CE04EF46}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes,DefaultScope = {4031213B-2279-418F-81C5-A2F5CE04EF46}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{2781380E-042A-48DC-ADCD-24554EC175A9}: "URL" = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{3C74D455-EA77-4868-AFC2-FA8D4DE18714}: "URL" = hxxp://go.web.de/tb/ie_lastminute_sp/?searchText={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{79817182-B2D0-41A4-AF82-743AE2044FD5}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{A335781F-692C-42E6-ADB2-1292F66B8D62}: "URL" = hxxp://go.web.de/tb2/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{CF27C2CB-2BE3-4295-BEA2-D6BB073DD605}: "URL" = hxxp://go.web.de/tb/ie_ebay_sp/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{E5E01A93-5788-418C-ABD4-A269D2DC0631}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{F6F847D7-BB45-4F75-A366-F6183FA44994}: "URL" = hxxp://go.web.de/tb/ie_amazon_sp/?field-keywords={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: Google Mail = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UfSeAgnt.exe] c:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CA6CC16-C409-41D1-989C-CB04DD2106EB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B00989C-9452-44BD-B6B9-D5D8BF77283C}: NameServer = 217.171.135.1 217.171.132.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\S-1-5-21-8570042-888220694-3765887851-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b1bb0327-8dbf-11e0-9a75-b8ac6f5d75af}\Shell - "" = AutoRun
O33 - MountPoints2\{b1bb0327-8dbf-11e0-9a75-b8ac6f5d75af}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.20 16:43:29 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Malwarebytes
[2012.03.20 16:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.20 16:43:19 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.20 16:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.20 16:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.20 16:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012.03.20 16:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012.03.19 23:42:09 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.19 23:34:46 | 000,000,000 | -H-D | C] -- C:\Users\Jo\Desktop\Saukrates-The_Underground_Tapes_Volume_2-Limited_Edition-EP-1999-FTD
[2012.03.19 23:16:41 | 000,000,000 | -H-D | C] -- C:\Users\Jo\Desktop\Saukrates - The Underground Tapes (1999)
[2012.03.18 18:23:54 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\UAs
[2012.03.18 13:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.03.18 13:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.03.18 13:36:30 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Local\Google
[2012.03.18 13:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.03.18 13:35:09 | 003,628,016 | -H-- | C] (Piriform Ltd) -- C:\Users\Jo\Desktop\ccsetup316.exe
[2012.03.17 21:12:41 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\xmldm
[2012.03.17 21:12:40 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\kock
[2012.03.15 03:36:57 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\gema
[2012.03.15 03:36:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\gema
[2012.03.10 21:34:49 | 000,000,000 | -H-D | C] -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vGrabber
[2012.03.10 21:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\v-Grabber
[1 C:\Users\Jo\AppData\Roaming\*.tmp files -> C:\Users\Jo\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.22 12:42:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.22 12:42:41 | 1582,583,808 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.22 12:41:23 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.21 18:29:55 | 000,000,089 | ---- | M] () -- C:\Users\Jo\Desktop\esetsmartinstaller_enu.exe.url
[2012.03.21 18:28:36 | 000,000,067 | ---- | M] () -- C:\Users\Jo\Desktop\ESET Online Scanner.url
[2012.03.21 14:47:01 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.21 14:16:19 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.21 14:16:19 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.20 21:27:31 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.20 21:27:31 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.20 21:27:31 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.20 21:27:31 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.20 16:43:20 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.20 16:19:23 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.03.19 23:43:51 | 000,000,456 | -H-- | M] () -- C:\ProgramData\bWNUBzRXeGIbSm
[2012.03.19 23:42:10 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~bWNUBzRXeGIbSm
[2012.03.19 23:42:10 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~bWNUBzRXeGIbSmr
[2012.03.19 23:42:09 | 000,000,655 | -H-- | M] () -- C:\Users\Jo\Desktop\System Check.lnk
[2012.03.19 23:27:07 | 041,363,404 | -H-- | M] () -- C:\Users\Jo\Desktop\Saukrates-The_Underground_Tapes_Volume_2-Limited_Edition-EP-1999-FTD.zip
[2012.03.19 22:06:28 | 152,825,420 | -H-- | M] () -- C:\Users\Jo\Desktop\TONY MATTERHORN B-DAY PARTY (PART 2) (MARCH 17th 2012) (MIAMI) CODE RED, INNOCENT, TONY MATTERHORN.mp3
[2012.03.19 16:06:48 | 000,005,624 | -H-- | M] () -- C:\Users\Jo\AppData\Roaming\BAcroIEHelpe089.dll
[2012.03.18 16:12:04 | 142,114,730 | -H-- | M] () -- C:\Users\Jo\Desktop\PLAYMAKER MEETS LUV INJECTION.zip
[2012.03.18 14:40:49 | 000,016,081 | -HS- | M] () -- C:\Users\Jo\Desktop\Folder.jpg
[2012.03.18 14:40:49 | 000,004,877 | -HS- | M] () -- C:\Users\Jo\Desktop\AlbumArtSmall.jpg
[2012.03.18 13:35:15 | 003,628,016 | -H-- | M] (Piriform Ltd) -- C:\Users\Jo\Desktop\ccsetup316.exe
[2012.03.15 15:35:05 | 067,033,172 | -H-- | M] () -- C:\Users\Jo\Desktop\Runnsound Remembers Gregory Isaacs - Cool Ruler Audiomentary-17 Tracks Dubplate Tribute.mp3
[2012.03.15 03:21:29 | 000,265,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.14 03:30:38 | 000,000,444 | -H-- | M] () -- C:\Users\Jo\Desktop\Breanne Benson Videos (242)  4tube.website
[2012.03.13 14:17:26 | 003,457,036 | -H-- | M] () -- C:\Users\Jo\Desktop\template9.zip
[2012.03.05 17:40:52 | 000,000,028 | -HS- | M] () -- C:\Users\Jo\Desktop\AlbumArt_{F2586D5B-53ED-46D6-9CFF-70BFE5EB3DA7}_Small.jpg
[2012.03.05 17:40:52 | 000,000,028 | -HS- | M] () -- C:\Users\Jo\Desktop\AlbumArt_{F2586D5B-53ED-46D6-9CFF-70BFE5EB3DA7}_Large.jpg
[2012.02.25 13:22:09 | 000,000,477 | -H-- | M] () -- C:\Users\Jo\Desktop\Download Solid Selection.rar from Sendspace.com - send big files the easy way.website
[2012.02.23 22:09:44 | 000,000,463 | -H-- | M] () -- C:\Users\Jo\Desktop\Supersonic, Recorded on 12-11-11 Mitch_YBS on USTREAM. Radio.website
[1 C:\Users\Jo\AppData\Roaming\*.tmp files -> C:\Users\Jo\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.21 18:29:11 | 000,000,089 | ---- | C] () -- C:\Users\Jo\Desktop\esetsmartinstaller_enu.exe.url
[2012.03.21 18:28:36 | 000,000,067 | ---- | C] () -- C:\Users\Jo\Desktop\ESET Online Scanner.url
[2012.03.20 16:43:20 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.20 16:19:23 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.03.19 23:42:10 | 000,000,264 | -H-- | C] () -- C:\ProgramData\~bWNUBzRXeGIbSm
[2012.03.19 23:42:10 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~bWNUBzRXeGIbSmr
[2012.03.19 23:42:09 | 000,000,655 | -H-- | C] () -- C:\Users\Jo\Desktop\System Check.lnk
[2012.03.19 23:42:05 | 000,000,456 | -H-- | C] () -- C:\ProgramData\bWNUBzRXeGIbSm
[2012.03.19 23:23:49 | 041,363,404 | -H-- | C] () -- C:\Users\Jo\Desktop\Saukrates-The_Underground_Tapes_Volume_2-Limited_Edition-EP-1999-FTD.zip
[2012.03.19 21:54:37 | 152,825,420 | -H-- | C] () -- C:\Users\Jo\Desktop\TONY MATTERHORN B-DAY PARTY (PART 2) (MARCH 17th 2012) (MIAMI) CODE RED, INNOCENT, TONY MATTERHORN.mp3
[2012.03.19 16:06:48 | 000,005,624 | -H-- | C] () -- C:\Users\Jo\AppData\Roaming\BAcroIEHelpe089.dll
[2012.03.18 16:01:09 | 142,114,730 | -H-- | C] () -- C:\Users\Jo\Desktop\PLAYMAKER MEETS LUV INJECTION.zip
[2012.03.18 13:36:35 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.18 13:36:34 | 000,001,086 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.15 15:28:50 | 067,033,172 | -H-- | C] () -- C:\Users\Jo\Desktop\Runnsound Remembers Gregory Isaacs - Cool Ruler Audiomentary-17 Tracks Dubplate Tribute.mp3
[2012.03.13 14:17:20 | 003,457,036 | -H-- | C] () -- C:\Users\Jo\Desktop\template9.zip
[2012.03.05 17:40:52 | 000,000,028 | -HS- | C] () -- C:\Users\Jo\Desktop\AlbumArt_{F2586D5B-53ED-46D6-9CFF-70BFE5EB3DA7}_Small.jpg
[2012.03.05 17:40:52 | 000,000,028 | -HS- | C] () -- C:\Users\Jo\Desktop\AlbumArt_{F2586D5B-53ED-46D6-9CFF-70BFE5EB3DA7}_Large.jpg
[2012.02.24 00:54:54 | 000,000,477 | -H-- | C] () -- C:\Users\Jo\Desktop\Download Solid Selection.rar from Sendspace.com - send big files the easy way.website
[2011.06.03 10:04:49 | 000,010,240 | ---- | C] () -- C:\Windows\System32\drivers\mdvrmng.sys
[2010.11.18 15:42:34 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010.11.05 16:05:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.08.25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.08.16 18:48:32 | 000,009,728 | -H-- | C] () -- C:\Users\Jo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.27 14:10:54 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010.03.27 13:57:33 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010.03.27 13:57:32 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2010.03.27 13:54:02 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
 
========== LOP Check ==========
 
[2012.01.22 17:57:45 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\1&1 Mail & Media GmbH
[2011.06.03 10:15:03 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Birdstep Technology
[2012.03.18 13:47:35 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\FileZilla
[2010.11.18 15:42:35 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\FreeAudioPack
[2012.03.20 18:26:43 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\gema
[2011.10.12 14:00:09 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\IrfanView
[2012.03.17 21:12:40 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\kock
[2010.09.09 20:12:04 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Notepad++
[2010.05.26 11:50:34 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Opera
[2012.03.18 20:11:48 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\UAs
[2010.11.15 10:50:26 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Windows Live Writer
[2012.03.18 20:12:25 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\xmldm
[2012.03.01 12:08:16 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.22 17:57:45 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\1&1 Mail & Media GmbH
[2010.06.13 09:56:45 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Adobe
[2012.02.07 15:45:38 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Apple Computer
[2011.06.03 10:15:03 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Birdstep Technology
[2010.08.15 19:04:37 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Creative
[2010.05.23 13:29:37 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\CyberLink
[2012.01.16 23:05:39 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\dvdcss
[2012.03.18 13:47:35 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\FileZilla
[2010.11.18 15:42:35 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\FreeAudioPack
[2012.03.20 18:26:43 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\gema
[2010.05.11 08:45:15 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Identities
[2010.06.26 13:55:59 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\InstallShield
[2011.10.12 14:00:09 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\IrfanView
[2012.03.17 21:12:40 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\kock
[2010.05.19 08:21:41 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Macromedia
[2012.03.20 16:43:29 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Malwarebytes
[2009.07.14 09:56:41 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Media Center Programs
[2010.10.28 20:58:52 | 000,000,000 | --SD | M] -- C:\Users\Jo\AppData\Roaming\Microsoft
[2010.09.09 20:12:04 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Notepad++
[2010.05.26 11:50:34 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Opera
[2010.08.15 19:55:01 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Reallusion
[2012.03.18 13:47:35 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Skype
[2012.01.13 16:08:35 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\skypePM
[2010.06.26 14:08:17 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Sony Corporation
[2012.03.18 20:11:48 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\UAs
[2012.02.10 16:42:38 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\vlc
[2010.11.15 10:50:26 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\Windows Live Writer
[2010.05.23 12:07:04 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\WinRAR
[2012.03.18 20:12:25 | 000,000,000 | -H-D | M] -- C:\Users\Jo\AppData\Roaming\xmldm
 
< %APPDATA%\*.exe /s >
[2010.06.26 13:57:07 | 000,010,134 | RH-- | M] () -- C:\Users\Jo\AppData\Roaming\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe
[2012.02.08 17:51:47 | 000,010,134 | RH-- | M] () -- C:\Users\Jo\AppData\Roaming\Microsoft\Installer\{8D71174A-31A3-4523-8A52-8602B6099AC2}\ARPPRODUCTICON.exe
[2012.02.08 17:51:47 | 000,065,536 | RH-- | M] (InstallShield Software Corp.) -- C:\Users\Jo\AppData\Roaming\Microsoft\Installer\{8D71174A-31A3-4523-8A52-8602B6099AC2}\ItchShortcut_3AACE619E70942C5B73003B60EB9E2F1.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_dda2ecda9bf2e50d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009.12.19 23:00:00 | 000,037,520 | -H-- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xammp\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Files - Unicode (All) ==========
[2012.03.10 14:12:57 | 000,000,618 | -H-- | M] ()(C:\Users\Jo\Desktop\? Slow Jams Pt.2.mp3 (full) by K'Ress.website) -- C:\Users\Jo\Desktop\▶ Slow Jams Pt.2.mp3 (full) by K'Ress.website
[2012.02.17 19:24:19 | 000,000,618 | -H-- | C] ()(C:\Users\Jo\Desktop\? Slow Jams Pt.2.mp3 (full) by K'Ress.website) -- C:\Users\Jo\Desktop\▶ Slow Jams Pt.2.mp3 (full) by K'Ress.website

< End of report >

cosinus 22.03.2012 15:06
Geht der normale Modus noch nicht?

jowizzzal 22.03.2012 15:43
Leider keine Veränderung! Der Computer läuft, aber leider sind meine ganzen Dateien versteckt.

cosinus 22.03.2012 16:02
So weit sind wir ja auch noch nicht! Die Frage war ob der normale Modus wieder startet ohne GEMA!

jowizzzal 22.03.2012 16:37
Um Deine Frage zu beantworten, das Gema Fenster ist weg! Allerdings ist es bei meinem speziellen Fall so, dass ich das Fenster umgehen konnte. Allerdings seit ich den "System Check Virus" habe, ist das Gema Fenster sowieso weg, deshalb meine Antwort: keine besonderen Veränderungen seit dem Malwarebytes scan.

cosinus 23.03.2012 20:31
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

jowizzzal 23.03.2012 22:03
Hallo cosinus

ich habe mitlerweile hier im forum ein bisschen weiter recherchiert und bin auf "unhide" gestoßen. Jetzt ist mein Laptop wieder voll hergestellt (zumindest macht es den Anschein)...

Ein drittes OTL log wie von Dir o.g. kann ich machen.

Bitte geb mir bescheid was ich als nächstes machen soll:zzwhip:

cosinus 24.03.2012 18:08
Von "voll hergestellt" kann man nun nicht gerade reden nur weil die Dateien wieder angezeigt werden!
Mach bitte endlich das neue OTL-Log, ist ja schön, dass du in anderen Strängen hier auch rein schaust aber ich hab den Eindruck das lenkt immer zu viel ab :nixda:

jowizzzal 24.03.2012 18:31
hi,

hier mein aktueller OTL Log...


OTL Logfile:
Code:
OTL logfile created on: 24.03.2012 18:12:08 - Run 5
OTL by OldTimer - Version 3.2.39.1    Folder = C:\Users\Jo\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 68,37% Memory free
3,93 Gb Paging File | 2,82 Gb Available in Paging File | 71,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218,20 Gb Total Space | 130,03 Gb Free Space | 59,59% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Jo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jo\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\3 Mobile Broadband\3Connect\BecHelperService.exe ()
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\xammp\xampp\mysql\bin\mysqld.exe (MySQL AB)
PRC - C:\xammp\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
PRC - c:\Programme\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
PRC - c:\Programme\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe (TOSHIBA CORPORATION.)
PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
PRC - C:\Programme\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
PRC - C:\Programme\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE (Dell Inc.)
PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll ()
MOD - C:\Programme\Dell Webcam\Dell Webcam Central\FTrack.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (BecHelperService) -- C:\Programme\3 Mobile Broadband\3Connect\BecHelperService.exe ()
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (MySQL) -- C:\xammp\xampp\mysql\bin\mysqld.exe (MySQL AB)
SRV - (Apache2.2) -- C:\xammp\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (tmproxy) -- c:\Programme\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV - (TMBMServer) -- c:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (TmPfw) -- c:\Programme\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV - (SfCtlCom) -- c:\Programme\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV - (TOSHIBA Bluetooth Service) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (TrojanKillerDriver) -- C:\Windows\System32\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mdvrmng) -- C:\Windows\System32\drivers\mdvrmng.sys ()
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (tmxpflt) -- C:\Windows\System32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (tmpreflt) -- C:\Windows\System32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (vsapint) -- C:\Windows\System32\drivers\vsapint.sys (Trend Micro Inc.)
DRV - (tmwfp) -- C:\Windows\System32\drivers\tmwfp.sys (Trend Micro Inc.)
DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmlwf) -- C:\Windows\System32\drivers\tmlwf.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (tmactmon) -- C:\Windows\System32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\Windows\System32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (rixdpcie) -- C:\Windows\System32\drivers\rixdpe86.sys (REDC)
DRV - (rimspci) -- C:\Windows\System32\drivers\rimspe86.sys (REDC)
DRV - (risdpcie) -- C:\Windows\System32\drivers\risdpe86.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV - (CtAudDrv) -- C:\Windows\System32\drivers\CtAudDrv.sys (Creative Technology Ltd.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {4031213B-2279-418F-81C5-A2F5CE04EF46}
IE - HKLM\..\SearchScopes\{4031213B-2279-418F-81C5-A2F5CE04EF46}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes,DefaultScope = {4031213B-2279-418F-81C5-A2F5CE04EF46}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{2781380E-042A-48DC-ADCD-24554EC175A9}: "URL" = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{3C74D455-EA77-4868-AFC2-FA8D4DE18714}: "URL" = hxxp://go.web.de/tb/ie_lastminute_sp/?searchText={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{79817182-B2D0-41A4-AF82-743AE2044FD5}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{A335781F-692C-42E6-ADB2-1292F66B8D62}: "URL" = hxxp://go.web.de/tb2/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{CF27C2CB-2BE3-4295-BEA2-D6BB073DD605}: "URL" = hxxp://go.web.de/tb/ie_ebay_sp/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{E5E01A93-5788-418C-ABD4-A269D2DC0631}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{F6F847D7-BB45-4F75-A366-F6183FA44994}: "URL" = hxxp://go.web.de/tb/ie_amazon_sp/?field-keywords={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: Google Mail = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UfSeAgnt.exe] c:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.18.0.5 212.18.3.5 192.168.77.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CA6CC16-C409-41D1-989C-CB04DD2106EB}: DhcpNameServer = 212.18.0.5 212.18.3.5 192.168.77.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B00989C-9452-44BD-B6B9-D5D8BF77283C}: NameServer = 217.171.135.1 217.171.132.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\S-1-5-21-8570042-888220694-3765887851-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b1bb0327-8dbf-11e0-9a75-b8ac6f5d75af}\Shell - "" = AutoRun
O33 - MountPoints2\{b1bb0327-8dbf-11e0-9a75-b8ac6f5d75af}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.20 16:43:29 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Malwarebytes
[2012.03.20 16:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.20 16:43:19 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.20 16:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.20 16:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.20 16:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012.03.20 16:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012.03.19 23:42:09 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.19 23:16:41 | 000,000,000 | ---D | C] -- C:\Users\Jo\Desktop\Saukrates - The Underground Tapes (1999)
[2012.03.18 18:23:54 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\UAs
[2012.03.18 13:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.03.18 13:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.03.18 13:36:30 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\Google
[2012.03.18 13:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.03.18 13:35:09 | 003,628,016 | ---- | C] (Piriform Ltd) -- C:\Users\Jo\Desktop\ccsetup316.exe
[2012.03.17 21:12:41 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\xmldm
[2012.03.17 21:12:40 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\kock
[2012.03.15 03:36:57 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\gema
[2012.03.15 03:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\gema
[2012.03.10 21:34:49 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vGrabber
[2012.03.10 21:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\v-Grabber
[1 C:\Users\Jo\AppData\Roaming\*.tmp files -> C:\Users\Jo\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.24 18:11:59 | 000,000,618 | ---- | M] () -- C:\Users\Jo\Desktop\Die Ordnungszahl 681 wurde in der DLL iertutil.dll nicht gefunden. Windows XP Forum.website
[2012.03.24 17:59:57 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.24 17:59:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.24 13:29:36 | 000,014,240 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.24 13:29:36 | 000,014,240 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.24 13:22:29 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.24 13:22:00 | 1582,583,808 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.23 20:36:25 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.23 20:36:25 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.23 20:36:25 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.23 20:36:25 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.21 18:29:55 | 000,000,089 | ---- | M] () -- C:\Users\Jo\Desktop\esetsmartinstaller_enu.exe.url
[2012.03.21 18:28:36 | 000,000,067 | ---- | M] () -- C:\Users\Jo\Desktop\ESET Online Scanner.url
[2012.03.20 16:43:20 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.20 16:19:23 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.03.19 23:43:51 | 000,000,456 | ---- | M] () -- C:\ProgramData\bWNUBzRXeGIbSm
[2012.03.19 23:42:10 | 000,000,264 | ---- | M] () -- C:\ProgramData\~bWNUBzRXeGIbSm
[2012.03.19 23:42:10 | 000,000,176 | ---- | M] () -- C:\ProgramData\~bWNUBzRXeGIbSmr
[2012.03.19 22:06:28 | 152,825,420 | ---- | M] () -- C:\Users\Jo\Desktop\TONY MATTERHORN B-DAY PARTY (PART 2) (MARCH 17th 2012) (MIAMI) CODE RED, INNOCENT, TONY MATTERHORN.mp3
[2012.03.19 16:06:48 | 000,005,624 | ---- | M] () -- C:\Users\Jo\AppData\Roaming\BAcroIEHelpe089.dll
[2012.03.18 16:12:04 | 142,114,730 | ---- | M] () -- C:\Users\Jo\Desktop\PLAYMAKER MEETS LUV INJECTION.zip
[2012.03.18 14:40:49 | 000,016,081 | -HS- | M] () -- C:\Users\Jo\Desktop\Folder.jpg
[2012.03.18 14:40:49 | 000,004,877 | -HS- | M] () -- C:\Users\Jo\Desktop\AlbumArtSmall.jpg
[2012.03.18 13:37:59 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.03.18 13:37:57 | 000,002,199 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.03.18 13:35:15 | 003,628,016 | ---- | M] (Piriform Ltd) -- C:\Users\Jo\Desktop\ccsetup316.exe
[2012.03.15 15:35:05 | 067,033,172 | ---- | M] () -- C:\Users\Jo\Desktop\Runnsound Remembers Gregory Isaacs - Cool Ruler Audiomentary-17 Tracks Dubplate Tribute.mp3
[2012.03.15 03:21:29 | 000,265,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.14 03:30:38 | 000,000,444 | ---- | M] () -- C:\Users\Jo\Desktop\Breanne Benson Videos (242)  4tube.website
[2012.03.08 10:34:11 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.03.05 17:40:52 | 000,000,028 | -HS- | M] () -- C:\Users\Jo\Desktop\AlbumArt_{F2586D5B-53ED-46D6-9CFF-70BFE5EB3DA7}_Small.jpg
[2012.03.05 17:40:52 | 000,000,028 | -HS- | M] () -- C:\Users\Jo\Desktop\AlbumArt_{F2586D5B-53ED-46D6-9CFF-70BFE5EB3DA7}_Large.jpg
[2012.02.25 13:22:09 | 000,000,477 | ---- | M] () -- C:\Users\Jo\Desktop\Download Solid Selection.rar from Sendspace.com - send big files the easy way.website
[2012.02.23 22:09:44 | 000,000,463 | ---- | M] () -- C:\Users\Jo\Desktop\Supersonic, Recorded on 12-11-11 Mitch_YBS on USTREAM. Radio.website
[1 C:\Users\Jo\AppData\Roaming\*.tmp files -> C:\Users\Jo\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.24 03:21:31 | 000,000,618 | ---- | C] () -- C:\Users\Jo\Desktop\Die Ordnungszahl 681 wurde in der DLL iertutil.dll nicht gefunden. Windows XP Forum.website
[2012.03.23 16:59:53 | 000,002,199 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.03.23 16:59:53 | 000,002,198 | ---- | C] () -- C:\Users\Public\Desktop\PMB.lnk
[2012.03.23 16:59:53 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.03.23 16:59:53 | 000,000,986 | ---- | C] () -- C:\Users\Public\Desktop\Visual Slideshow.lnk
[2012.03.23 16:59:52 | 000,002,482 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.03.23 16:59:52 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.03.23 16:59:52 | 000,001,438 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012.03.23 16:59:52 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012.03.23 16:59:52 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.03.23 16:59:52 | 000,001,322 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012.03.23 16:59:52 | 000,001,253 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012.03.23 16:59:52 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012.03.23 16:59:52 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012.03.23 16:59:52 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.03.23 16:59:51 | 000,002,022 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD DX.lnk
[2012.03.23 16:59:51 | 000,001,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hilfedokumentation von Dell.lnk
[2012.03.23 16:59:51 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.03.23 16:59:51 | 000,001,785 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012.03.23 16:59:51 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.03.23 16:59:51 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012.03.23 16:59:51 | 000,000,914 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2012.03.23 16:59:50 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.03.23 16:59:50 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.03.21 18:29:11 | 000,000,089 | ---- | C] () -- C:\Users\Jo\Desktop\esetsmartinstaller_enu.exe.url
[2012.03.21 18:28:36 | 000,000,067 | ---- | C] () -- C:\Users\Jo\Desktop\ESET Online Scanner.url
[2012.03.20 16:43:20 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.20 16:19:23 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012.03.19 23:42:10 | 000,000,264 | ---- | C] () -- C:\ProgramData\~bWNUBzRXeGIbSm
[2012.03.19 23:42:10 | 000,000,176 | ---- | C] () -- C:\ProgramData\~bWNUBzRXeGIbSmr
[2012.03.19 23:42:05 | 000,000,456 | ---- | C] () -- C:\ProgramData\bWNUBzRXeGIbSm
[2012.03.19 21:54:37 | 152,825,420 | ---- | C] () -- C:\Users\Jo\Desktop\TONY MATTERHORN B-DAY PARTY (PART 2) (MARCH 17th 2012) (MIAMI) CODE RED, INNOCENT, TONY MATTERHORN.mp3
[2012.03.19 16:06:48 | 000,005,624 | ---- | C] () -- C:\Users\Jo\AppData\Roaming\BAcroIEHelpe089.dll
[2012.03.18 16:01:09 | 142,114,730 | ---- | C] () -- C:\Users\Jo\Desktop\PLAYMAKER MEETS LUV INJECTION.zip
[2012.03.18 13:36:35 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.18 13:36:34 | 000,001,086 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.15 15:28:50 | 067,033,172 | ---- | C] () -- C:\Users\Jo\Desktop\Runnsound Remembers Gregory Isaacs - Cool Ruler Audiomentary-17 Tracks Dubplate Tribute.mp3
[2012.03.05 17:40:52 | 000,000,028 | -HS- | C] () -- C:\Users\Jo\Desktop\AlbumArt_{F2586D5B-53ED-46D6-9CFF-70BFE5EB3DA7}_Small.jpg
[2012.03.05 17:40:52 | 000,000,028 | -HS- | C] () -- C:\Users\Jo\Desktop\AlbumArt_{F2586D5B-53ED-46D6-9CFF-70BFE5EB3DA7}_Large.jpg
[2012.02.24 00:54:54 | 000,000,477 | ---- | C] () -- C:\Users\Jo\Desktop\Download Solid Selection.rar from Sendspace.com - send big files the easy way.website
[2011.06.03 10:04:49 | 000,010,240 | ---- | C] () -- C:\Windows\System32\drivers\mdvrmng.sys
[2010.11.18 15:42:34 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010.11.05 16:05:09 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.08.25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.08.16 18:48:32 | 000,009,728 | ---- | C] () -- C:\Users\Jo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.27 14:10:54 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010.03.27 13:57:33 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010.03.27 13:57:32 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2010.03.27 13:54:02 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
 
========== LOP Check ==========
 
[2012.01.22 17:57:45 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\1&1 Mail & Media GmbH
[2011.06.03 10:15:03 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Birdstep Technology
[2012.03.18 13:47:35 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\FileZilla
[2010.11.18 15:42:35 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\FreeAudioPack
[2012.03.20 18:26:43 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\gema
[2011.10.12 14:00:09 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\IrfanView
[2012.03.17 21:12:40 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\kock
[2010.09.09 20:12:04 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Notepad++
[2010.05.26 11:50:34 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Opera
[2012.03.18 20:11:48 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\UAs
[2010.11.15 10:50:26 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Windows Live Writer
[2012.03.18 20:12:25 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\xmldm
[2012.03.01 12:08:16 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.22 17:57:45 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\1&1 Mail & Media GmbH
[2010.06.13 09:56:45 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Adobe
[2012.02.07 15:45:38 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Apple Computer
[2011.06.03 10:15:03 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Birdstep Technology
[2010.08.15 19:04:37 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Creative
[2010.05.23 13:29:37 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\CyberLink
[2012.01.16 23:05:39 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\dvdcss
[2012.03.18 13:47:35 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\FileZilla
[2010.11.18 15:42:35 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\FreeAudioPack
[2012.03.20 18:26:43 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\gema
[2010.05.11 08:45:15 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Identities
[2010.06.26 13:55:59 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\InstallShield
[2011.10.12 14:00:09 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\IrfanView
[2012.03.17 21:12:40 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\kock
[2010.05.19 08:21:41 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Macromedia
[2012.03.20 16:43:29 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Malwarebytes
[2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Media Center Programs
[2010.10.28 20:58:52 | 000,000,000 | --SD | M] -- C:\Users\Jo\AppData\Roaming\Microsoft
[2010.09.09 20:12:04 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Notepad++
[2010.05.26 11:50:34 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Opera
[2010.08.15 19:55:01 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Reallusion
[2012.03.18 13:47:35 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Skype
[2012.01.13 16:08:35 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\skypePM
[2010.06.26 14:08:17 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Sony Corporation
[2012.03.18 20:11:48 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\UAs
[2012.02.10 16:42:38 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\vlc
[2010.11.15 10:50:26 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Windows Live Writer
[2010.05.23 12:07:04 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\WinRAR
[2012.03.18 20:12:25 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\xmldm
 
< %APPDATA%\*.exe /s >
[2010.06.26 13:57:07 | 000,010,134 | R--- | M] () -- C:\Users\Jo\AppData\Roaming\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe
[2012.02.08 17:51:47 | 000,010,134 | R--- | M] () -- C:\Users\Jo\AppData\Roaming\Microsoft\Installer\{8D71174A-31A3-4523-8A52-8602B6099AC2}\ARPPRODUCTICON.exe
[2012.02.08 17:51:47 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Jo\AppData\Roaming\Microsoft\Installer\{8D71174A-31A3-4523-8A52-8602B6099AC2}\ItchShortcut_3AACE619E70942C5B73003B60EB9E2F1.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_dda2ecda9bf2e50d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009.12.19 23:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xammp\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Files - Unicode (All) ==========
[2012.03.10 14:12:57 | 000,000,618 | ---- | M] ()(C:\Users\Jo\Desktop\? Slow Jams Pt.2.mp3 (full) by K'Ress.website) -- C:\Users\Jo\Desktop\▶ Slow Jams Pt.2.mp3 (full) by K'Ress.website
[2012.02.17 19:24:19 | 000,000,618 | ---- | C] ()(C:\Users\Jo\Desktop\? Slow Jams Pt.2.mp3 (full) by K'Ress.website) -- C:\Users\Jo\Desktop\▶ Slow Jams Pt.2.mp3 (full) by K'Ress.website

< End of report >
--- --- ---

cosinus 24.03.2012 19:00
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKLM\..\SearchScopes\{4031213B-2279-418F-81C5-A2F5CE04EF46}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USSMB/8
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes,DefaultScope = {4031213B-2279-418F-81C5-A2F5CE04EF46}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{2781380E-042A-48DC-ADCD-24554EC175A9}: "URL" = http://go.mail.com/tb/en-us/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{3C74D455-EA77-4868-AFC2-FA8D4DE18714}: "URL" = http://go.web.de/tb/ie_lastminute_sp/?searchText={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{79817182-B2D0-41A4-AF82-743AE2044FD5}: "URL" = http://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{A335781F-692C-42E6-ADB2-1292F66B8D62}: "URL" = http://go.web.de/tb2/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{CF27C2CB-2BE3-4295-BEA2-D6BB073DD605}: "URL" = http://go.web.de/tb/ie_ebay_sp/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{E5E01A93-5788-418C-ABD4-A269D2DC0631}: "URL" = http://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\SearchScopes\{F6F847D7-BB45-4F75-A366-F6183FA44994}: "URL" = http://go.web.de/tb/ie_amazon_sp/?field-keywords={searchTerms}
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-8570042-888220694-3765887851-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b1bb0327-8dbf-11e0-9a75-b8ac6f5d75af}\Shell - "" = AutoRun
O33 - MountPoints2\{b1bb0327-8dbf-11e0-9a75-b8ac6f5d75af}\Shell\AutoRun\command - "" = E:\AutoRun.exe
[2012.03.19 23:42:09 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.18 18:23:54 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\UAs
[2012.03.17 21:12:41 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\xmldm
[2012.03.17 21:12:40 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\kock
[2012.03.15 03:36:57 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\gema
[2012.03.15 03:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\gema
[2012.03.24 18:11:59 | 000,000,618 | ---- | M] () -- C:\Users\Jo\Desktop\Die Ordnungszahl 681 wurde in der DLL iertutil.dll nicht gefunden. Windows XP Forum.website
[2012.03.19 23:43:51 | 000,000,456 | ---- | M] () -- C:\ProgramData\bWNUBzRXeGIbSm
[2012.03.19 23:42:10 | 000,000,264 | ---- | M] () -- C:\ProgramData\~bWNUBzRXeGIbSm
[2012.03.19 23:42:10 | 000,000,176 | ---- | M] () -- C:\ProgramData\~bWNUBzRXeGIbSmr
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

jowizzzal 24.03.2012 19:11
Code:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4031213B-2279-418F-81C5-A2F5CE04EF46}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4031213B-2279-418F-81C5-A2F5CE04EF46}\ not found.
HKU\S-1-5-21-8570042-888220694-3765887851-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKEY_USERS\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2781380E-042A-48DC-ADCD-24554EC175A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2781380E-042A-48DC-ADCD-24554EC175A9}\ not found.
Registry key HKEY_USERS\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3C74D455-EA77-4868-AFC2-FA8D4DE18714}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C74D455-EA77-4868-AFC2-FA8D4DE18714}\ not found.
Registry key HKEY_USERS\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Internet Explorer\SearchScopes\{79817182-B2D0-41A4-AF82-743AE2044FD5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79817182-B2D0-41A4-AF82-743AE2044FD5}\ not found.
Registry key HKEY_USERS\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A335781F-692C-42E6-ADB2-1292F66B8D62}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A335781F-692C-42E6-ADB2-1292F66B8D62}\ not found.
Registry key HKEY_USERS\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CF27C2CB-2BE3-4295-BEA2-D6BB073DD605}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF27C2CB-2BE3-4295-BEA2-D6BB073DD605}\ not found.
Registry key HKEY_USERS\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E5E01A93-5788-418C-ABD4-A269D2DC0631}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5E01A93-5788-418C-ABD4-A269D2DC0631}\ not found.
Registry key HKEY_USERS\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F6F847D7-BB45-4F75-A366-F6183FA44994}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6F847D7-BB45-4F75-A366-F6183FA44994}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
C:\Programme\vShare\vshare_toolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
File C:\Programme\vShare\vshare_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
File C:\Programme\vShare\vshare_toolbar.dll not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1bb0327-8dbf-11e0-9a75-b8ac6f5d75af}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1bb0327-8dbf-11e0-9a75-b8ac6f5d75af}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1bb0327-8dbf-11e0-9a75-b8ac6f5d75af}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1bb0327-8dbf-11e0-9a75-b8ac6f5d75af}\ not found.
File E:\AutoRun.exe not found.
C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check folder moved successfully.
C:\Users\Jo\AppData\Roaming\UAs folder moved successfully.
C:\Users\Jo\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Jo\AppData\Roaming\kock folder moved successfully.
C:\Users\Jo\AppData\Roaming\gema folder moved successfully.
C:\ProgramData\gema folder moved successfully.
C:\Users\Jo\Desktop\Die Ordnungszahl 681 wurde in der DLL iertutil.dll nicht gefunden. Windows XP Forum.website moved successfully.
C:\ProgramData\bWNUBzRXeGIbSm moved successfully.
C:\ProgramData\~bWNUBzRXeGIbSm moved successfully.
C:\ProgramData\~bWNUBzRXeGIbSmr moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Jo
->Temp folder emptied: 4131071 bytes
->Temporary Internet Files folder emptied: 299512220 bytes
->Java cache emptied: 23181235 bytes
->Google Chrome cache emptied: 194260686 bytes
->Opera cache emptied: 22251184 bytes
->Flash cache emptied: 18872 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7962835 bytes
RecycleBin emptied: 1286431 bytes
 
Total Files Cleaned = 527,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.1 log created on 03242012_190605

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 24.03.2012 19:22
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

jowizzzal 24.03.2012 19:38
Code:
19:26:31.0911 3704        TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
19:26:33.0939 3704        ============================================================
19:26:33.0939 3704        Current date / time: 2012/03/24 19:26:33.0939
19:26:33.0939 3704        SystemInfo:
19:26:33.0939 3704       
19:26:33.0939 3704        OS Version: 6.1.7601 ServicePack: 1.0
19:26:33.0939 3704        Product type: Workstation
19:26:33.0939 3704        ComputerName: LAPTOP
19:26:33.0939 3704        UserName: Jo
19:26:33.0939 3704        Windows directory: C:\Windows
19:26:33.0939 3704        System windows directory: C:\Windows
19:26:33.0939 3704        Processor architecture: Intel x86
19:26:33.0939 3704        Number of processors: 2
19:26:33.0939 3704        Page size: 0x1000
19:26:33.0939 3704        Boot type: Normal boot
19:26:33.0939 3704        ============================================================
19:26:35.0202 3704        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:26:35.0202 3704        \Device\Harddisk0\DR0:
19:26:35.0202 3704        MBR used
19:26:35.0202 3704        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
19:26:35.0202 3704        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x1B4657AB
19:26:35.0234 3704        Initialize success
19:26:35.0249 3704        ============================================================
19:27:58.0202 5340        ============================================================
19:27:58.0202 5340        Scan started
19:27:58.0202 5340        Mode: Manual; SigCheck; TDLFS;
19:27:58.0202 5340        ============================================================
19:28:00.0386 5340        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
19:28:00.0511 5340        1394ohci - ok
19:28:00.0635 5340        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
19:28:00.0667 5340        ACPI - ok
19:28:00.0698 5340        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
19:28:00.0745 5340        AcpiPmi - ok
19:28:00.0901 5340        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:28:00.0916 5340        adp94xx - ok
19:28:00.0963 5340        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:28:00.0994 5340        adpahci - ok
19:28:01.0010 5340        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:28:01.0025 5340        adpu320 - ok
19:28:01.0057 5340        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
19:28:01.0088 5340        AeLookupSvc - ok
19:28:01.0228 5340        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
19:28:01.0291 5340        AFD - ok
19:28:01.0337 5340        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
19:28:01.0353 5340        agp440 - ok
19:28:01.0400 5340        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:28:01.0415 5340        aic78xx - ok
19:28:01.0478 5340        ALG            (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
19:28:01.0525 5340        ALG - ok
19:28:01.0634 5340        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
19:28:01.0649 5340        aliide - ok
19:28:01.0696 5340        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
19:28:01.0712 5340        amdagp - ok
19:28:01.0727 5340        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
19:28:01.0743 5340        amdide - ok
19:28:01.0774 5340        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:28:01.0821 5340        AmdK8 - ok
19:28:01.0930 5340        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:28:01.0977 5340        AmdPPM - ok
19:28:02.0102 5340        amdsata        (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
19:28:02.0117 5340        amdsata - ok
19:28:02.0149 5340        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:28:02.0180 5340        amdsbs - ok
19:28:02.0211 5340        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
19:28:02.0227 5340        amdxata - ok
19:28:02.0398 5340        Apache2.2      (fb32f046a2578755fa0da5052c6a9cd3) C:\xammp\xampp\apache\bin\httpd.exe
19:28:02.0414 5340        Apache2.2 - ok
19:28:02.0570 5340        ApfiltrService  (d7723a101c5cb4c0fa979e4dda732ec0) C:\Windows\system32\DRIVERS\Apfiltr.sys
19:28:02.0617 5340        ApfiltrService - ok
19:28:02.0663 5340        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
19:28:02.0726 5340        AppID - ok
19:28:02.0819 5340        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
19:28:02.0897 5340        AppIDSvc - ok
19:28:02.0991 5340        Appinfo        (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
19:28:03.0053 5340        Appinfo - ok
19:28:03.0225 5340        Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:28:03.0241 5340        Apple Mobile Device - ok
19:28:03.0350 5340        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:28:03.0381 5340        arc - ok
19:28:03.0397 5340        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:28:03.0412 5340        arcsas - ok
19:28:03.0443 5340        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:28:03.0506 5340        AsyncMac - ok
19:28:03.0553 5340        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
19:28:03.0568 5340        atapi - ok
19:28:03.0646 5340        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
19:28:03.0709 5340        AudioEndpointBuilder - ok
19:28:03.0724 5340        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
19:28:03.0755 5340        Audiosrv - ok
19:28:03.0880 5340        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
19:28:03.0911 5340        AxInstSV - ok
19:28:03.0974 5340        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:28:04.0021 5340        b06bdrv - ok
19:28:04.0161 5340        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:28:04.0208 5340        b57nd60x - ok
19:28:04.0255 5340        BCM42RLY        (eb4434444e2721d721a8ac8d5d2ad26b) C:\Windows\system32\drivers\BCM42RLY.sys
19:28:04.0270 5340        BCM42RLY - ok
19:28:04.0426 5340        BCM43XX        (919832d1a7d067119cd5ee29ba76327a) C:\Windows\system32\DRIVERS\bcmwl6.sys
19:28:04.0535 5340        BCM43XX - ok
19:28:04.0660 5340        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
19:28:04.0723 5340        BDESVC - ok
19:28:04.0863 5340        BecHelperService (553e94ae71d233c14a8c8b4af9286ed0) C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
19:28:04.0894 5340        BecHelperService - ok
19:28:05.0035 5340        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:28:05.0097 5340        Beep - ok
19:28:05.0222 5340        BFE            (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
19:28:05.0284 5340        BFE - ok
19:28:05.0315 5340        BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
19:28:05.0393 5340        BITS - ok
19:28:05.0440 5340        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:28:05.0471 5340        blbdrive - ok
19:28:05.0627 5340        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
19:28:05.0643 5340        Bonjour Service - ok
19:28:05.0783 5340        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
19:28:05.0815 5340        bowser - ok
19:28:05.0846 5340        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:28:05.0877 5340        BrFiltLo - ok
19:28:05.0908 5340        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:28:05.0939 5340        BrFiltUp - ok
19:28:05.0986 5340        Browser        (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
19:28:06.0064 5340        Browser - ok
19:28:06.0189 5340        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:28:06.0236 5340        Brserid - ok
19:28:06.0267 5340        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:28:06.0298 5340        BrSerWdm - ok
19:28:06.0329 5340        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:28:06.0361 5340        BrUsbMdm - ok
19:28:06.0392 5340        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:28:06.0439 5340        BrUsbSer - ok
19:28:06.0579 5340        BthEnum        (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
19:28:06.0657 5340        BthEnum - ok
19:28:06.0704 5340        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:28:06.0735 5340        BTHMODEM - ok
19:28:06.0891 5340        BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
19:28:06.0922 5340        BthPan - ok
19:28:07.0109 5340        BTHPORT        (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
19:28:07.0156 5340        BTHPORT - ok
19:28:07.0281 5340        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
19:28:07.0343 5340        bthserv - ok
19:28:07.0406 5340        BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
19:28:07.0437 5340        BTHUSB - ok
19:28:07.0484 5340        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:28:07.0546 5340        cdfs - ok
19:28:07.0687 5340        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
19:28:07.0733 5340        cdrom - ok
19:28:07.0843 5340        CertPropSvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
19:28:07.0905 5340        CertPropSvc - ok
19:28:07.0952 5340        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:28:07.0999 5340        circlass - ok
19:28:08.0045 5340        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:28:08.0061 5340        CLFS - ok
19:28:08.0170 5340        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:28:08.0186 5340        clr_optimization_v2.0.50727_32 - ok
19:28:08.0357 5340        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:28:08.0373 5340        clr_optimization_v4.0.30319_32 - ok
19:28:08.0451 5340        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:28:08.0482 5340        CmBatt - ok
19:28:08.0513 5340        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
19:28:08.0529 5340        cmdide - ok
19:28:08.0576 5340        CNG            (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
19:28:08.0607 5340        CNG - ok
19:28:08.0669 5340        CnxtHdAudService (053f7c2624d5b0ff60f1f372c4ac2fe7) C:\Windows\system32\drivers\CHDRT32.sys
19:28:08.0701 5340        CnxtHdAudService - ok
19:28:08.0810 5340        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:28:08.0825 5340        Compbatt - ok
19:28:08.0966 5340        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
19:28:08.0997 5340        CompositeBus - ok
19:28:09.0028 5340        COMSysApp - ok
19:28:09.0059 5340        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:28:09.0075 5340        crcdisk - ok
19:28:09.0200 5340        CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
19:28:09.0247 5340        CryptSvc - ok
19:28:09.0387 5340        CtAudDrv        (0f538df1673e5216f3baacb6911d9d0f) C:\Windows\system32\Drivers\CtAudDrv.sys
19:28:09.0418 5340        CtAudDrv - ok
19:28:09.0543 5340        CtClsFlt        (9a6ca307151505730dbfc91d97f01c7e) C:\Windows\system32\DRIVERS\CtClsFlt.sys
19:28:09.0590 5340        CtClsFlt - ok
19:28:09.0637 5340        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
19:28:09.0715 5340        DcomLaunch - ok
19:28:09.0730 5340        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
19:28:09.0793 5340        defragsvc - ok
19:28:09.0839 5340        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
19:28:09.0886 5340        DfsC - ok
19:28:10.0011 5340        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
19:28:10.0042 5340        Dhcp - ok
19:28:10.0089 5340        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:28:10.0136 5340        discache - ok
19:28:10.0292 5340        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:28:10.0307 5340        Disk - ok
19:28:10.0354 5340        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
19:28:10.0401 5340        Dnscache - ok
19:28:10.0432 5340        dot3svc        (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
19:28:10.0495 5340        dot3svc - ok
19:28:10.0541 5340        DPS            (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
19:28:10.0604 5340        DPS - ok
19:28:10.0729 5340        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:28:10.0760 5340        drmkaud - ok
19:28:10.0822 5340        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
19:28:10.0853 5340        DXGKrnl - ok
19:28:10.0885 5340        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
19:28:10.0947 5340        EapHost - ok
19:28:11.0165 5340        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:28:11.0228 5340        ebdrv - ok
19:28:11.0321 5340        EFS            (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
19:28:11.0353 5340        EFS - ok
19:28:11.0415 5340        ehRecvr        (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
19:28:11.0462 5340        ehRecvr - ok
19:28:11.0493 5340        ehSched        (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
19:28:11.0509 5340        ehSched - ok
19:28:11.0602 5340        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:28:11.0633 5340        elxstor - ok
19:28:11.0665 5340        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
19:28:11.0711 5340        ErrDev - ok
19:28:11.0758 5340        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
19:28:11.0805 5340        EventSystem - ok
19:28:11.0930 5340        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:28:11.0977 5340        exfat - ok
19:28:12.0008 5340        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:28:12.0039 5340        fastfat - ok
19:28:12.0164 5340        Fax            (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
19:28:12.0211 5340        Fax - ok
19:28:12.0257 5340        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:28:12.0273 5340        fdc - ok
19:28:12.0367 5340        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
19:28:12.0429 5340        fdPHost - ok
19:28:12.0460 5340        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
19:28:12.0507 5340        FDResPub - ok
19:28:12.0569 5340        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:28:12.0601 5340        FileInfo - ok
19:28:12.0616 5340        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:28:12.0679 5340        Filetrace - ok
19:28:12.0710 5340        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:28:12.0741 5340        flpydisk - ok
19:28:12.0881 5340        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:28:12.0897 5340        FltMgr - ok
19:28:12.0944 5340        FontCache      (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
19:28:12.0991 5340        FontCache - ok
19:28:13.0084 5340        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:28:13.0100 5340        FontCache3.0.0.0 - ok
19:28:13.0225 5340        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:28:13.0240 5340        FsDepends - ok
19:28:13.0256 5340        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
19:28:13.0271 5340        Fs_Rec - ok
19:28:13.0318 5340        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
19:28:13.0349 5340        fvevol - ok
19:28:13.0474 5340        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:28:13.0490 5340        gagp30kx - ok
19:28:13.0646 5340        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:28:13.0661 5340        GEARAspiWDM - ok
19:28:13.0708 5340        gpsvc          (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
19:28:13.0786 5340        gpsvc - ok
19:28:13.0911 5340        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:28:13.0927 5340        gupdate - ok
19:28:13.0958 5340        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:28:13.0973 5340        gupdatem - ok
19:28:14.0098 5340        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:28:14.0145 5340        hcw85cir - ok
19:28:14.0285 5340        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
19:28:14.0332 5340        HDAudBus - ok
19:28:14.0379 5340        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:28:14.0426 5340        HidBatt - ok
19:28:14.0457 5340        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:28:14.0504 5340        HidBth - ok
19:28:14.0535 5340        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:28:14.0566 5340        HidIr - ok
19:28:14.0597 5340        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
19:28:14.0660 5340        hidserv - ok
19:28:14.0816 5340        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
19:28:14.0847 5340        HidUsb - ok
19:28:14.0878 5340        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
19:28:14.0925 5340        hkmsvc - ok
19:28:14.0956 5340        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
19:28:15.0003 5340        HomeGroupListener - ok
19:28:15.0050 5340        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
19:28:15.0112 5340        HomeGroupProvider - ok
19:28:15.0253 5340        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
19:28:15.0268 5340        HpSAMD - ok
19:28:15.0315 5340        HsfXAudioService (210388fd8225b02bd83d77628aae64a9) C:\Windows\system32\XAudio32.dll
19:28:15.0346 5340        HsfXAudioService - ok
19:28:15.0502 5340        HSF_DPV        (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
19:28:15.0580 5340        HSF_DPV - ok
19:28:15.0705 5340        HSXHWAZL        (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
19:28:15.0736 5340        HSXHWAZL - ok
19:28:15.0877 5340        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
19:28:15.0923 5340        HTTP - ok
19:28:15.0955 5340        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
19:28:15.0986 5340        hwpolicy - ok
19:28:16.0033 5340        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
19:28:16.0064 5340        i8042prt - ok
19:28:16.0220 5340        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
19:28:16.0235 5340        iaStorV - ok
19:28:16.0376 5340        IDriverT        (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:28:16.0391 5340        IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:28:16.0391 5340        IDriverT - detected UnsignedFile.Multi.Generic (1)
19:28:16.0547 5340        idsvc          (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:28:16.0579 5340        idsvc - ok
19:28:16.0875 5340        igfx            (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:28:17.0156 5340        igfx - ok
19:28:17.0281 5340        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:28:17.0296 5340        iirsp - ok
19:28:17.0374 5340        IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
19:28:17.0452 5340        IKEEXT - ok
19:28:17.0593 5340        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
19:28:17.0608 5340        intelide - ok
19:28:17.0655 5340        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:28:17.0671 5340        intelppm - ok
19:28:17.0702 5340        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
19:28:17.0764 5340        IPBusEnum - ok
19:28:17.0827 5340        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:28:17.0889 5340        IpFilterDriver - ok
19:28:17.0967 5340        iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
19:28:18.0029 5340        iphlpsvc - ok
19:28:18.0092 5340        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
19:28:18.0123 5340        IPMIDRV - ok
19:28:18.0170 5340        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:28:18.0232 5340        IPNAT - ok
19:28:18.0357 5340        iPod Service    (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
19:28:18.0404 5340        iPod Service - ok
19:28:18.0529 5340        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:28:18.0560 5340        IRENUM - ok
19:28:18.0607 5340        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
19:28:18.0622 5340        isapnp - ok
19:28:18.0669 5340        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
19:28:18.0685 5340        iScsiPrt - ok
19:28:18.0747 5340        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
19:28:18.0763 5340        kbdclass - ok
19:28:18.0809 5340        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
19:28:18.0841 5340        kbdhid - ok
19:28:18.0872 5340        KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:28:18.0903 5340        KeyIso - ok
19:28:18.0919 5340        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
19:28:18.0934 5340        KSecDD - ok
19:28:18.0950 5340        KSecPkg        (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
19:28:18.0981 5340        KSecPkg - ok
19:28:19.0012 5340        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
19:28:19.0075 5340        KtmRm - ok
19:28:19.0137 5340        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
19:28:19.0200 5340        LanmanServer - ok
19:28:19.0247 5340        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
19:28:19.0310 5340        LanmanWorkstation - ok
19:28:19.0450 5340        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:28:19.0512 5340        lltdio - ok
19:28:19.0559 5340        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
19:28:19.0606 5340        lltdsvc - ok
19:28:19.0637 5340        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
19:28:19.0684 5340        lmhosts - ok
19:28:19.0746 5340        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:28:19.0778 5340        LSI_FC - ok
19:28:19.0793 5340        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:28:19.0809 5340        LSI_SAS - ok
19:28:19.0824 5340        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:28:19.0824 5340        LSI_SAS2 - ok
19:28:19.0840 5340        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:28:19.0856 5340        LSI_SCSI - ok
19:28:19.0871 5340        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:28:19.0902 5340        luafv - ok
19:28:20.0043 5340        massfilter      (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\drivers\massfilter.sys
19:28:20.0074 5340        massfilter - ok
19:28:20.0199 5340        MBAMProtector  (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
19:28:20.0214 5340        MBAMProtector - ok
19:28:20.0339 5340        MBAMService    (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:28:20.0370 5340        MBAMService - ok
19:28:20.0495 5340        McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
19:28:20.0511 5340        McComponentHostService - ok
19:28:20.0620 5340        Mcx2Svc        (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
19:28:20.0651 5340        Mcx2Svc - ok
19:28:20.0698 5340        mdmxsdk        (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:28:20.0729 5340        mdmxsdk - ok
19:28:20.0838 5340        mdvrmng        (4e10e84320a8ec1c12bd0d00973b22ab) C:\Windows\system32\drivers\mdvrmng.sys
19:28:20.0854 5340        mdvrmng ( UnsignedFile.Multi.Generic ) - warning
19:28:20.0854 5340        mdvrmng - detected UnsignedFile.Multi.Generic (1)
19:28:20.0901 5340        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:28:20.0916 5340        megasas - ok
19:28:21.0057 5340        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:28:21.0088 5340        MegaSR - ok
19:28:21.0119 5340        MMCSS          (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
19:28:21.0166 5340        MMCSS - ok
19:28:21.0228 5340        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:28:21.0275 5340        Modem - ok
19:28:21.0322 5340        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:28:21.0353 5340        monitor - ok
19:28:21.0494 5340        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
19:28:21.0509 5340        mouclass - ok
19:28:21.0540 5340        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:28:21.0572 5340        mouhid - ok
19:28:21.0618 5340        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
19:28:21.0650 5340        mountmgr - ok
19:28:21.0696 5340        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
19:28:21.0712 5340        mpio - ok
19:28:21.0743 5340        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:28:21.0806 5340        mpsdrv - ok
19:28:21.0899 5340        MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
19:28:21.0977 5340        MpsSvc - ok
19:28:22.0024 5340        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
19:28:22.0086 5340        MRxDAV - ok
19:28:22.0133 5340        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:28:22.0180 5340        mrxsmb - ok
19:28:22.0227 5340        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:28:22.0258 5340        mrxsmb10 - ok
19:28:22.0289 5340        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:28:22.0336 5340        mrxsmb20 - ok
19:28:22.0445 5340        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
19:28:22.0461 5340        msahci - ok
19:28:22.0492 5340        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
19:28:22.0523 5340        msdsm - ok
19:28:22.0554 5340        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
19:28:22.0586 5340        MSDTC - ok
19:28:22.0648 5340        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:28:22.0695 5340        Msfs - ok
19:28:22.0710 5340        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:28:22.0726 5340        mshidkmdf - ok
19:28:22.0773 5340        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
19:28:22.0788 5340        msisadrv - ok
19:28:22.0851 5340        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
19:28:22.0913 5340        MSiSCSI - ok
19:28:22.0913 5340        msiserver - ok
19:28:22.0976 5340        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:28:23.0022 5340        MSKSSRV - ok
19:28:23.0054 5340        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:28:23.0085 5340        MSPCLOCK - ok
19:28:23.0100 5340        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:28:23.0132 5340        MSPQM - ok
19:28:23.0147 5340        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:28:23.0163 5340        MsRPC - ok
19:28:23.0194 5340        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
19:28:23.0225 5340        mssmbios - ok
19:28:23.0256 5340        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:28:23.0303 5340        MSTEE - ok
19:28:23.0319 5340        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:28:23.0334 5340        MTConfig - ok
19:28:23.0366 5340        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:28:23.0381 5340        Mup - ok
19:28:23.0631 5340        MySQL          (21eef976d53a0bcb603abff4ab6e4c88) C:\xammp\xampp\mysql\bin\mysqld.exe
19:28:23.0740 5340        MySQL - ok
19:28:23.0849 5340        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
19:28:23.0896 5340        napagent - ok
19:28:24.0036 5340        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:28:24.0068 5340        NativeWifiP - ok
19:28:24.0130 5340        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
19:28:24.0161 5340        NDIS - ok
19:28:24.0286 5340        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:28:24.0364 5340        NdisCap - ok
19:28:24.0395 5340        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:28:24.0458 5340        NdisTapi - ok
19:28:24.0567 5340        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
19:28:24.0629 5340        Ndisuio - ok
19:28:24.0676 5340        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
19:28:24.0723 5340        NdisWan - ok
19:28:24.0770 5340        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
19:28:24.0801 5340        NDProxy - ok
19:28:24.0832 5340        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:28:24.0894 5340        NetBIOS - ok
19:28:24.0941 5340        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
19:28:24.0972 5340        NetBT - ok
19:28:24.0988 5340        Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:28:25.0004 5340        Netlogon - ok
19:28:25.0066 5340        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
19:28:25.0128 5340        Netman - ok
19:28:25.0160 5340        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
19:28:25.0206 5340        netprofm - ok
19:28:25.0284 5340        NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:28:25.0300 5340        NetTcpPortSharing - ok
19:28:25.0409 5340        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:28:25.0425 5340        nfrd960 - ok
19:28:25.0472 5340        NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
19:28:25.0534 5340        NlaSvc - ok
19:28:25.0659 5340        nmwcd          (e380bbcad640304737650367ddfa2366) C:\Windows\system32\drivers\nmwcd.sys
19:28:25.0706 5340        nmwcd - ok
19:28:25.0752 5340        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:28:25.0815 5340        Npfs - ok
19:28:25.0846 5340        nsi            (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
19:28:25.0924 5340        nsi - ok
19:28:25.0986 5340        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:28:26.0033 5340        nsiproxy - ok
19:28:26.0111 5340        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
19:28:26.0142 5340        Ntfs - ok
19:28:26.0205 5340        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:28:26.0267 5340        Null - ok
19:28:26.0423 5340        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
19:28:26.0439 5340        nvraid - ok
19:28:26.0486 5340        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
19:28:26.0501 5340        nvstor - ok
19:28:26.0517 5340        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
19:28:26.0532 5340        nv_agp - ok
19:28:26.0595 5340        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
19:28:26.0642 5340        ohci1394 - ok
19:28:26.0688 5340        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
19:28:26.0735 5340        p2pimsvc - ok
19:28:26.0782 5340        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
19:28:26.0813 5340        p2psvc - ok
19:28:26.0876 5340        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:28:26.0907 5340        Parport - ok
19:28:26.0938 5340        partmgr        (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
19:28:26.0954 5340        partmgr - ok
19:28:26.0985 5340        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:28:27.0016 5340        Parvdm - ok
19:28:27.0063 5340        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
19:28:27.0094 5340        PcaSvc - ok
19:28:27.0141 5340        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
19:28:27.0156 5340        pci - ok
19:28:27.0188 5340        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
19:28:27.0188 5340        pciide - ok
19:28:27.0234 5340        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:28:27.0250 5340        pcmcia - ok
19:28:27.0281 5340        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:28:27.0281 5340        pcw - ok
19:28:27.0328 5340        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:28:27.0406 5340        PEAUTH - ok
19:28:27.0546 5340        pla            (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
19:28:27.0656 5340        pla - ok
19:28:27.0780 5340        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
19:28:27.0827 5340        PlugPlay - ok
19:28:27.0874 5340        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
19:28:27.0905 5340        PNRPAutoReg - ok
19:28:27.0936 5340        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
19:28:27.0952 5340        PNRPsvc - ok
19:28:27.0999 5340        PolicyAgent    (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
19:28:28.0046 5340        PolicyAgent - ok
19:28:28.0092 5340        Power          (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
19:28:28.0139 5340        Power - ok
19:28:28.0202 5340        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:28:28.0248 5340        PptpMiniport - ok
19:28:28.0358 5340        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:28:28.0404 5340        Processor - ok
19:28:28.0451 5340        ProfSvc        (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
19:28:28.0498 5340        ProfSvc - ok
19:28:28.0514 5340        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:28:28.0529 5340        ProtectedStorage - ok
19:28:28.0607 5340        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:28:28.0654 5340        Psched - ok
19:28:28.0763 5340        PxHelp20        (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
19:28:28.0779 5340        PxHelp20 - ok
19:28:28.0841 5340        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:28:28.0888 5340        ql2300 - ok
19:28:28.0904 5340        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:28:28.0904 5340        ql40xx - ok
19:28:28.0935 5340        QWAVE          (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
19:28:28.0997 5340        QWAVE - ok
19:28:29.0060 5340        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:28:29.0075 5340        QWAVEdrv - ok
19:28:29.0106 5340        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:28:29.0153 5340        RasAcd - ok
19:28:29.0216 5340        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:28:29.0262 5340        RasAgileVpn - ok
19:28:29.0356 5340        RasAuto        (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
19:28:29.0403 5340        RasAuto - ok
19:28:29.0450 5340        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:28:29.0512 5340        Rasl2tp - ok
19:28:29.0606 5340        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
19:28:29.0652 5340        RasMan - ok
19:28:29.0715 5340        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:28:29.0746 5340        RasPppoe - ok
19:28:29.0762 5340        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:28:29.0824 5340        RasSstp - ok
19:28:29.0871 5340        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
19:28:29.0933 5340        rdbss - ok
19:28:29.0964 5340        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:28:29.0996 5340        rdpbus - ok
19:28:30.0042 5340        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:28:30.0105 5340        RDPCDD - ok
19:28:30.0214 5340        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:28:30.0276 5340        RDPENCDD - ok
19:28:30.0308 5340        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:28:30.0354 5340        RDPREFMP - ok
19:28:30.0401 5340        RDPWD          (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
19:28:30.0432 5340        RDPWD - ok
19:28:30.0495 5340        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
19:28:30.0510 5340        rdyboost - ok
19:28:30.0542 5340        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
19:28:30.0604 5340        RemoteAccess - ok
19:28:30.0635 5340        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
19:28:30.0682 5340        RemoteRegistry - ok
19:28:30.0744 5340        RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
19:28:30.0776 5340        RFCOMM - ok
19:28:30.0885 5340        rimmptsk        (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
19:28:30.0916 5340        rimmptsk - ok
19:28:30.0947 5340        rimspci        (af213955c4d952c914620e8db0cd0cf7) C:\Windows\system32\DRIVERS\rimspe86.sys
19:28:30.0978 5340        rimspci - ok
19:28:31.0010 5340        rimsptsk        (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
19:28:31.0041 5340        rimsptsk - ok
19:28:31.0072 5340        risdpcie        (6978decc2c38c5ce10a8b0f2b12f4451) C:\Windows\system32\DRIVERS\risdpe86.sys
19:28:31.0103 5340        risdpcie - ok
19:28:31.0134 5340        rismxdp        (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
19:28:31.0166 5340        rismxdp - ok
19:28:31.0197 5340        rixdpcie        (764c1f3453e779724ba647327de7ddd4) C:\Windows\system32\DRIVERS\rixdpe86.sys
19:28:31.0228 5340        rixdpcie - ok
19:28:31.0275 5340        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
19:28:31.0306 5340        RpcEptMapper - ok
19:28:31.0337 5340        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
19:28:31.0368 5340        RpcLocator - ok
19:28:31.0415 5340        RpcSs          (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
19:28:31.0462 5340        RpcSs - ok
19:28:31.0587 5340        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:28:31.0634 5340        rspndr - ok
19:28:31.0758 5340        RTL8167        (26a9d6227d12b9d9da5a81bb9b55d810) C:\Windows\system32\DRIVERS\Rt86win7.sys
19:28:31.0790 5340        RTL8167 - ok
19:28:31.0821 5340        SamSs          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:28:31.0836 5340        SamSs - ok
19:28:31.0899 5340        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
19:28:31.0914 5340        sbp2port - ok
19:28:31.0961 5340        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
19:28:31.0992 5340        SCardSvr - ok
19:28:32.0039 5340        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
19:28:32.0117 5340        scfilter - ok
19:28:32.0164 5340        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
19:28:32.0242 5340        Schedule - ok
19:28:32.0273 5340        SCPolicySvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
19:28:32.0304 5340        SCPolicySvc - ok
19:28:32.0336 5340        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
19:28:32.0382 5340        SDRSVC - ok
19:28:32.0429 5340        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:28:32.0492 5340        secdrv - ok
19:28:32.0585 5340        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
19:28:32.0648 5340        seclogon - ok
19:28:32.0679 5340        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
19:28:32.0726 5340        SENS - ok
19:28:32.0757 5340        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
19:28:32.0772 5340        SensrSvc - ok
19:28:32.0819 5340        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:28:32.0866 5340        Serenum - ok
19:28:32.0913 5340        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:28:32.0929 5340        Serial - ok
19:28:32.0975 5340        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:28:32.0991 5340        sermouse - ok
19:28:33.0038 5340        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
19:28:33.0085 5340        SessionEnv - ok
19:28:33.0209 5340        SfCtlCom        (fc469fd4d639f5364ad2689ae3e064be) c:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
19:28:33.0225 5340        SfCtlCom - ok
19:28:33.0350 5340        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
19:28:33.0397 5340        sffdisk - ok
19:28:33.0412 5340        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
19:28:33.0459 5340        sffp_mmc - ok
19:28:33.0490 5340        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
19:28:33.0521 5340        sffp_sd - ok
19:28:33.0553 5340        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:28:33.0599 5340        sfloppy - ok
19:28:33.0646 5340        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
19:28:33.0724 5340        SharedAccess - ok
19:28:33.0771 5340        ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
19:28:33.0818 5340        ShellHWDetection - ok
19:28:33.0880 5340        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
19:28:33.0896 5340        sisagp - ok
19:28:33.0943 5340        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:28:33.0958 5340        SiSRaid2 - ok
19:28:33.0974 5340        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:28:33.0989 5340        SiSRaid4 - ok
19:28:34.0005 5340        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:28:34.0036 5340        Smb - ok
19:28:34.0145 5340        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
19:28:34.0161 5340        SNMPTRAP - ok
19:28:34.0223 5340        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:28:34.0239 5340        spldr - ok
19:28:34.0270 5340        Spooler        (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
19:28:34.0317 5340        Spooler - ok
19:28:34.0442 5340        sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
19:28:34.0567 5340        sppsvc - ok
19:28:34.0660 5340        sppuinotify    (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
19:28:34.0723 5340        sppuinotify - ok
19:28:34.0785 5340        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
19:28:34.0832 5340        srv - ok
19:28:34.0847 5340        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
19:28:34.0879 5340        srv2 - ok
19:28:34.0910 5340        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
19:28:34.0941 5340        srvnet - ok
19:28:34.0972 5340        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
19:28:35.0050 5340        SSDPSRV - ok
19:28:35.0066 5340        SstpSvc        (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
19:28:35.0097 5340        SstpSvc - ok
19:28:35.0144 5340        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:28:35.0159 5340        stexstor - ok
19:28:35.0191 5340        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
19:28:35.0237 5340        StiSvc - ok
19:28:35.0331 5340        stllssvr        (e476c66713c842f58e61a95826ed1d57) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
19:28:35.0347 5340        stllssvr - ok
19:28:35.0440 5340        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
19:28:35.0456 5340        swenum - ok
19:28:35.0503 5340        swprv          (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
19:28:35.0534 5340        swprv - ok
19:28:35.0612 5340        SysMain        (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
19:28:35.0659 5340        SysMain - ok
19:28:35.0705 5340        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
19:28:35.0768 5340        TabletInputService - ok
19:28:35.0815 5340        TapiSrv        (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
19:28:35.0877 5340        TapiSrv - ok
19:28:35.0908 5340        TBS            (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
19:28:35.0955 5340        TBS - ok
19:28:36.0064 5340        Tcpip          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
19:28:36.0111 5340        Tcpip - ok
19:28:36.0158 5340        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
19:28:36.0189 5340        TCPIP6 - ok
19:28:36.0220 5340        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
19:28:36.0283 5340        tcpipreg - ok
19:28:36.0329 5340        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
19:28:36.0376 5340        TDPIPE - ok
19:28:36.0407 5340        TDTCP          (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
19:28:36.0423 5340        TDTCP - ok
19:28:36.0470 5340        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
19:28:36.0532 5340        tdx - ok
19:28:36.0579 5340        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
19:28:36.0595 5340        TermDD - ok
19:28:36.0657 5340        TermService    (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
19:28:36.0704 5340        TermService - ok
19:28:36.0766 5340        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
19:28:36.0813 5340        Themes - ok
19:28:36.0860 5340        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
19:28:36.0907 5340        THREADORDER - ok
19:28:36.0969 5340        tmactmon        (230db9035fe3e53e98ae0762130f7f20) C:\Windows\system32\DRIVERS\tmactmon.sys
19:28:36.0985 5340        tmactmon - ok
19:28:37.0047 5340        TMBMServer      (b72fdff41390262c7d2d790ec77cf416) c:\Program Files\Trend Micro\BM\TMBMSRV.exe
19:28:37.0063 5340        TMBMServer - ok
19:28:37.0156 5340        tmcomm          (aa2bf2aae9abc27c7906bbe68f11d405) C:\Windows\system32\DRIVERS\tmcomm.sys
19:28:37.0187 5340        tmcomm - ok
19:28:37.0203 5340        tmevtmgr        (7cebb331bcc433d75c129f03c27841b8) C:\Windows\system32\DRIVERS\tmevtmgr.sys
19:28:37.0219 5340        tmevtmgr - ok
19:28:37.0343 5340        tmlwf          (fba80cd8524476214fe8ed0384766e1c) C:\Windows\system32\DRIVERS\tmlwf.sys
19:28:37.0359 5340        tmlwf - ok
19:28:37.0468 5340        TmPfw          (cd32c0760e164ac6cc8ab4d9437218ac) c:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
19:28:37.0499 5340        TmPfw - ok
19:28:37.0624 5340        tmpreflt        (c7c7959ec0940e0eddfc881fed8ec214) C:\Windows\system32\DRIVERS\tmpreflt.sys
19:28:37.0640 5340        tmpreflt - ok
19:28:37.0765 5340        tmproxy        (dfe5f3a7ef837e117186113e63a8ff26) c:\Program Files\Trend Micro\Internet Security\TmProxy.exe
19:28:37.0780 5340        tmproxy - ok
19:28:37.0905 5340        tmtdi          (1cf2f398e08592985a5bd1bbef59d043) C:\Windows\system32\DRIVERS\tmtdi.sys
19:28:37.0921 5340        tmtdi - ok
19:28:37.0967 5340        tmwfp          (18a609d1dfd990336e9011b2170b7d06) C:\Windows\system32\DRIVERS\tmwfp.sys
19:28:37.0999 5340        tmwfp - ok
19:28:38.0092 5340        tmxpflt        (3e615f370f0c7db414b6bcd1c18399d4) C:\Windows\system32\DRIVERS\tmxpflt.sys
19:28:38.0108 5340        tmxpflt - ok
19:28:38.0217 5340        TOSHIBA Bluetooth Service (ac88d258f20909eeb91796f490cfbb73) c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
19:28:38.0233 5340        TOSHIBA Bluetooth Service - ok
19:28:38.0326 5340        tosporte        (90afa1a4451bbbee87c9f18a665d8121) C:\Windows\system32\DRIVERS\tosporte.sys
19:28:38.0342 5340        tosporte - ok
19:28:38.0467 5340        tosrfbd        (b168b345fb7073930c31e0d8b85e8353) C:\Windows\system32\DRIVERS\tosrfbd.sys
19:28:38.0482 5340        tosrfbd - ok
19:28:38.0591 5340        tosrfbnp        (74392bab3f0d4810da8436ec79d6955d) C:\Windows\system32\Drivers\tosrfbnp.sys
19:28:38.0607 5340        tosrfbnp - ok
19:28:38.0732 5340        Tosrfcom        (1ad9eb1b5abd0aeee4084c8153476f1e) C:\Windows\system32\Drivers\tosrfcom.sys
19:28:38.0732 5340        Tosrfcom - ok
19:28:38.0779 5340        Tosrfhid        (a72a3473180f378cc07d342803ffd580) C:\Windows\system32\DRIVERS\Tosrfhid.sys
19:28:38.0794 5340        Tosrfhid - ok
19:28:38.0794 5340        tosrfnds        (b2a1a6538245fd69578224bbf2fd4677) C:\Windows\system32\DRIVERS\tosrfnds.sys
19:28:38.0810 5340        tosrfnds - ok
19:28:38.0857 5340        Tosrfusb        (97529d04178bf604c62c5be4b8bb2129) C:\Windows\system32\DRIVERS\tosrfusb.sys
19:28:38.0872 5340        Tosrfusb - ok
19:28:38.0919 5340        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
19:28:38.0981 5340        TrkWks - ok
19:28:39.0137 5340        TrojanKillerDriver (113384367c3999e084fe156b18c7625e) C:\Windows\system32\DRIVERS\gtkdrv.sys
19:28:39.0153 5340        TrojanKillerDriver - ok
19:28:39.0215 5340        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
19:28:39.0293 5340        TrustedInstaller - ok
19:28:39.0387 5340        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:28:39.0418 5340        tssecsrv - ok
19:28:39.0465 5340        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
19:28:39.0496 5340        TsUsbFlt - ok
19:28:39.0637 5340        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
19:28:39.0683 5340        tunnel - ok
19:28:39.0715 5340        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:28:39.0715 5340        uagp35 - ok
19:28:39.0761 5340        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
19:28:39.0808 5340        udfs - ok
19:28:39.0855 5340        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
19:28:39.0886 5340        UI0Detect - ok
19:28:39.0995 5340        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
19:28:40.0027 5340        uliagpkx - ok
19:28:40.0073 5340        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
19:28:40.0105 5340        umbus - ok
19:28:40.0136 5340        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:28:40.0183 5340        UmPass - ok
19:28:40.0229 5340        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
19:28:40.0276 5340        upnphost - ok
19:28:40.0354 5340        USBAAPL        (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
19:28:40.0385 5340        USBAAPL - ok
19:28:40.0432 5340        usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
19:28:40.0463 5340        usbaudio - ok
19:28:40.0495 5340        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
19:28:40.0541 5340        usbccgp - ok
19:28:40.0588 5340        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
19:28:40.0635 5340        usbcir - ok
19:28:40.0666 5340        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
19:28:40.0682 5340        usbehci - ok
19:28:40.0713 5340        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
19:28:40.0775 5340        usbhub - ok
19:28:40.0791 5340        usbohci        (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
19:28:40.0822 5340        usbohci - ok
19:28:40.0869 5340        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:28:40.0900 5340        usbprint - ok
19:28:40.0931 5340        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:28:40.0978 5340        USBSTOR - ok
19:28:41.0009 5340        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
19:28:41.0025 5340        usbuhci - ok
19:28:41.0103 5340        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
19:28:41.0150 5340        usbvideo - ok
19:28:41.0181 5340        UxSms          (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
19:28:41.0243 5340        UxSms - ok
19:28:41.0259 5340        VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:28:41.0275 5340        VaultSvc - ok
19:28:41.0353 5340        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
19:28:41.0368 5340        vdrvroot - ok
19:28:41.0415 5340        vds            (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
19:28:41.0509 5340        vds - ok
19:28:41.0633 5340        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:28:41.0649 5340        vga - ok
19:28:41.0665 5340        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:28:41.0696 5340        VgaSave - ok
19:28:41.0743 5340        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
19:28:41.0758 5340        vhdmp - ok
19:28:41.0805 5340        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
19:28:41.0821 5340        viaagp - ok
19:28:41.0852 5340        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:28:41.0883 5340        ViaC7 - ok
19:28:41.0930 5340        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
19:28:41.0945 5340        viaide - ok
19:28:41.0977 5340        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
19:28:41.0992 5340        volmgr - ok
19:28:42.0039 5340        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:28:42.0055 5340        volmgrx - ok
19:28:42.0101 5340        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
19:28:42.0117 5340        volsnap - ok
19:28:42.0195 5340        vsapint        (60dfbc34228ca36221b03460789f5d4e) C:\Windows\system32\DRIVERS\vsapint.sys
19:28:42.0273 5340        vsapint - ok
19:28:42.0398 5340        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:28:42.0413 5340        vsmraid - ok
19:28:42.0476 5340        VSS            (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
19:28:42.0569 5340        VSS - ok
19:28:42.0679 5340        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
19:28:42.0725 5340        vwifibus - ok
19:28:42.0835 5340        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
19:28:42.0866 5340        vwififlt - ok
19:28:42.0913 5340        W32Time        (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
19:28:42.0959 5340        W32Time - ok
19:28:43.0006 5340        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:28:43.0037 5340        WacomPen - ok
19:28:43.0069 5340        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:28:43.0115 5340        WANARP - ok
19:28:43.0131 5340        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:28:43.0147 5340        Wanarpv6 - ok
19:28:43.0240 5340        WatAdminSvc    (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
19:28:43.0303 5340        WatAdminSvc - ok
19:28:43.0365 5340        wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
19:28:43.0427 5340        wbengine - ok
19:28:43.0521 5340        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
19:28:43.0568 5340        WbioSrvc - ok
19:28:43.0615 5340        wcncsvc        (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
19:28:43.0661 5340        wcncsvc - ok
19:28:43.0693 5340        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
19:28:43.0724 5340        WcsPlugInService - ok
19:28:43.0771 5340        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:28:43.0786 5340        Wd - ok
19:28:43.0817 5340        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:28:43.0833 5340        Wdf01000 - ok
19:28:43.0880 5340        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
19:28:43.0911 5340        WdiServiceHost - ok
19:28:43.0911 5340        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
19:28:43.0927 5340        WdiSystemHost - ok
19:28:43.0973 5340        WebClient      (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
19:28:44.0036 5340        WebClient - ok
19:28:44.0067 5340        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
19:28:44.0098 5340        Wecsvc - ok
19:28:44.0114 5340        wercplsupport  (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
19:28:44.0145 5340        wercplsupport - ok
19:28:44.0192 5340        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
19:28:44.0223 5340        WerSvc - ok
19:28:44.0332 5340        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:28:44.0379 5340        WfpLwf - ok
19:28:44.0410 5340        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:28:44.0426 5340        WIMMount - ok
19:28:44.0473 5340        winachsf        (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:28:44.0504 5340        winachsf - ok
19:28:44.0597 5340        WinDefend      (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
19:28:44.0644 5340        WinDefend - ok
19:28:44.0644 5340        WinHttpAutoProxySvc - ok
19:28:44.0753 5340        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
19:28:44.0785 5340        Winmgmt - ok
19:28:44.0847 5340        WinRM          (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
19:28:44.0909 5340        WinRM - ok
19:28:45.0050 5340        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
19:28:45.0097 5340        WinUsb - ok
19:28:45.0143 5340        Wlansvc        (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
19:28:45.0221 5340        Wlansvc - ok
19:28:45.0409 5340        wlidsvc        (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:28:45.0487 5340        wlidsvc - ok
19:28:45.0518 5340        wltrysvc        (3cbce0c65cc433121001c1108b511d13) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
19:28:45.0549 5340        wltrysvc ( UnsignedFile.Multi.Generic ) - warning
19:28:45.0549 5340        wltrysvc - detected UnsignedFile.Multi.Generic (1)
19:28:45.0658 5340        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
19:28:45.0674 5340        WmiAcpi - ok
19:28:45.0752 5340        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
19:28:45.0783 5340        wmiApSrv - ok
19:28:45.0923 5340        WMPNetworkSvc  (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:28:46.0001 5340        WMPNetworkSvc - ok
19:28:46.0095 5340        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
19:28:46.0126 5340        WPCSvc - ok
19:28:46.0157 5340        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
19:28:46.0204 5340        WPDBusEnum - ok
19:28:46.0251 5340        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:28:46.0313 5340        ws2ifsl - ok
19:28:46.0329 5340        wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
19:28:46.0376 5340        wscsvc - ok
19:28:46.0391 5340        WSearch - ok
19:28:46.0485 5340        wuauserv        (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
19:28:46.0579 5340        wuauserv - ok
19:28:46.0641 5340        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
19:28:46.0672 5340        WudfPf - ok
19:28:46.0797 5340        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:28:46.0844 5340        WUDFRd - ok
19:28:46.0891 5340        wudfsvc        (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
19:28:46.0922 5340        wudfsvc - ok
19:28:46.0953 5340        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
19:28:47.0015 5340        WwanSvc - ok
19:28:47.0047 5340        XAudio          (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
19:28:47.0062 5340        XAudio - ok
19:28:47.0187 5340        ZTEusbmdm6k    (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
19:28:47.0218 5340        ZTEusbmdm6k - ok
19:28:47.0343 5340        ZTEusbnmea      (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
19:28:47.0359 5340        ZTEusbnmea - ok
19:28:47.0390 5340        ZTEusbser6k    (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
19:28:47.0390 5340        ZTEusbser6k - ok
19:28:47.0437 5340        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:28:47.0655 5340        \Device\Harddisk0\DR0 - ok
19:28:47.0655 5340        Boot (0x1200)  (326a9eddc7b4339130e9adfd28726acf) \Device\Harddisk0\DR0\Partition0
19:28:47.0655 5340        \Device\Harddisk0\DR0\Partition0 - ok
19:28:47.0686 5340        Boot (0x1200)  (a8f4572e7aa97c705437f715f09ab4a4) \Device\Harddisk0\DR0\Partition1
19:28:47.0702 5340        \Device\Harddisk0\DR0\Partition1 - ok
19:28:47.0702 5340        ============================================================
19:28:47.0702 5340        Scan finished
19:28:47.0702 5340        ============================================================
19:28:47.0764 3404        Detected object count: 3
19:28:47.0764 3404        Actual detected object count: 3
19:29:37.0468 3404        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:29:37.0468 3404        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:29:37.0468 3404        mdvrmng ( UnsignedFile.Multi.Generic ) - skipped by user
19:29:37.0468 3404        mdvrmng ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:29:37.0484 3404        wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:29:37.0484 3404        wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:30:23.0582 0368        Deinitialize success

cosinus 24.03.2012 19:43
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

jowizzzal 24.03.2012 20:06
[code]
Combofix Logfile:
Code:
ComboFix 12-03-22.01 - Jo 24.03.2012  19:54:21.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.2012.1261 [GMT 1:00]
ausgeführt von:: c:\users\Jo\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jo\AppData\Roaming\AcroIEHelpe.txt
c:\users\Jo\AppData\Roaming\BAcroIEHelpe089.dll
c:\users\Jo\AppData\Roaming\srvblck2.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-24 bis 2012-03-24  ))))))))))))))))))))))))))))))
.
.
2012-03-24 19:01 . 2012-03-24 19:02        --------        d-----w-        c:\users\Jo\AppData\Local\temp
2012-03-24 19:01 . 2012-03-24 19:01        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-03-24 19:00 . 2012-03-24 19:00        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FA997FC-810B-4B82-81B0-5F04A595417F}\offreg.dll
2012-03-24 18:06 . 2012-03-24 18:06        --------        d-----w-        C:\_OTL
2012-03-23 15:50 . 2012-03-14 02:15        6582328        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FA997FC-810B-4B82-81B0-5F04A595417F}\mpengine.dll
2012-03-20 15:43 . 2012-03-20 15:43        --------        d-----w-        c:\users\Jo\AppData\Roaming\Malwarebytes
2012-03-20 15:43 . 2012-03-20 15:43        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-03-20 15:43 . 2012-03-20 15:43        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-20 15:43 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-20 15:19 . 2012-03-20 15:32        --------        d-----w-        c:\program files\GridinSoft Trojan Killer
2012-03-18 12:37 . 2012-03-18 12:38        --------        d-----w-        c:\program files\CCleaner
2012-03-18 12:36 . 2012-03-18 12:38        --------        d-----w-        c:\users\Jo\AppData\Local\Google
2012-03-18 12:36 . 2012-03-18 12:37        --------        d-----w-        c:\program files\Google
2012-03-15 02:01 . 2011-11-19 14:50        3968368        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-03-15 02:01 . 2011-11-19 14:50        3913584        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-03-14 13:51 . 2012-02-03 03:54        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-03-14 13:51 . 2012-02-10 05:38        1077248        ----a-w-        c:\windows\system32\DWrite.dll
2012-03-14 13:50 . 2012-01-25 05:27        8192        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-03-14 13:50 . 2012-01-25 05:32        58880        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-03-14 13:50 . 2012-01-25 05:32        129536        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-03-14 13:50 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\system32\rdpcore.dll
2012-03-14 13:50 . 2012-02-17 04:14        183808        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-03-14 13:50 . 2012-02-17 04:13        24576        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2012-03-10 20:33 . 2012-03-10 20:34        --------        d-----w-        c:\program files\v-Grabber
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-24 12:23 . 2011-08-07 15:31        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2010-05-19 07:22        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-02-08 16:51 . 2012-02-08 16:51        65536        ----a-r-        c:\users\Jo\AppData\Roaming\Microsoft\Installer\{8D71174A-31A3-4523-8A52-8602B6099AC2}\ItchShortcut_3AACE619E70942C5B73003B60EB9E2F1.exe
2012-01-04 14:28 . 2012-01-04 14:28        16128        ----a-w-        c:\windows\system32\drivers\gtkdrv.sys
2012-01-04 08:58 . 2012-02-15 07:55        442880        ----a-w-        c:\windows\system32\ntshrui.dll
2011-12-30 05:27 . 2012-02-15 07:55        478720        ----a-w-        c:\windows\system32\timedate.cpl
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-10 233472]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4562944]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-08-12 1398024]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2009-11-12 203776]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2009-10-17 7168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-7-31 2680160]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07        843712        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51        37296        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 00:54        4240760        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 15:49        14940040        ----a-r-        c:\program files\Skype\Phone\Skype.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-03-18 136176]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-03-18 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 9216]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-04 38400]
R3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2009-08-12 488768]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-08-12 648456]
R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys [2012-01-04 16128]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-10 1343400]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-08-12 142352]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Apache2.2;Apache2.2;c:\xammp\xampp\apache\bin\httpd.exe [2009-12-19 29416]
S2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-06-30 49152]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2009-08-12 50192]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2009-12-04 36368]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-08-12 235024]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 41690919
*NewlyCreated* - 97635685
*Deregistered* - 41690919
*Deregistered* - 97635685
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService        REG_MULTI_SZ          HsfXAudioService
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-18 12:36]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-18 12:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 212.18.0.5 212.18.3.5 192.168.77.1
TCP: Interfaces\{7B00989C-9452-44BD-B6B9-D5D8BF77283C}: NameServer = 217.171.135.1 217.171.132.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{C424171E-592A-415A-9EB1-DFD6D95D3530} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-8570042-888220694-3765887851-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-24  20:04:18
ComboFix-quarantined-files.txt  2012-03-24 19:04
.
Vor Suchlauf: 11 Verzeichnis(se), 140.019.015.680 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 139.585.716.224 Bytes frei
.
- - End Of File - - 71D51F0A6D4A389B82D99DF0BF4C9FBE
--- --- ---

cosinus 24.03.2012 20:08
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

jowizzzal 24.03.2012 20:42
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-24 20:42:09
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-75A23T0 rev.01.01A01
Running: ijxuv89s.exe; Driver: C:\Users\Jo\AppData\Local\Temp\uxldapow.sys


---- System - GMER 1.0.15 ----

SSDT            87100000                                                                                        ZwCreateKey
SSDT            870FF240                                                                                        ZwCreateProcess
SSDT            870FF500                                                                                        ZwCreateProcessEx
SSDT            87100E60                                                                                        ZwCreateThread
SSDT            87101000                                                                                        ZwCreateThreadEx
SSDT            870FF7C0                                                                                        ZwCreateUserProcess
SSDT            87100580                                                                                        ZwDeleteKey
SSDT            87100840                                                                                        ZwDeleteValueKey
SSDT            871011A0                                                                                        ZwLoadDriver
SSDT            870FFA80                                                                                        ZwOpenProcess
SSDT            871002C0                                                                                        ZwSetValueKey
SSDT            870FFD40                                                                                        ZwTerminateProcess
SSDT            87100CC0                                                                                        ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKey + 13C1                                                                    82C8D3D9 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                          82CC6D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11BF                                                              82CCDEB4 4 Bytes  [00, 00, 10, 87]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11E3                                                              82CCDED8 8 Bytes  [40, F2, 0F, 87, 00, F5, 0F, ...]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1203                                                              82CCDEF8 8 Bytes  [60, 0E, 10, 87, 00, 10, 10, ...] {PUSHA ; PUSH CS; ADC [EDI-0x78eff000], AL}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 121B                                                              82CCDF10 4 Bytes  [C0, F7, 0F, 87]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1243                                                              82CCDF38 4 Bytes  [80, 05, 10, 87]
.text          ...                                                                                             
?              C:\Windows\system32\Drivers\PROCEXP113.SYS                                                      Das System kann die angegebene Datei nicht finden. !
?              C:\Users\Jo\AppData\Local\Temp\catchme.sys                                                      Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000050                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                          tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                          rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                          rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                          rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Udp                                                                          tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice  \FileSystem\fastfat \Fat                                                                        fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713afcee2                     
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713afcee2 (not active ControlSet) 

---- EOF - GMER 1.0.15 ----
Das ist der GMER log...als nächstes kommt der OSAM...vielen dank für den support.

Code:
OSAM Logfile:

       
Code:

       
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:50:22 on 24.03.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Google Inc. Google Chrome 17.0.963.83

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BCMWLCPL.CPL" - "Dell Inc." - C:\Windows\system32\BCMWLCPL.CPL
"CPLNumark_NS6.cpl" - "Numark" - C:\Windows\system32\CPLNumark_NS6.cpl
"CPLNumark_NS7.cpl" - "Numark" - C:\Windows\system32\CPLNumark_NS7.cpl
"CPLNumark_V7.cpl" - "Numark" - C:\Windows\system32\CPLNumark_V7.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"bcmwlcpl.cpl" - "Dell Inc." - C:\Windows\System32\bcmwlcpl.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
"TosBtLocalCOM" - "TOSHIBA CORPORATION" - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\LocalCOM.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"BCM42RLY" (BCM42RLY) - "Broadcom Corporation" - C:\Windows\System32\drivers\BCM42RLY.sys
"catchme" (catchme) - ? - C:\Users\Jo\AppData\Local\Temp\catchme.sys  (File not found)
"GridinSoft Trojan Killer Driver" (TrojanKillerDriver) - "Windows (R) Win 7 DDK provider" - C:\Windows\System32\DRIVERS\gtkdrv.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"Mobile IP Route Manager" (mdvrmng) - ? - C:\Windows\system32\drivers\mdvrmng.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"tmactmon" (tmactmon) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\tmactmon.sys
"tmcomm" (tmcomm) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\tmcomm.sys
"tmevtmgr" (tmevtmgr) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\tmevtmgr.sys
"tmpreflt" (tmpreflt) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\tmpreflt.sys
"tmxpflt" (tmxpflt) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\tmxpflt.sys
"uxldapow" (uxldapow) - ? - C:\Users\Jo\AppData\Local\Temp\uxldapow.sys  (Hidden registry entry, rootkit activity | File not found)
"vsapint" (vsapint) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\vsapint.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} "vsharechrome" - ? -   (File not found | COM-object registry key not found)
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{48F45200-91E6-11CE-8A4F-0080C81A28D4} "TMD Shell Extension" - "Trend Micro Inc." - c:\Program Files\Trend Micro\Internet Security\Tmdshell.dll
{771A9DA0-731A-11CE-993C-00AA004ADB6C} "VBPropSheet" - "Trend Micro Inc." - c:\Program Files\Trend Micro\Internet Security\VBProp.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8100D56A-5661-482C-BEE8-AFECE305D968} "Facebook Photo Uploader 5 Control" - "The Facebook" - C:\Windows\Downloaded Program Files\PhotoUploader55.ocx / hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Object" - "Apple Inc." - C:\Program Files\QuickTime\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files\Windows Live\Companion\companionlang.dll,-600" - "Microsoft Corporation" - C:\Program Files\Windows Live\Companion\companioncore.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Companion\companioncore.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Bluetooth Manager.lnk" - "TOSHIBA CORPORATION." - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Broadcom Wireless Manager UI" - "Dell Inc." - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
"DBRMTray" - "Microsoft" - C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
"Dell Webcam Central" - "Creative Technology Ltd" - "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
"ITSecMng" - "TOSHIBA CORPORATION" - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"PDVDDXSrv" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"UfSeAgnt.exe" - "Trend Micro Inc." - "c:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )-----
"DBRMTray" - "Microsoft" - C:\Dell\DBRM\Reminder\TrayApp.exe

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Dell Wireless WLAN Card Logon Provider" - "Dell Inc." - C:\Windows\System32\BCMLogon.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"LIDIL hpzlllhn" - "Hewlett-Packard Company" - C:\Windows\system32\hpzlllhn.dll
"Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apache2.2" (Apache2.2) - "Apache Software Foundation" - C:\xammp\xampp\apache\bin\httpd.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"BecHelperService" (BecHelperService) - ? - C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe  (File found, but it contains no detailed information)
"Dell Wireless WLAN Tray Service" (wltrysvc) - ? - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE  (File found, but it contains no detailed information)
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"MySQL" (MySQL) - "MySQL AB" - C:\xammp\xampp\mysql\bin\mysqld.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
"TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
"Trend Micro Personal Firewall" (TmPfw) - "Trend Micro Inc." - c:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
"Trend Micro Proxy Service" (tmproxy) - "Trend Micro Inc." - c:\Program Files\Trend Micro\Internet Security\TmProxy.exe
"Trend Micro Unauthorized Change Prevention Service" (TMBMServer) - "Trend Micro Inc." - c:\Program Files\Trend Micro\BM\TMBMSRV.exe
"Trend Micro Zentrale Steuerkomponente" (SfCtlCom) - "Trend Micro Inc." - c:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:50:22 on 24.03.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Google Inc. Google Chrome 17.0.963.83

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BCMWLCPL.CPL" - "Dell Inc." - C:\Windows\system32\BCMWLCPL.CPL
"CPLNumark_NS6.cpl" - "Numark" - C:\Windows\system32\CPLNumark_NS6.cpl
"CPLNumark_NS7.cpl" - "Numark" - C:\Windows\system32\CPLNumark_NS7.cpl
"CPLNumark_V7.cpl" - "Numark" - C:\Windows\system32\CPLNumark_V7.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"bcmwlcpl.cpl" - "Dell Inc." - C:\Windows\System32\bcmwlcpl.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
"TosBtLocalCOM" - "TOSHIBA CORPORATION" - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\LocalCOM.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"BCM42RLY" (BCM42RLY) - "Broadcom Corporation" - C:\Windows\System32\drivers\BCM42RLY.sys
"catchme" (catchme) - ? - C:\Users\Jo\AppData\Local\Temp\catchme.sys  (File not found)
"GridinSoft Trojan Killer Driver" (TrojanKillerDriver) - "Windows (R) Win 7 DDK provider" - C:\Windows\System32\DRIVERS\gtkdrv.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"Mobile IP Route Manager" (mdvrmng) - ? - C:\Windows\system32\drivers\mdvrmng.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"tmactmon" (tmactmon) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\tmactmon.sys
"tmcomm" (tmcomm) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\tmcomm.sys
"tmevtmgr" (tmevtmgr) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\tmevtmgr.sys
"tmpreflt" (tmpreflt) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\tmpreflt.sys
"tmxpflt" (tmxpflt) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\tmxpflt.sys
"uxldapow" (uxldapow) - ? - C:\Users\Jo\AppData\Local\Temp\uxldapow.sys  (Hidden registry entry, rootkit activity | File not found)
"vsapint" (vsapint) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\vsapint.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} "vsharechrome" - ? -  (File not found | COM-object registry key not found)
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{48F45200-91E6-11CE-8A4F-0080C81A28D4} "TMD Shell Extension" - "Trend Micro Inc." - c:\Program Files\Trend Micro\Internet Security\Tmdshell.dll
{771A9DA0-731A-11CE-993C-00AA004ADB6C} "VBPropSheet" - "Trend Micro Inc." - c:\Program Files\Trend Micro\Internet Security\VBProp.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -  (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8100D56A-5661-482C-BEE8-AFECE305D968} "Facebook Photo Uploader 5 Control" - "The Facebook" - C:\Windows\Downloaded Program Files\PhotoUploader55.ocx / hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Object" - "Apple Inc." - C:\Program Files\QuickTime\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files\Windows Live\Companion\companionlang.dll,-600" - "Microsoft Corporation" - C:\Program Files\Windows Live\Companion\companioncore.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Companion\companioncore.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Bluetooth Manager.lnk" - "TOSHIBA CORPORATION." - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Broadcom Wireless Manager UI" - "Dell Inc." - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
"DBRMTray" - "Microsoft" - C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
"Dell Webcam Central" - "Creative Technology Ltd" - "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
"ITSecMng" - "TOSHIBA CORPORATION" - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"PDVDDXSrv" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"UfSeAgnt.exe" - "Trend Micro Inc." - "c:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )-----
"DBRMTray" - "Microsoft" - C:\Dell\DBRM\Reminder\TrayApp.exe

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Dell Wireless WLAN Card Logon Provider" - "Dell Inc." - C:\Windows\System32\BCMLogon.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"LIDIL hpzlllhn" - "Hewlett-Packard Company" - C:\Windows\system32\hpzlllhn.dll
"Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apache2.2" (Apache2.2) - "Apache Software Foundation" - C:\xammp\xampp\apache\bin\httpd.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"BecHelperService" (BecHelperService) - ? - C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe  (File found, but it contains no detailed information)
"Dell Wireless WLAN Tray Service" (wltrysvc) - ? - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE  (File found, but it contains no detailed information)
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"MySQL" (MySQL) - "MySQL AB" - C:\xammp\xampp\mysql\bin\mysqld.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
"TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
"Trend Micro Personal Firewall" (TmPfw) - "Trend Micro Inc." - c:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
"Trend Micro Proxy Service" (tmproxy) - "Trend Micro Inc." - c:\Program Files\Trend Micro\Internet Security\TmProxy.exe
"Trend Micro Unauthorized Change Prevention Service" (TMBMServer) - "Trend Micro Inc." - c:\Program Files\Trend Micro\BM\TMBMSRV.exe
"Trend Micro Zentrale Steuerkomponente" (SfCtlCom) - "Trend Micro Inc." - c:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-24 20:56:03
-----------------------------
20:56:03.458    OS Version: Windows 6.1.7601 Service Pack 1
20:56:03.458    Number of processors: 2 586 0x170A
20:56:03.474    ComputerName: LAPTOP  UserName: Jo
20:56:05.486    Initialize success
20:58:57.624    AVAST engine defs: 12032400
21:00:19.696    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:00:19.696    Disk 0 Vendor: WDC_WD2500BEVT-75A23T0 01.01A01 Size: 238475MB BusType: 11
21:00:19.961    Disk 0 MBR read successfully
21:00:19.961    Disk 0 MBR scan
21:00:19.977    Disk 0 Windows VISTA default MBR code
21:00:20.008    Disk 0 Partition 1 00    DE Dell Utility Dell 8.0      39 MB offset 63
21:00:20.070    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 80325
21:00:20.133    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      223434 MB offset 30800325
21:00:20.320    Disk 0 scanning sectors +488395120
21:00:20.725    Disk 0 scanning C:\Windows\system32\drivers
21:01:55.043    Service scanning
21:02:23.591    Modules scanning
21:04:44.584    Disk 0 trace - called modules:
21:04:44.631   
21:04:45.988    AVAST engine scan C:\Windows
21:05:50.791    AVAST engine scan C:\Windows\system32
21:24:06.730    AVAST engine scan C:\Windows\system32\drivers
21:27:00.100    AVAST engine scan C:\Users\Jo
21:45:01.086    AVAST engine scan C:\ProgramData
21:51:58.150    Scan finished successfully
22:07:32.274    Disk 0 MBR has been saved successfully to "C:\Users\Jo\Desktop\MBR.dat"
22:07:32.274    The log file has been saved successfully to "C:\Users\Jo\Desktop\aswMBR.txt"

cosinus 25.03.2012 14:23
Sieht soweit ok aus.

Zitat:
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
Von einer PFW kann ich nur abraten. Kannst du die deinstallieren? Wenn ja, mach das mal und aktivier die Windows-Firewall.

Mach bitte auch zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

jowizzzal 26.03.2012 16:03
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/26/2012 at 04:58 PM

Application Version : 5.0.1146

Core Rules Database Version : 8377
Trace Rules Database Version: 6189

Scan type      : Complete Scan
Total Scan Time : 00:47:23

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 756
Memory threats detected  : 0
Registry items scanned    : 34336
Registry threats detected : 0
File items scanned        : 40487
File threats detected    : 184

Adware.Tracking Cookie
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\36OA7BRX.txt [ /webmasterplan.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\94U8QPVW.txt [ /content.yieldmanager.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\DG90TVTP.txt [ /mediafire.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\LBIW3BJM.txt [ /ru4.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\91E6W7BW.txt [ /static.freewebs.getclicky.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\IKXLCMWZ.txt [ /dyntracker.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\K1S2B6S2.txt [ /ads.ad4game.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\DRYFZPX1.txt [ /ad.propellerads.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\CMHBAVKY.txt [ /ads.blog.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\2IKYVAYN.txt [ /partypoker.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\0CUPSHLF.txt [ /smartadserver.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\1PZQWL8A.txt [ /yieldmanager.net ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\36GMRQJ5.txt [ /eas.apm.emediate.eu ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\W80BFTJT.txt [ /ads.glispa.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\4TG8TL9H.txt [ /www.zanox-affiliate.de ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\F18HPZBM.txt [ /ads.movierelics.de ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\E3CCTZP9.txt [ /mediaplex.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\Q2HGE5FU.txt [ /adtech.de ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\QZUC9NZ8.txt [ /wmedia.rotator.hadj7.adjuggler.net ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\DHUQRW72.txt [ /ads.crakmedia.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\V6J1YR0U.txt [ /xiti.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\RBSVUQNC.txt [ /track.adform.net ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\XYEC1WZ3.txt [ /bs.serving-sys.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\0J8FUHYM.txt [ /apmebf.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\3IJDH2VI.txt [ /advertising.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\HE4EE1A2.txt [ /ads2.zeusclicks.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\WKX5YNT5.txt [ /specificclick.net ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\2CAWD7JD.txt [ /tracking.quisma.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\Q26ZQCRU.txt [ /lpa.trackfox2.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\DLCVW5CI.txt [ /ad1.adfarm1.adition.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\65M23838.txt [ /ads.depositfiles.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\5NONXBKO.txt [ /pornhub.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\TIVCGDFB.txt [ /media6degrees.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\8QMRPUXK.txt [ /invitemedia.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\M3U41T0E.txt [ /atdmt.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\IITDG1TU.txt [ /ad.zanox.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\0M94D3OY.txt [ /ads.creative-serving.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\VNLXU2YO.txt [ /adform.net ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\D05PFV9O.txt [ /ad.yieldmanager.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\FIMK11X3.txt [ /trafficasts.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\7SYJFZK5.txt [ /ad3.adfarm1.adition.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\2YBN9IA7.txt [ /lucidmedia.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\65CN29BQ.txt [ /at.atwola.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\C1HYJSLM.txt [ /ad6media.fr ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\1O2MC9VG.txt [ /rts.pgmediaserve.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\XQGILFWT.txt [ /exoclick.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\1NLIHVLW.txt [ /yadro.ru ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\WTW0KQQU.txt [ /www.youporn.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\RPM57BBK.txt [ /revsci.net ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\ED32UCRU.txt [ /serving-sys.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\VA9PSS5V.txt [ /adbrite.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\WCJLWBHG.txt [ /amazon-adsystem.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\51JME5Q7.txt [ /www4.smartadserver.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\LRTC94FO.txt [ /youporn.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\3PQER52Q.txt [ /doubleclick.net ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\ZLMFYQFE.txt [ /imrworldwide.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\F03NOZVW.txt [ /adxpansion.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\UI24EFFE.txt [ /a.trackfox2.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\CJBTYZCA.txt [ /ad2.adfarm1.adition.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\M1M2CF8N.txt [ /de.partypoker.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\JIXOVNW7.txt [ /freemediaforyou.net ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\YHNNM10P.txt [ /adfarm1.adition.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\U0NCSPP1.txt [ /adultfriendfinder.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\YBC6V82S.txt [ /zedo.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\RS0OVQ5X.txt [ /zanox.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\T5BB0RO3.txt [ /mmotraffic.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\WQ57NES5.txt [ /adviva.net ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\QDA2JPKG.txt [ /www.pornhub.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\813372I6.txt [ /pornografish.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\F9F60S13.txt [ /stat.ed.cupidplc.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\DVYGIJ9U.txt [ /girlsteachsex.com ]
        C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Cookies\7JXYH4UP.txt [ /ad.360yield.com ]
        C:\USERS\JO\Cookies\36OA7BRX.txt [ Cookie:jo@webmasterplan.com/ ]
        C:\USERS\JO\Cookies\94U8QPVW.txt [ Cookie:jo@content.yieldmanager.com/ ]
        C:\USERS\JO\Cookies\91E6W7BW.txt [ Cookie:jo@static.freewebs.getclicky.com/ ]
        C:\USERS\JO\Cookies\IKXLCMWZ.txt [ Cookie:jo@dyntracker.com/ ]
        C:\USERS\JO\Cookies\2IKYVAYN.txt [ Cookie:jo@partypoker.com/ ]
        C:\USERS\JO\Cookies\0CUPSHLF.txt [ Cookie:jo@smartadserver.com/ ]
        C:\USERS\JO\Cookies\1PZQWL8A.txt [ Cookie:jo@yieldmanager.net/ ]
        C:\USERS\JO\Cookies\36GMRQJ5.txt [ Cookie:jo@eas.apm.emediate.eu/ ]
        C:\USERS\JO\Cookies\4TG8TL9H.txt [ Cookie:jo@www.zanox-affiliate.de/ ]
        C:\USERS\JO\Cookies\E3CCTZP9.txt [ Cookie:jo@mediaplex.com/ ]
        C:\USERS\JO\Cookies\Q2HGE5FU.txt [ Cookie:jo@adtech.de/ ]
        C:\USERS\JO\Cookies\QZUC9NZ8.txt [ Cookie:jo@wmedia.rotator.hadj7.adjuggler.net/ ]
        C:\USERS\JO\Cookies\DHUQRW72.txt [ Cookie:jo@ads.crakmedia.com/ ]
        C:\USERS\JO\Cookies\V6J1YR0U.txt [ Cookie:jo@xiti.com/ ]
        C:\USERS\JO\Cookies\RBSVUQNC.txt [ Cookie:jo@track.adform.net/ ]
        C:\USERS\JO\Cookies\3IJDH2VI.txt [ Cookie:jo@advertising.com/ ]
        C:\USERS\JO\Cookies\HE4EE1A2.txt [ Cookie:jo@ads2.zeusclicks.com/ ]
        C:\USERS\JO\Cookies\2CAWD7JD.txt [ Cookie:jo@tracking.quisma.com/ ]
        C:\USERS\JO\Cookies\Q26ZQCRU.txt [ Cookie:jo@lpa.trackfox2.com/ ]
        C:\USERS\JO\Cookies\DLCVW5CI.txt [ Cookie:jo@ad1.adfarm1.adition.com/ ]
        C:\USERS\JO\Cookies\5NONXBKO.txt [ Cookie:jo@pornhub.com/ ]
        C:\USERS\JO\Cookies\TIVCGDFB.txt [ Cookie:jo@media6degrees.com/ ]
        C:\USERS\JO\Cookies\8QMRPUXK.txt [ Cookie:jo@invitemedia.com/ ]
        C:\USERS\JO\Cookies\IITDG1TU.txt [ Cookie:jo@ad.zanox.com/ ]
        C:\USERS\JO\Cookies\D05PFV9O.txt [ Cookie:jo@ad.yieldmanager.com/ ]
        C:\USERS\JO\Cookies\FIMK11X3.txt [ Cookie:jo@trafficasts.com/ ]
        C:\USERS\JO\Cookies\7SYJFZK5.txt [ Cookie:jo@ad3.adfarm1.adition.com/ ]
        C:\USERS\JO\Cookies\2YBN9IA7.txt [ Cookie:jo@lucidmedia.com/ ]
        C:\USERS\JO\Cookies\65CN29BQ.txt [ Cookie:jo@at.atwola.com/ ]
        C:\USERS\JO\Cookies\1O2MC9VG.txt [ Cookie:jo@rts.pgmediaserve.com/ ]
        C:\USERS\JO\Cookies\XQGILFWT.txt [ Cookie:jo@exoclick.com/ ]
        C:\USERS\JO\Cookies\1NLIHVLW.txt [ Cookie:jo@yadro.ru/ ]
        C:\USERS\JO\Cookies\WTW0KQQU.txt [ Cookie:jo@www.youporn.com/ ]
        C:\USERS\JO\Cookies\RPM57BBK.txt [ Cookie:jo@revsci.net/ ]
        C:\USERS\JO\Cookies\VA9PSS5V.txt [ Cookie:jo@adbrite.com/ ]
        C:\USERS\JO\Cookies\WCJLWBHG.txt [ Cookie:jo@amazon-adsystem.com/ ]
        C:\USERS\JO\Cookies\51JME5Q7.txt [ Cookie:jo@www4.smartadserver.com/ ]
        C:\USERS\JO\Cookies\3PQER52Q.txt [ Cookie:jo@doubleclick.net/ ]
        C:\USERS\JO\Cookies\ZLMFYQFE.txt [ Cookie:jo@imrworldwide.com/cgi-bin ]
        C:\USERS\JO\Cookies\UI24EFFE.txt [ Cookie:jo@a.trackfox2.com/ ]
        C:\USERS\JO\Cookies\CJBTYZCA.txt [ Cookie:jo@ad2.adfarm1.adition.com/ ]
        C:\USERS\JO\Cookies\M1M2CF8N.txt [ Cookie:jo@de.partypoker.com/ ]
        C:\USERS\JO\Cookies\JIXOVNW7.txt [ Cookie:jo@freemediaforyou.net/ ]
        C:\USERS\JO\Cookies\YHNNM10P.txt [ Cookie:jo@adfarm1.adition.com/ ]
        C:\USERS\JO\Cookies\U0NCSPP1.txt [ Cookie:jo@adultfriendfinder.com/ ]
        C:\USERS\JO\Cookies\RS0OVQ5X.txt [ Cookie:jo@zanox.com/ ]
        C:\USERS\JO\Cookies\T5BB0RO3.txt [ Cookie:jo@mmotraffic.com/ ]
        C:\USERS\JO\Cookies\WQ57NES5.txt [ Cookie:jo@adviva.net/ ]
        C:\USERS\JO\Cookies\QDA2JPKG.txt [ Cookie:jo@www.pornhub.com/ ]
        C:\USERS\JO\Cookies\813372I6.txt [ Cookie:jo@pornografish.com/ ]
        C:\USERS\JO\Cookies\DVYGIJ9U.txt [ Cookie:jo@girlsteachsex.com/ ]
        .kaspersky.122.2o7.net [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .doubleclick.net [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .xiti.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .gostats.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .gostats.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .imrworldwide.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .imrworldwide.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adx.chip.de [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adx.chip.de [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adx.chip.de [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adx.chip.de [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adx.chip.de [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .specificclick.net [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .bs.serving-sys.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        track.adform.net [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .amazon-adsystem.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .amazon-adsystem.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .apmebf.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .mediaplex.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .mediaplex.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.zanox.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        track.adform.net [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adform.net [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .unister-adservices.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .unister-adservices.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .zanox-affiliate.de [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.zanox-affiliate.de [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .zanox.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad1.adfarm1.adition.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        edates.traffective-tracking.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        edates.traffective-tracking.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        edates.traffective-tracking.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        edates.traffective-tracking.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad2.adfarm1.adition.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .atdmt.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .atdmt.com [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .doubleclick.net [ C:\USERS\JO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        files.youporn.com [ C:\USERS\JO\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NCQYU7N5 ]
        www.pornhub.com [ C:\USERS\JO\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NCQYU7N5 ]
ich benutze NUR meine Windows Firewall...habe es gerade versucht zu deinstallieren, abre hat leider nicht funktioniert.

Soll ich mit der SUPERAntiSpyware die "184 Items Found" löschen (remove (n) )

Ein Malwarebytes Log folgt.

cosinus 26.03.2012 18:28
Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Fehlt noch das Log von Malwarebytes.

jowizzzal 26.03.2012 18:44
Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.26.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jo :: LAPTOP [Administrator]

Schutz: Aktiviert

26.03.2012 17:11:19
mbam-log-2012-03-26 (17-11-19).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 309564
Laufzeit: 1 Stunde(n), 26 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Keine weiteren Funde bei Malwarebytes...was empfiehlst du mir...soll ich das System komplett neu aufsetzen? besten gruß und schönen abend

cosinus 26.03.2012 18:51
Zitat:
...was empfiehlst du mir...soll ich das System komplett neu aufsetzen?
Neu aufsetzen weil? :confused: ...weil es nun keine Funde außer Cookies mehr gibt, diese Logik versteh ich nicht, bitte erklären wie du darauf kommst!
Den ganzen Quatsch hätte man sich hier auch sparen können wenn man eh alles plätten und neu installieren will :wtf:

jowizzzal 26.03.2012 21:16
Sehr gut! Ich sehe das genau so, es war eine heiden Arbeit!:abklatsch:

Da anscheinend immernoch Überreste in dem Windowswirrwarr sind möchte ich einfach sicher gehen. Ich nutz mein Laptop u.a. für OnlineBanking oder Online Einkäufe..

können an hand von cookies meine passwörter zB oder ähnliches ausgespeht werden?

Vielen Dank für die Hilfe!

cosinus 27.03.2012 10:20
Zitat:
können an hand von cookies meine passwörter zB oder ähnliches ausgespeht werden?
Ja das kann immer passiert sein 100% Sicherheit gibt es nicht
Deswegen kann man nach so einer Aktion auch mal seine Passwörter einfach alle mal ändern

jowizzzal 28.03.2012 22:04
Also die Gefahr - dass nach dem ganzen "scannen" und Virus entfernen - meine neuen Passwörter ausgespeht werden ist nicht gegeben?

cosinus 29.03.2012 13:45
Zitat:
meine neuen Passwörter ausgespeht werden ist nicht gegeben?
Ich bin kein :glaskugel: aber es kann passiert sein - es gibt hunderte Varianten dieses Schädlings es kann sein dass welche auch Passwörter klauen aber woher soll ich das wissen und wie genau soll ich sehen dass du sowas hattest? Das geht nicht, deswegen ändert man seine Passwörter einfach alle nach der Bereingung!


Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

jowizzzal 04.04.2012 00:15
Alles klar hab soweit alles gemacht. Läuft wie zuvor..

Vielen Dank nochmal für Deine Hilfe!


Frohe Ostern und besten Gruß :-)


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:57 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130