'EXP/Agent.AG' [exploit] gefunden

DanSkorksi · 19.09.2011, 13:03

Guten Tag!

Eben wurde durch AVIRA 'EXP/Agent.AG' [exploit] auf meinem Rechner gefunden. Die Datei wurde durch AVIRA ins Quarantäneverzeichnis verschoben. Nachdem ich auf Firefox 6.0.2 updaten wollte, verlangte dieser erstmals im Administratoren-Modus für das Udate die Eingabe des Administratorenpassworts, was ich natürlich nicht getan habe. Wie könnte ich weiter vorgehen? Malwarebytes und ein erneuter AVIRA-Scan haben nichts mehr gefunden.

Vielen Dank
Dan

cosinus · 19.09.2011, 13:46

Log von AntiVir fehlt...

DanSkorksi · 19.09.2011, 13:51

Zitat:

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Montag, 19. September 2011 11:35

Es wird nach 3382851 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : DAN-PC

Versionsinformationen:
BUILD.DAT : 10.2.0.700 35934 Bytes 21.07.2011 16:49:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 28.06.2011 20:45:06
AVSCAN.DLL : 10.0.5.0 57192 Bytes 28.06.2011 20:45:06
LUKE.DLL : 10.3.0.5 45416 Bytes 28.06.2011 20:45:07
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 28.06.2011 20:45:07
AVREG.DLL : 10.3.0.9 88833 Bytes 13.07.2011 08:39:56
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:23:11
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 07:27:22
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 08:27:51
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 22:19:31
VBASE005.VDF : 7.11.10.251 1788416 Bytes 07.07.2011 14:13:36
VBASE006.VDF : 7.11.13.60 6411776 Bytes 16.08.2011 12:01:52
VBASE007.VDF : 7.11.13.61 2048 Bytes 16.08.2011 12:01:52
VBASE008.VDF : 7.11.13.62 2048 Bytes 16.08.2011 12:01:52
VBASE009.VDF : 7.11.13.63 2048 Bytes 16.08.2011 12:01:52
VBASE010.VDF : 7.11.13.64 2048 Bytes 16.08.2011 12:01:52
VBASE011.VDF : 7.11.13.65 2048 Bytes 16.08.2011 12:01:52
VBASE012.VDF : 7.11.13.66 2048 Bytes 16.08.2011 12:01:52
VBASE013.VDF : 7.11.13.95 166400 Bytes 17.08.2011 09:56:33
VBASE014.VDF : 7.11.13.125 209920 Bytes 18.08.2011 09:56:33
VBASE015.VDF : 7.11.13.157 184832 Bytes 22.08.2011 09:56:34
VBASE016.VDF : 7.11.13.201 128000 Bytes 24.08.2011 14:28:47
VBASE017.VDF : 7.11.13.234 160768 Bytes 25.08.2011 16:55:27
VBASE018.VDF : 7.11.14.16 141312 Bytes 30.08.2011 17:05:41
VBASE019.VDF : 7.11.14.48 133120 Bytes 31.08.2011 18:20:29
VBASE020.VDF : 7.11.14.78 156160 Bytes 02.09.2011 07:12:04
VBASE021.VDF : 7.11.14.109 126976 Bytes 06.09.2011 11:39:23
VBASE022.VDF : 7.11.14.137 131584 Bytes 08.09.2011 18:42:53
VBASE023.VDF : 7.11.14.166 196096 Bytes 12.09.2011 06:04:37
VBASE024.VDF : 7.11.14.193 184832 Bytes 14.09.2011 06:51:07
VBASE025.VDF : 7.11.14.215 125952 Bytes 16.09.2011 13:46:35
VBASE026.VDF : 7.11.14.216 2048 Bytes 16.09.2011 13:46:35
VBASE027.VDF : 7.11.14.217 2048 Bytes 16.09.2011 13:46:35
VBASE028.VDF : 7.11.14.218 2048 Bytes 16.09.2011 13:46:36
VBASE029.VDF : 7.11.14.219 2048 Bytes 16.09.2011 13:46:36
VBASE030.VDF : 7.11.14.220 2048 Bytes 16.09.2011 13:46:36
VBASE031.VDF : 7.11.14.223 43520 Bytes 16.09.2011 13:46:36
Engineversion : 8.2.6.64
AEVDF.DLL : 8.1.2.1 106868 Bytes 10.01.2011 13:22:51
AESCRIPT.DLL : 8.1.3.76 1626490 Bytes 27.08.2011 16:55:31
AESCN.DLL : 8.1.7.2 127349 Bytes 10.01.2011 13:22:49
AESBX.DLL : 8.2.1.34 323957 Bytes 25.06.2011 22:19:31
AERDL.DLL : 8.1.9.15 639348 Bytes 11.09.2011 18:42:57
AEPACK.DLL : 8.2.10.10 684407 Bytes 05.09.2011 07:12:16
AEOFFICE.DLL : 8.1.2.15 201083 Bytes 18.09.2011 13:46:39
AEHEUR.DLL : 8.1.2.169 3703160 Bytes 18.09.2011 13:46:39
AEHELP.DLL : 8.1.17.7 254327 Bytes 29.07.2011 08:19:26
AEGEN.DLL : 8.1.5.9 401780 Bytes 27.08.2011 16:55:28
AEEMU.DLL : 8.1.3.0 393589 Bytes 10.01.2011 13:22:42
AECORE.DLL : 8.1.23.0 196983 Bytes 27.08.2011 16:55:28
AEBB.DLL : 8.1.1.0 53618 Bytes 10.01.2011 13:22:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 10.01.2011 13:22:56
AVPREF.DLL : 10.0.3.2 44904 Bytes 28.06.2011 20:45:06
AVREP.DLL : 10.0.0.10 174120 Bytes 19.05.2011 07:37:00
AVARKT.DLL : 10.0.26.1 255336 Bytes 28.06.2011 20:45:06
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 28.06.2011 20:45:06
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:02
AVSMTP.DLL : 10.0.0.17 63848 Bytes 10.01.2011 13:22:56
NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 13:27:01
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 28.06.2011 20:45:06
RCTEXT.DLL : 10.0.64.0 98664 Bytes 28.06.2011 20:45:06

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: avguard_async_scan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4eb1a64b\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Optimierter Suchlauf..................: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO,
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Montag, 19. September 2011 11:35

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuschd2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'psi_tray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SOUNDMAN.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PSIA.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SupServ.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\Daniel\AppData\Local\Mozilla\Firefox\Profiles\qjjqew3b.default\Cache\A\7E\98E04d01'
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
C:\Users\Daniel\AppData\Local\Mozilla\Firefox\Profiles\qjjqew3b.default\Cache\A\7E\98E04d01
[0] Archivtyp: SWC
[FUND] Enthält Erkennungsmuster des Exploits EXP/Agent.AG
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4895a19f.qua' verschoben!

Ende des Suchlaufs: Montag, 19. September 2011 11:35
Benötigte Zeit: 00:48 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

0 Verzeichnisse wurden überprüft
13 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
12 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
1 Hinweise
23350 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden

[QUOTE]
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Montag, 19. September 2011 11:56

Es wird nach 3382851 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : Dan
Computername : DAN-PC

Versionsinformationen:
BUILD.DAT : 10.2.0.700 35934 Bytes 21.07.2011 16:49:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 28.06.2011 20:45:06
AVSCAN.DLL : 10.0.5.0 57192 Bytes 28.06.2011 20:45:06
LUKE.DLL : 10.3.0.5 45416 Bytes 28.06.2011 20:45:07
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 28.06.2011 20:45:07
AVREG.DLL : 10.3.0.9 88833 Bytes 13.07.2011 08:39:56
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:23:11
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 07:27:22
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 08:27:51
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 22:19:31
VBASE005.VDF : 7.11.10.251 1788416 Bytes 07.07.2011 14:13:36
VBASE006.VDF : 7.11.13.60 6411776 Bytes 16.08.2011 12:01:52
VBASE007.VDF : 7.11.13.61 2048 Bytes 16.08.2011 12:01:52
VBASE008.VDF : 7.11.13.62 2048 Bytes 16.08.2011 12:01:52
VBASE009.VDF : 7.11.13.63 2048 Bytes 16.08.2011 12:01:52
VBASE010.VDF : 7.11.13.64 2048 Bytes 16.08.2011 12:01:52
VBASE011.VDF : 7.11.13.65 2048 Bytes 16.08.2011 12:01:52
VBASE012.VDF : 7.11.13.66 2048 Bytes 16.08.2011 12:01:52
VBASE013.VDF : 7.11.13.95 166400 Bytes 17.08.2011 09:56:33
VBASE014.VDF : 7.11.13.125 209920 Bytes 18.08.2011 09:56:33
VBASE015.VDF : 7.11.13.157 184832 Bytes 22.08.2011 09:56:34
VBASE016.VDF : 7.11.13.201 128000 Bytes 24.08.2011 14:28:47
VBASE017.VDF : 7.11.13.234 160768 Bytes 25.08.2011 16:55:27
VBASE018.VDF : 7.11.14.16 141312 Bytes 30.08.2011 17:05:41
VBASE019.VDF : 7.11.14.48 133120 Bytes 31.08.2011 18:20:29
VBASE020.VDF : 7.11.14.78 156160 Bytes 02.09.2011 07:12:04
VBASE021.VDF : 7.11.14.109 126976 Bytes 06.09.2011 11:39:23
VBASE022.VDF : 7.11.14.137 131584 Bytes 08.09.2011 18:42:53
VBASE023.VDF : 7.11.14.166 196096 Bytes 12.09.2011 06:04:37
VBASE024.VDF : 7.11.14.193 184832 Bytes 14.09.2011 06:51:07
VBASE025.VDF : 7.11.14.215 125952 Bytes 16.09.2011 13:46:35
VBASE026.VDF : 7.11.14.216 2048 Bytes 16.09.2011 13:46:35
VBASE027.VDF : 7.11.14.217 2048 Bytes 16.09.2011 13:46:35
VBASE028.VDF : 7.11.14.218 2048 Bytes 16.09.2011 13:46:36
VBASE029.VDF : 7.11.14.219 2048 Bytes 16.09.2011 13:46:36
VBASE030.VDF : 7.11.14.220 2048 Bytes 16.09.2011 13:46:36
VBASE031.VDF : 7.11.14.223 43520 Bytes 16.09.2011 13:46:36
Engineversion : 8.2.6.64
AEVDF.DLL : 8.1.2.1 106868 Bytes 10.01.2011 13:22:51
AESCRIPT.DLL : 8.1.3.76 1626490 Bytes 27.08.2011 16:55:31
AESCN.DLL : 8.1.7.2 127349 Bytes 10.01.2011 13:22:49
AESBX.DLL : 8.2.1.34 323957 Bytes 25.06.2011 22:19:31
AERDL.DLL : 8.1.9.15 639348 Bytes 11.09.2011 18:42:57
AEPACK.DLL : 8.2.10.10 684407 Bytes 05.09.2011 07:12:16
AEOFFICE.DLL : 8.1.2.15 201083 Bytes 18.09.2011 13:46:39
AEHEUR.DLL : 8.1.2.169 3703160 Bytes 18.09.2011 13:46:39
AEHELP.DLL : 8.1.17.7 254327 Bytes 29.07.2011 08:19:26
AEGEN.DLL : 8.1.5.9 401780 Bytes 27.08.2011 16:55:28
AEEMU.DLL : 8.1.3.0 393589 Bytes 10.01.2011 13:22:42
AECORE.DLL : 8.1.23.0 196983 Bytes 27.08.2011 16:55:28
AEBB.DLL : 8.1.1.0 53618 Bytes 10.01.2011 13:22:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 10.01.2011 13:22:56
AVPREF.DLL : 10.0.3.2 44904 Bytes 28.06.2011 20:45:06
AVREP.DLL : 10.0.0.10 174120 Bytes 19.05.2011 07:37:00
AVARKT.DLL : 10.0.26.1 255336 Bytes 28.06.2011 20:45:06
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 28.06.2011 20:45:06
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:02
AVSMTP.DLL : 10.0.0.17 63848 Bytes 10.01.2011 13:22:56
NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 13:27:01
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 28.06.2011 20:45:06
RCTEXT.DLL : 10.0.64.0 98664 Bytes 28.06.2011 20:45:06

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Optimierter Suchlauf..................: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Montag, 19. September 2011 11:56

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuschd2.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'psi_tray.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'SOUNDMAN.EXE' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'PSIA.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'SupServ.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '47' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '156' Dateien ).

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
Beginne mit der Suche in 'D:\'

Ende des Suchlaufs: Montag, 19. September 2011 12:39
Benötigte Zeit: 43:18 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

27392 Verzeichnisse wurden überprüft
441279 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
441279 Dateien ohne Befall
1464 Archive wurden durchsucht
0 Warnungen
0 Hinweise
385142 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
[\QUOTE]

cosinus · 19.09.2011, 14:17

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Führe danach auch bitte ESET aus, danach sehen wir weiter.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

n.

DanSkorksi · 20.09.2011, 12:39

Eset und Malwarebytes haben keine für mich offensichtlichen Bedrohungen gefunden. Hier die Logs.

Zitat:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7748

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

19.09.2011 16:57:51
mbam-log-2011-09-19 (16-57-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 328344
Laufzeit: 43 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

=========================================================

Folgende Scans wurden nicht vom Administratorenkonto wie obiges, sondern über das Userkonto erstellt worden:

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5983

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

08.03.2011 21:05:44
mbam-log-2011-03-08 (21-05-44).txt

Scan type: Quick scan
Objects scanned: 134818
Time elapsed: 1 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6131

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

22.03.2011 18:20:23
mbam-log-2011-03-22 (18-20-23).txt

Scan type: Quick scan
Objects scanned: 1
Time elapsed: 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6132

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

22.03.2011 22:04:42
mbam-log-2011-03-22 (22-04-42).txt

Scan type: Quick scan
Objects scanned: 1
Time elapsed: 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Daniel\downloads\simpsons.exe (PUP.RelevantKnowledge) -> Quarantined and deleted successfully.

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6158

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

25.03.2011 09:57:05
mbam-log-2011-03-25 (09-57-05).txt

Scan type: Quick scan
Objects scanned: 1
Time elapsed: 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6158

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

27.03.2011 03:24:25
mbam-log-2011-03-27 (03-24-25).txt

Scan type: Quick scan
Objects scanned: 2
Time elapsed: 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6199

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

29.03.2011 12:42:28
mbam-log-2011-03-29 (12-42-28).txt

Scan type: Quick scan
Objects scanned: 1
Time elapsed: 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6320

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

11.04.2011 22:35:08
mbam-log-2011-04-11 (22-35-08).txt

Scan type: Quick scan
Objects scanned: 1
Time elapsed: 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6373

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

16.04.2011 20:26:03
mbam-log-2011-04-16 (20-26-03).txt

Scan type: Quick scan
Objects scanned: 1
Time elapsed: 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6554

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

13.05.2011 11:15:56
mbam-log-2011-05-13 (11-15-55).txt

Scan type: Quick scan
Objects scanned: 1
Time elapsed: 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

=========================================================

Zitat:

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=4517339bad44b1409a08b3158a4d0c9b
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-20 08:32:50
# local_time=2011-09-20 10:32:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 82533 53041771 144129 0
# compatibility_mode=5893 16776574 66 85 17872583 68134800 0 0
# compatibility_mode=8192 67108863 100 0 53716 53716 0 0
# scanned=108337
# found=0
# cleaned=0
# scan_time=2619
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=4517339bad44b1409a08b3158a4d0c9b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-20 09:47:10
# local_time=2011-09-20 11:47:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 85257 53044495 146853 0
# compatibility_mode=5893 16776574 66 85 17875307 68137524 0 0
# compatibility_mode=8192 67108863 100 0 56440 56440 0 0
# scanned=171908
# found=0
# cleaned=0
# scan_time=4357
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=4517339bad44b1409a08b3158a4d0c9b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-20 11:21:24
# local_time=2011-09-20 01:21:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 90576 53049814 152172 0
# compatibility_mode=5893 16776574 66 85 17880626 68142843 0 0
# compatibility_mode=8192 67108863 100 0 61759 61759 0 0
# scanned=171942
# found=0
# cleaned=0
# scan_time=4691

Vielen Dank, Arne.

cosinus · 20.09.2011, 13:16

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

DanSkorksi · 20.09.2011, 13:40

Code:

ATTFilter

OTL logfile created on: 20.09.2011 14:18:59 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\Dan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 67,93% Memory free
8,00 Gb Paging File | 6,72 Gb Available in Paging File | 84,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 49,07 Gb Total Space | 11,00 Gb Free Space | 22,42% Space Free | Partition Type: NTFS
Drive D: | 183,80 Gb Total Space | 67,50 Gb Free Space | 36,72% Space Free | Partition Type: NTFS
Drive E: | 48,84 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 98,17 Gb Total Space | 13,19 Gb Free Space | 13,44% Space Free | Partition Type: FAT32
Drive H: | 199,87 Gb Total Space | 3,47 Gb Free Space | 1,74% Space Free | Partition Type: FAT32
 
Computer Name: DAN-PC | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.20 14:17:31 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
PRC - [2011.06.28 22:45:06 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.27 12:00:30 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.10 16:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2011.01.10 15:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.08.22 13:23:25 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV - [2011.06.28 22:45:06 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.27 12:00:30 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.01.10 16:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.02.29 03:07:18 | 000,942,080 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.06.28 22:45:07 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.28 22:45:07 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.07 23:37:02 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.12.01 21:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010.11.20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2009.10.21 13:01:34 | 000,767,488 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WN111v2w7x.sys -- (WN111v2)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.19 04:45:06 | 003,491,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTKVAC64.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.10.01 17:44:06 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2008.05.16 12:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 12:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008.05.16 12:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 12:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 12:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV:64bit: - [2006.11.28 22:46:20 | 000,043,328 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCAMp50a64.sys -- (PCAMp50a64)
DRV:64bit: - [2006.11.28 22:46:20 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCASp50a64.sys -- (PCASp50a64)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2010.12.01 21:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.10.01 17:44:06 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\jswpslwfx.sys -- (JSWPSLWF)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sueddeutsche.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E 8C E7 60 DF 51 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.04.16 20:29:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.04.16 20:29:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.19 18:51:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.11 11:39:00 | 000,000,000 | ---D | M]
 
[2011.02.15 17:57:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\mozilla\Extensions
[2011.08.22 16:37:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\mozilla\Firefox\Profiles\tafz5pcz.default\extensions
[2011.08.22 16:37:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dan\AppData\Roaming\mozilla\Firefox\Profiles\tafz5pcz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.09.01 10:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.08.22 13:21:09 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.09.19 18:51:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.02.21 23:34:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.08.30 22:35:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.30 22:29:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.08.30 22:35:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.30 22:35:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.30 22:35:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.30 22:35:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{164FC379-F79E-41B2-AE0D-4AA158DC459E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.04 12:59:50 | 000,000,029 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{ef2b58a3-3911-11e0-8e06-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ef2b58a3-3911-11e0-8e06-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.20 14:17:30 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2011.09.19 18:53:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.09.19 18:53:21 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Dan\Desktop\esetsmartinstaller_enu.exe
[2011.09.19 13:33:57 | 001,081,480 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Dan\Desktop\SkypeSetup.exe
[2011.09.14 17:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter
[2011.09.14 17:23:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free M4a to MP3 Converter
[2011.09.07 14:01:15 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\WinRAR
[2011.09.07 14:01:15 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.09.07 14:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.09.07 14:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011.08.22 13:21:55 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\SUPERAntiSpyware.com
[2011.08.22 13:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011.08.22 13:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.08.22 13:21:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.03.07 22:57:43 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe7E36.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.20 14:17:31 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2011.09.20 14:16:19 | 000,466,261 | ---- | M] () -- C:\Users\Dan\Desktop\henrich september.jpg
[2011.09.20 13:42:44 | 000,022,335 | ---- | M] () -- C:\Users\Dan\Documents\superpad.odt
[2011.09.20 09:50:42 | 000,015,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.20 09:50:42 | 000,015,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.20 09:43:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.20 09:42:55 | 3220,774,912 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.19 18:53:22 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Dan\Desktop\esetsmartinstaller_enu.exe
[2011.09.19 18:50:03 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.09.19 18:50:03 | 000,698,726 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.09.19 18:50:03 | 000,652,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.09.19 18:50:03 | 000,148,782 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.09.19 18:50:03 | 000,121,640 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.09.19 13:33:59 | 001,081,480 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Dan\Desktop\SkypeSetup.exe
[2011.09.14 17:23:21 | 000,001,053 | ---- | M] () -- C:\Users\Dan\Desktop\Free M4a to MP3 Converter.lnk
[2011.09.01 20:18:50 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.09.01 19:58:36 | 000,048,789 | ---- | M] () -- C:\Users\Dan\Desktop\diana_ross_large.gif
[2011.09.01 17:45:11 | 001,594,042 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.01 10:31:14 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.08.22 13:21:39 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
 
========== Files Created - No Company Name ==========
 
[2011.09.20 14:16:19 | 000,466,261 | ---- | C] () -- C:\Users\Dan\Desktop\henrich september.jpg
[2011.09.20 13:42:41 | 000,022,335 | ---- | C] () -- C:\Users\Dan\Documents\superpad.odt
[2011.09.14 17:23:21 | 000,001,053 | ---- | C] () -- C:\Users\Dan\Desktop\Free M4a to MP3 Converter.lnk
[2011.09.01 19:58:35 | 000,048,789 | ---- | C] () -- C:\Users\Dan\Desktop\diana_ross_large.gif
[2011.04.16 19:13:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.22 19:26:30 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.03.12 17:34:55 | 001,594,042 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.02.15 21:31:10 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2011.02.15 18:02:28 | 000,154,144 | ---- | C] () -- C:\Windows\SysWow64\RTLCPAPI.dll
[2011.02.15 18:02:27 | 000,044,064 | ---- | C] () -- C:\Windows\CPLUtl64.exe
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.02.15 20:04:56 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ImgBurn
[2011.03.03 14:10:17 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Mp3tag
[2011.02.21 20:35:45 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\OpenOffice.org
[2011.08.14 18:04:37 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\PhotoScape
[2011.07.08 00:52:42 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\SumatraPDF
[2011.05.19 09:34:55 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.07.19 11:03:06 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Adobe
[2011.02.27 22:40:40 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Avira
[2011.04.16 20:29:33 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\DivX
[2011.07.04 16:28:30 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\HpUpdate
[2011.02.15 16:53:38 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Identities
[2011.02.15 20:04:56 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ImgBurn
[2011.02.16 00:39:39 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Macromedia
[2011.02.15 18:11:41 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Media Center Programs
[2011.07.19 11:10:43 | 000,000,000 | --SD | M] -- C:\Users\Dan\AppData\Roaming\Microsoft
[2011.02.15 17:57:59 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Mozilla
[2011.03.03 14:10:17 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Mp3tag
[2011.02.21 20:35:45 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\OpenOffice.org
[2011.08.14 18:04:37 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\PhotoScape
[2011.02.15 20:01:06 | 000,000,000 | RH-D | M] -- C:\Users\Dan\AppData\Roaming\SecuROM
[2011.09.01 20:19:56 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Skype
[2011.07.08 00:52:42 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\SumatraPDF
[2011.08.22 13:21:55 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\SUPERAntiSpyware.com
[2011.09.20 13:34:29 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

cosinus · 20.09.2011, 14:15

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.04 12:59:50 | 000,000,029 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{ef2b58a3-3911-11e0-8e06-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ef2b58a3-3911-11e0-8e06-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

DanSkorksi · 20.09.2011, 20:53

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef2b58a3-3911-11e0-8e06-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef2b58a3-3911-11e0-8e06-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef2b58a3-3911-11e0-8e06-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef2b58a3-3911-11e0-8e06-806e6f6e6963}\ not found.
File E:\autorun.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dan
->Temp folder emptied: 29993239 bytes
->Temporary Internet Files folder emptied: 598712 bytes
->Java cache emptied: 370939 bytes
->FireFox cache emptied: 43779680 bytes
->Flash cache emptied: 470 bytes

User: Daniel
->Temp folder emptied: 209389745 bytes
->Temporary Internet Files folder emptied: 25208328 bytes
->Java cache emptied: 536 bytes
->FireFox cache emptied: 48777835 bytes
->Flash cache emptied: 470 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 45654 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50635 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 342,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.29.1 log created on 09202011_214854

Files\Folders moved on Reboot...
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
C:\Users\Dan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

DanSkorksi · 21.09.2011, 07:48

Zwischenzeitlich hat Antivir wieder eine Meldung ausgespuckt:

Die Datei 'C:\Users\Daniel\AppData\Local\Mozilla\Firefox\Profiles\qjjqew3b.default\Cache\A\7E\98E04d01'
enthielt einen Virus oder unerwünschtes Programm 'EXP/Agent.AG' [exploit].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '484724e7.qua' verschoben!

cosinus · 21.09.2011, 09:52

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

DanSkorksi · 21.09.2011, 10:15

Nix gefunden.

2011/09/21 11:13:09.0637 2248 TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10
2011/09/21 11:13:09.0744 2248 ================================================================================
2011/09/21 11:13:09.0744 2248 SystemInfo:
2011/09/21 11:13:09.0744 2248
2011/09/21 11:13:09.0744 2248 OS Version: 6.1.7601 ServicePack: 1.0
2011/09/21 11:13:09.0744 2248 Product type: Workstation
2011/09/21 11:13:09.0744 2248 ComputerName: DAN-PC
2011/09/21 11:13:09.0744 2248 UserName: Dan
2011/09/21 11:13:09.0744 2248 Windows directory: C:\Windows
2011/09/21 11:13:09.0744 2248 System windows directory: C:\Windows
2011/09/21 11:13:09.0744 2248 Running under WOW64
2011/09/21 11:13:09.0744 2248 Processor architecture: Intel x64
2011/09/21 11:13:09.0744 2248 Number of processors: 2
2011/09/21 11:13:09.0744 2248 Page size: 0x1000
2011/09/21 11:13:09.0744 2248 Boot type: Normal boot
2011/09/21 11:13:09.0744 2248 ================================================================================
2011/09/21 11:13:10.0628 2248 Initialize success
2011/09/21 11:13:12.0210 1128 ================================================================================
2011/09/21 11:13:12.0210 1128 Scan started
2011/09/21 11:13:12.0210 1128 Mode: Manual;
2011/09/21 11:13:12.0210 1128 ================================================================================
2011/09/21 11:13:13.0191 1128 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/09/21 11:13:13.0229 1128 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/09/21 11:13:13.0270 1128 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/09/21 11:13:13.0394 1128 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/09/21 11:13:13.0435 1128 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/09/21 11:13:13.0460 1128 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/09/21 11:13:13.0534 1128 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/09/21 11:13:13.0572 1128 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/09/21 11:13:13.0689 1128 ALCXWDM (853ad8bd8ca940d0f5ac2679a6ed439b) C:\Windows\system32\drivers\RTKVAC64.SYS
2011/09/21 11:13:13.0744 1128 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/09/21 11:13:13.0764 1128 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/09/21 11:13:13.0816 1128 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/21 11:13:13.0837 1128 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/09/21 11:13:13.0880 1128 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/09/21 11:13:13.0915 1128 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/09/21 11:13:13.0945 1128 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/09/21 11:13:14.0053 1128 AnyDVD (821e7e501226ee344fdb0f40ee46109d) C:\Windows\system32\Drivers\AnyDVD.sys
2011/09/21 11:13:14.0098 1128 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/09/21 11:13:14.0134 1128 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/09/21 11:13:14.0154 1128 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/09/21 11:13:14.0217 1128 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/21 11:13:14.0255 1128 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/09/21 11:13:14.0302 1128 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/09/21 11:13:14.0333 1128 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
2011/09/21 11:13:14.0386 1128 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/09/21 11:13:14.0436 1128 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/09/21 11:13:14.0474 1128 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/09/21 11:13:14.0524 1128 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/09/21 11:13:14.0568 1128 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/21 11:13:14.0591 1128 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/09/21 11:13:14.0606 1128 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/09/21 11:13:14.0642 1128 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/09/21 11:13:14.0659 1128 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/09/21 11:13:14.0687 1128 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/09/21 11:13:14.0703 1128 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/09/21 11:13:14.0731 1128 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/21 11:13:14.0774 1128 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/21 11:13:14.0816 1128 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/09/21 11:13:14.0838 1128 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/21 11:13:14.0879 1128 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/09/21 11:13:14.0988 1128 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/21 11:13:15.0017 1128 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/09/21 11:13:15.0062 1128 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/09/21 11:13:15.0085 1128 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/21 11:13:15.0127 1128 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/09/21 11:13:15.0153 1128 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/09/21 11:13:15.0226 1128 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/09/21 11:13:15.0263 1128 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/09/21 11:13:15.0303 1128 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/09/21 11:13:15.0413 1128 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/09/21 11:13:15.0472 1128 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/21 11:13:15.0622 1128 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/09/21 11:13:15.0784 1128 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/09/21 11:13:15.0827 1128 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/09/21 11:13:15.0867 1128 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/09/21 11:13:15.0924 1128 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/09/21 11:13:15.0954 1128 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/09/21 11:13:15.0993 1128 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/21 11:13:16.0026 1128 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/09/21 11:13:16.0051 1128 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/09/21 11:13:16.0070 1128 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/21 11:13:16.0121 1128 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/09/21 11:13:16.0158 1128 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/09/21 11:13:16.0184 1128 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/21 11:13:16.0240 1128 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/21 11:13:16.0265 1128 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/09/21 11:13:16.0303 1128 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/09/21 11:13:16.0352 1128 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/09/21 11:13:16.0378 1128 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/09/21 11:13:16.0393 1128 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/21 11:13:16.0413 1128 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/21 11:13:16.0478 1128 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/09/21 11:13:16.0527 1128 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/09/21 11:13:16.0589 1128 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/09/21 11:13:16.0632 1128 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/09/21 11:13:16.0668 1128 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/09/21 11:13:16.0727 1128 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/09/21 11:13:16.0768 1128 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/09/21 11:13:16.0799 1128 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/09/21 11:13:16.0821 1128 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/21 11:13:16.0866 1128 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/21 11:13:16.0910 1128 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/09/21 11:13:16.0930 1128 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/09/21 11:13:16.0967 1128 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/09/21 11:13:16.0991 1128 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/09/21 11:13:17.0022 1128 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/09/21 11:13:17.0083 1128 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys
2011/09/21 11:13:17.0117 1128 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/09/21 11:13:17.0158 1128 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/09/21 11:13:17.0189 1128 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/21 11:13:17.0233 1128 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/09/21 11:13:17.0253 1128 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/09/21 11:13:17.0304 1128 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/21 11:13:17.0361 1128 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/09/21 11:13:17.0376 1128 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/09/21 11:13:17.0396 1128 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/09/21 11:13:17.0423 1128 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/09/21 11:13:17.0463 1128 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/09/21 11:13:17.0486 1128 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/09/21 11:13:17.0519 1128 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/09/21 11:13:17.0541 1128 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/09/21 11:13:17.0576 1128 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/21 11:13:17.0610 1128 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/09/21 11:13:17.0643 1128 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/21 11:13:17.0678 1128 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/09/21 11:13:17.0715 1128 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/09/21 11:13:17.0741 1128 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/21 11:13:17.0784 1128 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/09/21 11:13:17.0827 1128 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/21 11:13:17.0877 1128 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/21 11:13:17.0918 1128 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/21 11:13:17.0967 1128 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/09/21 11:13:18.0006 1128 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/09/21 11:13:18.0051 1128 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/09/21 11:13:18.0074 1128 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/09/21 11:13:18.0104 1128 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/09/21 11:13:18.0166 1128 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/21 11:13:18.0180 1128 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/21 11:13:18.0208 1128 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/09/21 11:13:18.0259 1128 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/09/21 11:13:18.0296 1128 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/09/21 11:13:18.0318 1128 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/09/21 11:13:18.0333 1128 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/09/21 11:13:18.0378 1128 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/09/21 11:13:18.0438 1128 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/21 11:13:18.0497 1128 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/09/21 11:13:18.0547 1128 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/09/21 11:13:18.0578 1128 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/21 11:13:18.0625 1128 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/21 11:13:18.0671 1128 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/21 11:13:18.0708 1128 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/09/21 11:13:18.0744 1128 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/21 11:13:18.0781 1128 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/21 11:13:18.0853 1128 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/09/21 11:13:18.0883 1128 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/09/21 11:13:18.0913 1128 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/21 11:13:19.0000 1128 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/09/21 11:13:19.0035 1128 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/09/21 11:13:19.0086 1128 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
2011/09/21 11:13:19.0418 1128 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/09/21 11:13:19.0622 1128 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/09/21 11:13:19.0663 1128 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/09/21 11:13:19.0720 1128 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/09/21 11:13:19.0752 1128 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/09/21 11:13:19.0812 1128 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/09/21 11:13:19.0850 1128 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/09/21 11:13:19.0881 1128 PCAMp50a64 (304e6ac43613a9c43896c4300009442b) C:\Windows\system32\Drivers\PCAMp50a64.sys
2011/09/21 11:13:19.0916 1128 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys
2011/09/21 11:13:19.0960 1128 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/09/21 11:13:19.0982 1128 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/09/21 11:13:20.0015 1128 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/21 11:13:20.0043 1128 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/09/21 11:13:20.0078 1128 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/09/21 11:13:20.0209 1128 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/21 11:13:20.0225 1128 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/09/21 11:13:20.0291 1128 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/21 11:13:20.0329 1128 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
2011/09/21 11:13:20.0384 1128 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/09/21 11:13:20.0409 1128 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/09/21 11:13:20.0444 1128 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/21 11:13:20.0470 1128 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/21 11:13:20.0503 1128 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/09/21 11:13:20.0555 1128 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/21 11:13:20.0586 1128 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/21 11:13:20.0617 1128 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/21 11:13:20.0665 1128 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/21 11:13:20.0690 1128 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/09/21 11:13:20.0711 1128 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/21 11:13:20.0750 1128 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/21 11:13:20.0780 1128 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/09/21 11:13:20.0807 1128 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/09/21 11:13:20.0848 1128 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/09/21 11:13:20.0912 1128 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/21 11:13:20.0950 1128 s0016bus (ea268bce30691c2dd24f02e617fd2eb5) C:\Windows\system32\DRIVERS\s0016bus.sys
2011/09/21 11:13:20.0997 1128 s0016mdfl (f5f9deb89996d333ef976624d37e24e3) C:\Windows\system32\DRIVERS\s0016mdfl.sys
2011/09/21 11:13:21.0028 1128 s0016mdm (c17ce2aee67480febcc36eccb54c0be8) C:\Windows\system32\DRIVERS\s0016mdm.sys
2011/09/21 11:13:21.0104 1128 s0016mgmt (cc267f04c54c5ec5b7bd658d7628469f) C:\Windows\system32\DRIVERS\s0016mgmt.sys
2011/09/21 11:13:21.0137 1128 s0016obex (ca394dcc38579c7ad82e83ee64d798a0) C:\Windows\system32\DRIVERS\s0016obex.sys
2011/09/21 11:13:21.0234 1128 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/09/21 11:13:21.0279 1128 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/09/21 11:13:21.0314 1128 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/09/21 11:13:21.0361 1128 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/09/21 11:13:21.0417 1128 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/09/21 11:13:21.0481 1128 seehcri (ede7a1d2715aac2190d51dc07afd44e3) C:\Windows\system32\DRIVERS\seehcri.sys
2011/09/21 11:13:21.0531 1128 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/21 11:13:21.0564 1128 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/09/21 11:13:21.0590 1128 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/09/21 11:13:21.0643 1128 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/09/21 11:13:21.0665 1128 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/21 11:13:21.0685 1128 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/21 11:13:21.0711 1128 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/21 11:13:21.0749 1128 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/09/21 11:13:21.0765 1128 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/09/21 11:13:21.0797 1128 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/09/21 11:13:21.0841 1128 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/09/21 11:13:21.0910 1128 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/09/21 11:13:21.0978 1128 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/21 11:13:22.0011 1128 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/21 11:13:22.0048 1128 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/09/21 11:13:22.0096 1128 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
2011/09/21 11:13:22.0150 1128 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/09/21 11:13:22.0252 1128 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
2011/09/21 11:13:22.0315 1128 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/21 11:13:22.0366 1128 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/21 11:13:22.0400 1128 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/09/21 11:13:22.0416 1128 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/09/21 11:13:22.0463 1128 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/21 11:13:22.0484 1128 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/09/21 11:13:22.0564 1128 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/21 11:13:22.0608 1128 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/09/21 11:13:22.0656 1128 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/21 11:13:22.0684 1128 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/09/21 11:13:22.0726 1128 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/21 11:13:22.0776 1128 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/21 11:13:22.0817 1128 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/09/21 11:13:22.0838 1128 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/21 11:13:22.0880 1128 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/21 11:13:22.0938 1128 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/09/21 11:13:22.0973 1128 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/21 11:13:23.0040 1128 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
2011/09/21 11:13:23.0080 1128 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
2011/09/21 11:13:23.0107 1128 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/21 11:13:23.0132 1128 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/21 11:13:23.0159 1128 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/21 11:13:23.0193 1128 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/09/21 11:13:23.0221 1128 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/21 11:13:23.0246 1128 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/09/21 11:13:23.0283 1128 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/09/21 11:13:23.0306 1128 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/09/21 11:13:23.0338 1128 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/09/21 11:13:23.0382 1128 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/09/21 11:13:23.0412 1128 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/09/21 11:13:23.0458 1128 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
2011/09/21 11:13:23.0503 1128 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2011/09/21 11:13:23.0528 1128 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
2011/09/21 11:13:23.0575 1128 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
2011/09/21 11:13:23.0601 1128 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/09/21 11:13:23.0635 1128 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/09/21 11:13:23.0679 1128 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/09/21 11:13:23.0714 1128 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/09/21 11:13:23.0762 1128 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/21 11:13:23.0782 1128 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/21 11:13:23.0825 1128 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/09/21 11:13:23.0868 1128 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/21 11:13:23.0959 1128 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/09/21 11:13:23.0996 1128 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/09/21 11:13:24.0109 1128 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/21 11:13:24.0175 1128 WN111v2 (b972c12de88299e78f6656a31046dd99) C:\Windows\system32\DRIVERS\WN111v2w7x.sys
2011/09/21 11:13:24.0218 1128 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/21 11:13:24.0291 1128 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/09/21 11:13:24.0333 1128 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/21 11:13:24.0385 1128 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/09/21 11:13:24.0399 1128 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
2011/09/21 11:13:24.0416 1128 Boot (0x1200) (57d2d9566d43ba4ecb1b148db73e010b) \Device\Harddisk0\DR0\Partition0
2011/09/21 11:13:24.0446 1128 Boot (0x1200) (ae04b4e789530b575ee892534b933cc7) \Device\Harddisk0\DR0\Partition1
2011/09/21 11:13:24.0459 1128 Boot (0x1200) (5a2aa4432e9fa77fdc27766a8f359ef4) \Device\Harddisk1\DR1\Partition0
2011/09/21 11:13:24.0478 1128 Boot (0x1200) (93c61c7ab8776fa45db70e0367d5c538) \Device\Harddisk1\DR1\Partition1
2011/09/21 11:13:24.0490 1128 ================================================================================
2011/09/21 11:13:24.0490 1128 Scan finished
2011/09/21 11:13:24.0490 1128 ================================================================================
2011/09/21 11:13:24.0511 3256 Detected object count: 0
2011/09/21 11:13:24.0511 3256 Actual detected object count: 0
2011/09/21 11:13:27.0667 3448 ================================================================================
2011/09/21 11:13:27.0667 3448 Scan started
2011/09/21 11:13:27.0667 3448 Mode: Manual;
2011/09/21 11:13:27.0667 3448 ================================================================================
2011/09/21 11:13:28.0252 3448 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/09/21 11:13:28.0291 3448 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/09/21 11:13:28.0332 3448 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/09/21 11:13:28.0381 3448 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/09/21 11:13:28.0403 3448 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/09/21 11:13:28.0431 3448 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/09/21 11:13:28.0497 3448 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/09/21 11:13:28.0526 3448 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/09/21 11:13:28.0634 3448 ALCXWDM (853ad8bd8ca940d0f5ac2679a6ed439b) C:\Windows\system32\drivers\RTKVAC64.SYS
2011/09/21 11:13:28.0681 3448 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/09/21 11:13:28.0702 3448 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/09/21 11:13:28.0737 3448 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/21 11:13:28.0766 3448 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/09/21 11:13:28.0801 3448 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/09/21 11:13:28.0827 3448 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/09/21 11:13:28.0848 3448 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/09/21 11:13:28.0908 3448 AnyDVD (821e7e501226ee344fdb0f40ee46109d) C:\Windows\system32\Drivers\AnyDVD.sys
2011/09/21 11:13:28.0960 3448 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/09/21 11:13:28.0989 3448 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/09/21 11:13:29.0008 3448 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/09/21 11:13:29.0054 3448 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/21 11:13:29.0077 3448 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/09/21 11:13:29.0124 3448 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/09/21 11:13:29.0146 3448 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
2011/09/21 11:13:29.0191 3448 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/09/21 11:13:29.0224 3448 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/09/21 11:13:29.0262 3448 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/09/21 11:13:29.0295 3448 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/09/21 11:13:29.0323 3448 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/21 11:13:29.0354 3448 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/09/21 11:13:29.0370 3448 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/09/21 11:13:29.0406 3448 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/09/21 11:13:29.0422 3448 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/09/21 11:13:29.0451 3448 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/09/21 11:13:29.0477 3448 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/09/21 11:13:29.0500 3448 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/21 11:13:29.0546 3448 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/21 11:13:29.0587 3448 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/09/21 11:13:29.0609 3448 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/21 11:13:29.0651 3448 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/09/21 11:13:29.0702 3448 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/21 11:13:29.0722 3448 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/09/21 11:13:29.0767 3448 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/09/21 11:13:29.0791 3448 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/21 11:13:29.0825 3448 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/09/21 11:13:29.0858 3448 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/09/21 11:13:29.0956 3448 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/09/21 11:13:29.0985 3448 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/09/21 11:13:30.0008 3448 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/09/21 11:13:30.0101 3448 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/09/21 11:13:30.0161 3448 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/21 11:13:30.0259 3448 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/09/21 11:13:30.0339 3448 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/09/21 11:13:30.0374 3448 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/09/21 11:13:30.0414 3448 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/09/21 11:13:30.0462 3448 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/09/21 11:13:30.0494 3448 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/09/21 11:13:30.0524 3448 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/21 11:13:30.0557 3448 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/09/21 11:13:30.0582 3448 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/09/21 11:13:30.0609 3448 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/21 11:13:30.0651 3448 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/09/21 11:13:30.0688 3448 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/09/21 11:13:30.0715 3448 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/21 11:13:30.0754 3448 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/21 11:13:30.0780 3448 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/09/21 11:13:30.0807 3448 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/09/21 11:13:30.0850 3448 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/09/21 11:13:30.0876 3448 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/09/21 11:13:30.0892 3448 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/21 11:13:30.0914 3448 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/21 11:13:30.0993 3448 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/09/21 11:13:31.0033 3448 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/09/21 11:13:31.0086 3448 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/09/21 11:13:31.0122 3448 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/09/21 11:13:31.0150 3448 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/09/21 11:13:31.0200 3448 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/09/21 11:13:31.0233 3448 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/09/21 11:13:31.0272 3448 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/09/21 11:13:31.0288 3448 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/21 11:13:31.0338 3448 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/21 11:13:31.0366 3448 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/09/21 11:13:31.0382 3448 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/09/21 11:13:31.0407 3448 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/09/21 11:13:31.0430 3448 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/09/21 11:13:31.0461 3448 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/09/21 11:13:31.0499 3448 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys
2011/09/21 11:13:31.0523 3448 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/09/21 11:13:31.0556 3448 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/09/21 11:13:31.0596 3448 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/21 11:13:31.0639 3448 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/09/21 11:13:31.0660 3448 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/09/21 11:13:31.0711 3448 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/21 11:13:31.0759 3448 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/09/21 11:13:31.0776 3448 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/09/21 11:13:31.0796 3448 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/09/21 11:13:31.0822 3448 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/09/21 11:13:31.0845 3448 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/09/21 11:13:31.0868 3448 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/09/21 11:13:31.0901 3448 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/09/21 11:13:31.0929 3448 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/09/21 11:13:31.0958 3448 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/21 11:13:31.0984 3448 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/09/21 11:13:32.0008 3448 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/21 11:13:32.0043 3448 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/09/21 11:13:32.0081 3448 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/09/21 11:13:32.0106 3448 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/21 11:13:32.0149 3448 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/09/21 11:13:32.0192 3448 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/21 11:13:32.0242 3448 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/21 11:13:32.0284 3448 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/21 11:13:32.0308 3448 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/09/21 11:13:32.0338 3448 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/09/21 11:13:32.0383 3448 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/09/21 11:13:32.0406 3448 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/09/21 11:13:32.0436 3448 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/09/21 11:13:32.0472 3448 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/21 11:13:32.0487 3448 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/21 11:13:32.0507 3448 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/09/21 11:13:32.0558 3448 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/09/21 11:13:32.0587 3448 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/09/21 11:13:32.0617 3448 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/09/21 11:13:32.0632 3448 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/09/21 11:13:32.0661 3448 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/09/21 11:13:32.0696 3448 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/21 11:13:32.0753 3448 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/09/21 11:13:32.0780 3448 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/09/21 11:13:32.0801 3448 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/21 11:13:32.0841 3448 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/21 11:13:32.0887 3448 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/21 11:13:32.0924 3448 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/09/21 11:13:32.0967 3448 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/21 11:13:33.0013 3448 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/21 11:13:33.0085 3448 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/09/21 11:13:33.0116 3448 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/09/21 11:13:33.0145 3448 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/21 11:13:33.0223 3448 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/09/21 11:13:33.0259 3448 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/09/21 11:13:33.0302 3448 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
2011/09/21 11:13:33.0633 3448 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/09/21 11:13:33.0812 3448 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/09/21 11:13:33.0854 3448 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/09/21 11:13:33.0903 3448 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/09/21 11:13:33.0960 3448 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/09/21 11:13:34.0012 3448 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/09/21 11:13:34.0049 3448 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/09/21 11:13:34.0081 3448 PCAMp50a64 (304e6ac43613a9c43896c4300009442b) C:\Windows\system32\Drivers\PCAMp50a64.sys
2011/09/21 11:13:34.0123 3448 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys
2011/09/21 11:13:34.0160 3448 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/09/21 11:13:34.0181 3448 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/09/21 11:13:34.0213 3448 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/21 11:13:34.0244 3448 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/09/21 11:13:34.0277 3448 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/09/21 11:13:34.0401 3448 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/21 11:13:34.0416 3448 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/09/21 11:13:34.0474 3448 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/21 11:13:34.0502 3448 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
2011/09/21 11:13:34.0558 3448 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/09/21 11:13:34.0583 3448 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/09/21 11:13:34.0619 3448 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/21 11:13:34.0644 3448 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/21 11:13:34.0669 3448 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/09/21 11:13:34.0721 3448 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/21 11:13:34.0752 3448 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/21 11:13:34.0774 3448 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/21 11:13:34.0823 3448 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/21 11:13:34.0848 3448 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/09/21 11:13:34.0870 3448 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/21 11:13:34.0900 3448 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/21 11:13:34.0962 3448 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/09/21 11:13:34.0999 3448 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/09/21 11:13:35.0040 3448 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/09/21 11:13:35.0094 3448 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/21 11:13:35.0132 3448 s0016bus (ea268bce30691c2dd24f02e617fd2eb5) C:\Windows\system32\DRIVERS\s0016bus.sys
2011/09/21 11:13:35.0170 3448 s0016mdfl (f5f9deb89996d333ef976624d37e24e3) C:\Windows\system32\DRIVERS\s0016mdfl.sys
2011/09/21 11:13:35.0194 3448 s0016mdm (c17ce2aee67480febcc36eccb54c0be8) C:\Windows\system32\DRIVERS\s0016mdm.sys
2011/09/21 11:13:35.0229 3448 s0016mgmt (cc267f04c54c5ec5b7bd658d7628469f) C:\Windows\system32\DRIVERS\s0016mgmt.sys
2011/09/21 11:13:35.0270 3448 s0016obex (ca394dcc38579c7ad82e83ee64d798a0) C:\Windows\system32\DRIVERS\s0016obex.sys
2011/09/21 11:13:35.0333 3448 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/09/21 11:13:35.0353 3448 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/09/21 11:13:35.0389 3448 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/09/21 11:13:35.0427 3448 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/09/21 11:13:35.0476 3448 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/09/21 11:13:35.0523 3448 seehcri (ede7a1d2715aac2190d51dc07afd44e3) C:\Windows\system32\DRIVERS\seehcri.sys
2011/09/21 11:13:35.0555 3448 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/21 11:13:35.0581 3448 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/09/21 11:13:35.0607 3448 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/09/21 11:13:35.0668 3448 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/09/21 11:13:35.0690 3448 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/21 11:13:35.0710 3448 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/21 11:13:35.0737 3448 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/21 11:13:35.0773 3448 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/09/21 11:13:35.0789 3448 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/09/21 11:13:35.0823 3448 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/09/21 11:13:35.0866 3448 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/09/21 11:13:35.0952 3448 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/09/21 11:13:36.0011 3448 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/21 11:13:36.0044 3448 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/21 11:13:36.0074 3448 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/09/21 11:13:36.0113 3448 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
2011/09/21 11:13:36.0159 3448 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/09/21 11:13:36.0260 3448 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
2011/09/21 11:13:36.0311 3448 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/21 11:13:36.0375 3448 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/21 11:13:36.0409 3448 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/09/21 11:13:36.0423 3448 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/09/21 11:13:36.0463 3448 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/21 11:13:36.0484 3448 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/09/21 11:13:36.0564 3448 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/21 11:13:36.0600 3448 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/09/21 11:13:36.0639 3448 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/21 11:13:36.0668 3448 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/09/21 11:13:36.0718 3448 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/21 11:13:36.0768 3448 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/21 11:13:36.0801 3448 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/09/21 11:13:36.0822 3448 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/21 11:13:36.0873 3448 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/21 11:13:36.0914 3448 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/09/21 11:13:36.0974 3448 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/21 11:13:37.0006 3448 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
2011/09/21 11:13:37.0046 3448 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
2011/09/21 11:13:37.0074 3448 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/21 11:13:37.0099 3448 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/21 11:13:37.0125 3448 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/21 11:13:37.0161 3448 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/09/21 11:13:37.0188 3448 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/21 11:13:37.0212 3448 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/09/21 11:13:37.0250 3448 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/09/21 11:13:37.0273 3448 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/09/21 11:13:37.0297 3448 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/09/21 11:13:37.0341 3448 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/09/21 11:13:37.0370 3448 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/09/21 11:13:37.0399 3448 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
2011/09/21 11:13:37.0437 3448 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2011/09/21 11:13:37.0462 3448 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
2011/09/21 11:13:37.0508 3448 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
2011/09/21 11:13:37.0536 3448 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/09/21 11:13:37.0569 3448 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/09/21 11:13:37.0588 3448 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/09/21 11:13:37.0631 3448 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/09/21 11:13:37.0655 3448 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/21 11:13:37.0670 3448 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/21 11:13:37.0715 3448 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/09/21 11:13:37.0760 3448 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/21 11:13:37.0828 3448 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/09/21 11:13:37.0855 3448 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/09/21 11:13:37.0952 3448 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/21 11:13:38.0018 3448 WN111v2 (b972c12de88299e78f6656a31046dd99) C:\Windows\system32\DRIVERS\WN111v2w7x.sys
2011/09/21 11:13:38.0060 3448 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/21 11:13:38.0125 3448 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/09/21 11:13:38.0151 3448 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/21 11:13:38.0203 3448 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/09/21 11:13:38.0217 3448 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
2011/09/21 11:13:38.0236 3448 Boot (0x1200) (57d2d9566d43ba4ecb1b148db73e010b) \Device\Harddisk0\DR0\Partition0
2011/09/21 11:13:38.0263 3448 Boot (0x1200) (ae04b4e789530b575ee892534b933cc7) \Device\Harddisk0\DR0\Partition1
2011/09/21 11:13:38.0277 3448 Boot (0x1200) (5a2aa4432e9fa77fdc27766a8f359ef4) \Device\Harddisk1\DR1\Partition0
2011/09/21 11:13:38.0296 3448 Boot (0x1200) (93c61c7ab8776fa45db70e0367d5c538) \Device\Harddisk1\DR1\Partition1
2011/09/21 11:13:38.0308 3448 ================================================================================
2011/09/21 11:13:38.0308 3448 Scan finished
2011/09/21 11:13:38.0308 3448 ================================================================================
2011/09/21 11:13:38.0328 1596 Detected object count: 0
2011/09/21 11:13:38.0328 1596 Actual detected object count: 0

DanSkorksi · 21.09.2011, 10:25

Nach der Anwendung von unhide sind keine neuen Datein aufgetaucht, allerdings werden mir "meine Bilder" etc.. jetzt doppelt angezeigt und auf einige Ordner kann ich nicht zugreifen.

cosinus · 21.09.2011, 10:50

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

DanSkorksi · 21.09.2011, 11:28

Musste nach der Bereinigung einen weiteren Neustart durchführen, da sich u.a. der Browser nicht mehr ausführen ließ. Hier das file:
Combofix Logfile:

Code:

ATTFilter

ComboFix 11-09-21.01 - Dan 21.09.2011  12:10:20.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.3172 [GMT 2:00]
ausgeführt von:: c:\users\Dan\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\hpe7E36.dll
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-08-21 bis 2011-09-21  ))))))))))))))))))))))))))))))
.
.
2011-09-21 10:15 . 2011-09-21 10:15	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-09-21 10:15 . 2011-09-21 10:15	--------	d-----w-	c:\users\Daniel\AppData\Local\temp
2011-09-20 19:48 . 2011-09-20 19:48	--------	d-----w-	C:\_OTL
2011-09-19 16:53 . 2011-09-19 16:53	--------	d-----w-	c:\program files (x86)\ESET
2011-09-14 15:23 . 2011-09-14 15:23	--------	d-----w-	c:\program files (x86)\Free M4a to MP3 Converter
2011-09-11 18:45 . 2011-09-11 18:45	--------	d-----w-	c:\users\Daniel\AppData\Roaming\Garmin
2011-09-01 08:31 . 2011-09-19 16:51	134104	----a-w-	c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-08-24 07:39 . 2011-07-09 05:26	2048	----a-w-	c:\windows\system32\tzres.dll
2011-08-24 07:39 . 2011-07-09 04:29	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2011-08-22 11:21 . 2011-08-22 11:21	--------	d-----w-	c:\users\Dan\AppData\Roaming\SUPERAntiSpyware.com
2011-08-22 11:21 . 2011-08-22 11:21	--------	d-----w-	c:\programdata\!SASCORE
2011-08-22 11:21 . 2011-08-22 11:24	--------	d-----w-	c:\program files\SUPERAntiSpyware
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-01 18:18 . 2011-05-19 18:10	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-31 15:00 . 2011-02-15 16:11	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-08-02 21:30 . 2011-02-15 16:21	627600	----a-w-	c:\windows\system32\deployJava1.dll
2011-07-22 05:42 . 2011-08-10 20:40	2303488	----a-w-	c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-10 20:40	1389056	----a-w-	c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-10 20:40	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-10 20:40	1797632	----a-w-	c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-10 20:40	1126912	----a-w-	c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-10 20:40	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:41 . 2011-08-10 18:48	362496	----a-w-	c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-10 18:48	243200	----a-w-	c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-10 18:48	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-10 18:48	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-10 18:48	421888	----a-w-	c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-10 18:48	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:48	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:48	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:48	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:48	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:48	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:48	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:48	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:48	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 18:48	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:29 . 2011-08-10 18:48	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26 . 2011-08-10 18:48	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2011-07-16 04:25 . 2011-08-10 18:48	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2011-07-16 04:24 . 2011-08-10 18:48	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2011-07-16 04:24 . 2011-08-10 18:48	272384	----a-w-	c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:15 . 2011-08-10 18:48	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:48	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:48	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:48	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:48	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:48	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:48	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:48	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:48	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:48	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:48	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:48	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:48	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 18:48	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2011-07-16 02:21 . 2011-08-10 18:48	2048	----a-w-	c:\windows\SysWow64\user.exe
2011-07-16 02:17 . 2011-08-10 18:48	6144	---ha-w-	c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 18:48	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 18:48	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 18:48	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:46 . 2011-08-10 18:48	288768	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-06-28 20:45 . 2011-02-15 15:16	88288	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-06-28 20:45 . 2011-02-15 15:16	123784	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-06-25 23:46 . 2011-03-12 15:38	113440	----a-w-	c:\programdata\Microsoft\VCExpress\10.0\1031\ResourceCache.dll
2011-06-24 05:34 . 2011-08-10 18:48	214528	----a-w-	c:\windows\system32\winsrv.dll
2011-06-24 05:25 . 2011-08-10 18:48	338432	----a-w-	c:\windows\system32\conhost.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-22 5471104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WN111v2 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WN111v2\WN111v2.exe [2009-10-1 1748992]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 DNIMp50a64;DNIMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50a64.sys [x]
R3 DNISp50a64;DNISp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50a64.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WN111v2\jswpsapi.exe [2008-02-29 942080]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [x]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [x]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [x]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-10-01 26624]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-22 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-10 993848]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2w7x.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.sueddeutsche.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\tafz5pcz.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-537677768-1180501468-1744116943-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:41,7b,b0,d1,5b,1e,00,2a,fa,fe,a1,e6,f8,4b,d3,68,17,20,c9,2a,fa,ee,be,
   32,42,1d,3c,3e,16,cd,fe,a3,48,ac,c1,a0,f9,14,09,7b,8c,ce,cc,47,3b,ef,f5,b8,\
"??"=hex:0b,2c,b6,02,51,fe,9a,8f,46,8e,db,36,4c,ca,82,74
.
[HKEY_USERS\S-1-5-21-537677768-1180501468-1744116943-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:02,ac,f7,ec,4c,fe,6c,8d,67,d0,5e,75,0a,e2,46,55,36,ff,04,ad,04,
   ed,80,eb,4a,bc,68,ec,6c,cf,4e,87,75,79,31,c5,7b,61,a1,17,86,42,8e,aa,3f,c1,\
"rkeysecu"=hex:ee,27,ec,bc,a2,e1,85,e4,92,14,1d,c6,2b,ce,9e,78
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-09-21  12:20:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-09-21 10:20
.
Vor Suchlauf: 9 Verzeichnis(se), 11.749.314.560 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 11.580.989.440 Bytes frei
.
- - End Of File - - EB4DBBCB858EB57332AE8AF3E6D43CD9

--- --- ---

19.09.2011, 13:46	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	'EXP/Agent.AG' [exploit] gefunden Log von AntiVir fehlt... __________________ __________________

'EXP/Agent.AG' [exploit] gefunden

Plagegeister aller Art und deren Bekämpfung: 'EXP/Agent.AG' [exploit] gefunden