Hartnäckiger Trojaner lässt sich nicht entfernen

hujhuj · 21.11.2011, 19:35

Guten Abend!

Mein Vater meldete mir einen Trojanerbefall. Er hatte selbst einen vollständigen Scan mit geupdatetem MBAM gemacht und auch gleich drei Schädlinge gefunden:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8199

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20.11.2011 16:52:14
mbam-log-2011-11-20 (16-52-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 261545
Laufzeit: 21 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Trojan.FakeMS) -> Value: NvCplDaemonTool -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Siegfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanpdiskaf64.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\siegfried\nvload16.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\siegfried\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.

Leider erscheint nach dem Neustart und beim Hochfahren jedes mal das "Öffnen mit..." Fenster von Windows, welches davor warnt eine .dll Datei auszuführen. Für mich war klar, dass der Trojaner zur hartnäckigeren Sorte gehört und noch immer präsent ist. Also habe ich kurzerhand einen erneuten Fullscan gemacht und ihn wieder entfernt. Nach einem Neustart das gleiche Spiel. Google konnte mir bisher nicht weiterhelfen, also wende ich mich nun an fachkundige Leute, das seid ihr.

Ich hoffe uns kann geholfen werden. Danke im voraus!

cosinus · 21.11.2011, 19:42

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

hujhuj · 22.11.2011, 07:24

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=887ec303db86bf4e9e2e560433d86a04
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-21 09:59:59
# local_time=2011-11-21 10:59:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1797 16775165 100 94 902453 58441464 909724 0
# compatibility_mode=5893 16776574 100 94 13142528 73539451 0 0
# compatibility_mode=8192 67108863 100 0 3708 3708 0 0
# scanned=106749
# found=3
# cleaned=0
# scan_time=3198
C:\Users\Siegfried\nvload16.dll	a variant of Win32/Kryptik.VHM trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Siegfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanpdiskaf64.dll	a variant of Win32/Kryptik.VHM trojan (unable to clean)	00000000000000000000000000000000	I
${Memory}	multiple threats	00000000000000000000000000000000	I

Hier die Logdatei des genannten Scanners. Danke für die schnelle Antwort.

cosinus · 22.11.2011, 11:02

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

hujhuj · 22.11.2011, 18:18

OTL wie beschrieben ausgeführt:

Code:

ATTFilter

OTL logfile created on: 11/22/2011 6:08:35 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Siegfried\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 3.01 Gb Available Physical Memory | 75.25% Memory free
8.00 Gb Paging File | 6.75 Gb Available in Paging File | 84.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 900.41 Gb Total Space | 844.86 Gb Free Space | 93.83% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 11.20 Gb Free Space | 37.33% Space Free | Partition Type: NTFS
 
Computer Name: SIEGFRIEDS-PC | User Name: Siegfried | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Siegfried\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\vsnpstd3.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\vsnpstd3.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\SysNative\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV:64bit: - (AVMUNET) -- C:\Windows\SysNative\drivers\avmunet.sys (AVM GmbH)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\SysWOW64\drivers\snpstd3.sys (Sonix Co. Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDND&bmod=MDND
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=MDND&bmod=MDND
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.freenet.de"
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/10 08:53:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/06/21 19:48:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Siegfried\AppData\Roaming\mozilla\Extensions
[2011/11/11 08:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/07/17 14:51:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/10 08:53:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010/01/01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/01/01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Siegfried\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\npSkypeChromePlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Extension = C:\Users\Siegfried\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7896_0\
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [NvCplDaemonTool] rundll32.exe C:\Users\SIEGFR~1\nvload16.dll,_IWMPEvents File not found
O4 - Startup: C:\Users\Siegfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanpdiskaf64.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.182 80.69.100.174
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B6FC610-A744-4648-8255-6EED10098EDA}: DhcpNameServer = 80.69.100.182 80.69.100.174
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0D4FB91-6D23-469C-9B58-E1011803795D}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk - C:\PROGRA~2\Audible\Bin\AUDIBL~1.EXE - (Audible, Inc.)
MsConfig:64bit - StartUpFolder: C:^Users^Siegfried^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
MsConfig:64bit - StartUpFolder: C:^Users^Siegfried^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^scandisk.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: BsScanner - Service
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: BsScanner - Service
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: BsScanner - Service
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: BsScanner - Service
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/11/22 12:15:28 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{02C8018E-F92E-402D-A54B-08A5B793E6D5}
[2011/11/22 12:15:06 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{A2A6433F-8F08-4A13-88FD-D6C5B6FFF5B8}
[2011/11/21 22:04:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/11/21 21:57:11 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{3E612698-8D32-4B53-A2EA-3C934AE4EFA5}
[2011/11/21 18:16:49 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{C41709F1-52A5-4947-ACFF-8D725F5FE297}
[2011/11/21 18:16:26 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{75C614F5-F50A-4C9D-833B-6DFE8D322F60}
[2011/11/21 16:55:20 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{F0DB0697-EB07-4F2E-91D7-7DF362A9DBDB}
[2011/11/21 16:54:57 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{EF9AD7B9-2001-4733-872C-CB390AEE4DC5}
[2011/11/20 21:03:08 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{687C0700-15DD-4DE5-943C-3C4F4D3AE0A5}
[2011/11/20 21:02:46 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{2FF6BC9A-AD41-4F5A-BB76-D3C0AE5F4E6B}
[2011/11/20 19:01:54 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{F733502A-ED50-4423-9E12-7D5E70446238}
[2011/11/20 19:01:32 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{F600673C-90B4-4806-9088-F2DFB567AD5C}
[2011/11/20 18:52:22 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{BDE26E06-4FDF-46CE-BFA6-FAC2756C67F9}
[2011/11/20 18:13:55 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{E313CD2C-AEF5-495C-AE1E-BDEBF66B159D}
[2011/11/20 18:13:32 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{E6A319A7-1F90-4EAD-9219-F168934BD52A}
[2011/11/20 18:06:51 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{940E66A2-7F2F-42CA-BB16-3AA892F295B8}
[2011/11/20 18:06:29 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{D7CD0831-FC4A-4FDB-B72A-B1E0CE8490F1}
[2011/11/20 11:39:44 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{4D1D960A-F4CA-46E5-AD11-A55B25B18364}
[2011/11/20 11:39:21 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{808BAEE4-3E14-4D29-9F4F-E2FCAA8C6AC6}
[2011/11/20 09:11:14 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{99F98317-784B-4B27-9BBB-44E5E8DF5AC3}
[2011/11/20 09:11:03 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{A2A5B2FC-D955-4BE9-850F-7D5E3540DD0D}
[2011/11/19 19:49:11 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{86BB241F-EAA6-45DE-9D9D-FC1F6A38FF55}
[2011/11/19 19:48:49 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{8FF928D8-FD88-4B06-A2A7-EB2A553B8568}
[2011/11/19 17:05:10 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{A6FB9EF2-7AC4-4CDC-BFFC-2B11C44D8B69}
[2011/11/19 17:04:58 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{0D15AE7C-A262-443D-B447-394421DE37EE}
[2011/11/18 23:02:00 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{5E5F311D-BF16-4A36-A85D-659314ABB0C3}
[2011/11/18 21:48:12 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{95F25DA4-A37E-42C7-94A7-08F0ECE13D70}
[2011/11/18 21:48:01 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{CE30370D-739A-4BAE-8898-28E2121A60FC}
[2011/11/18 13:49:36 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{4D770CFC-A99F-42E7-9283-47C15DBEA335}
[2011/11/18 13:49:20 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{5200AF6F-FDA0-4FF4-A4C2-5A31839B7DA3}
[2011/11/17 22:57:16 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{10D037E5-E2A2-4760-B5EB-A1F45A8341FB}
[2011/11/17 22:56:54 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{08D14966-88E4-4F7D-8B7D-630B032EEA11}
[2011/11/17 21:27:16 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{4A4E65C5-E7BA-429A-84A0-A4557A340ED4}
[2011/11/17 21:26:54 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{E7CFD3CC-2F82-460F-AA9D-4B011E44F4E7}
[2011/11/17 18:41:37 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{DBB3B843-F84F-4ACD-A0C5-669BA46C0697}
[2011/11/17 18:41:26 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{E9D57FA0-E3E0-4F02-B9F0-8D6BD778CDED}
[2011/11/17 16:20:10 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{7480649D-95F7-47EE-BC41-641249EC99CE}
[2011/11/17 16:19:59 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{5351F56D-E35E-4F11-B1C7-D08D2BB777A6}
[2011/11/17 10:43:42 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{6567569B-83C5-48AD-A555-E10D4548A4D0}
[2011/11/17 10:43:20 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{52FF5EC3-BBCF-44F3-BC06-FBB317ACB74D}
[2011/11/17 09:48:58 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{9C27ED20-0BE7-4CEB-A5C2-98D45C05147F}
[2011/11/17 09:48:36 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{2ABA8744-B4BD-4BB7-B357-2874EE7AE988}
[2011/11/17 08:28:54 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{D12AF1F0-A72E-4DE4-8221-5EBFB942375F}
[2011/11/16 18:33:10 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{8EBA85E3-3C36-4A6C-B8E7-88DA866190DD}
[2011/11/16 18:32:48 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{26048EBB-BE0A-4816-87EC-BEC2792EF71D}
[2011/11/16 17:19:07 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{EF2D75BD-8E7B-4A05-8784-D92187E8F5C9}
[2011/11/16 17:18:45 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{176BDFFF-F5F7-41DA-AA14-4E005E4120D7}
[2011/11/16 16:14:34 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{0DFDD381-4278-4F4B-9270-47B9EB2F9D42}
[2011/11/16 16:14:23 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{08CF69FD-7CFD-494B-ABAF-6E4A0263D513}
[2011/11/16 16:09:42 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{862B4784-FC2E-45FA-BBCC-0105941C2DF9}
[2011/11/16 16:09:19 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{998C6BD3-FD11-49AE-AEA9-A9E4FADA0329}
[2011/11/16 15:40:09 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{5E398D96-DB8D-4C9B-B735-E559DDECA91E}
[2011/11/16 14:55:25 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{BFFB7DEB-FC13-48B5-A634-25416021ECAB}
[2011/11/16 14:55:02 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{3919A162-9DC4-4D6F-9FF5-483E077E0FC1}
[2011/11/16 09:17:13 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{4B6DFA41-9E70-4D9A-9E87-CCBCA3CD1C83}
[2011/11/16 09:16:51 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{2AF3C049-7D2F-45FF-8BE2-E11A944F9CD7}
[2011/11/15 21:56:56 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{2607F6FD-D6C5-4DC0-9CA7-C88EC4ADAEE1}
[2011/11/15 21:56:34 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{BDC3FAF2-EDC8-416F-A4B7-0D384B463E08}
[2011/11/15 15:43:47 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{4E116DD8-17EA-4622-AB86-9D7F2F1DE074}
[2011/11/15 15:43:23 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{E5856D05-8969-4FFF-AF0F-3AE3F0D2A267}
[2011/11/15 08:44:12 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{EA12BF2F-2CF1-4EE2-90E3-85BB66953455}
[2011/11/15 08:43:50 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{CB748102-096C-4724-8653-5C88F810A6B8}
[2011/11/14 23:45:29 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{A8C5EB64-3B1F-4E45-85F2-49D265F593B3}
[2011/11/14 17:26:36 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{6F8C335E-8CA9-41FE-BF3F-BAD7158183EF}
[2011/11/14 17:26:25 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{ACFF8DB7-6153-44B9-8FA6-EB6BF96B1D03}
[2011/11/14 15:34:43 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{8DB1E104-1E63-4181-BE7A-EFE4079962FA}
[2011/11/14 15:34:20 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{2685E788-6CEA-4D13-9F3E-81048D6CF611}
[2011/11/14 08:57:48 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{D2114C35-B724-4477-8BE9-EEFCE288F071}
[2011/11/14 08:57:26 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{4D2982D4-3B10-4257-8FCE-C4348CC123FD}
[2011/11/13 16:14:05 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{808DD755-F30B-4F65-9CA7-3BDE9E7402EB}
[2011/11/13 16:13:43 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{4209D5DC-E750-4DBB-B58D-CD22C54D9DB4}
[2011/11/13 14:49:55 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{69CC0F26-BF1F-449A-A91E-E98E1251DC26}
[2011/11/13 11:01:26 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{9616771E-E46E-43CD-937D-60F4EC125DEA}
[2011/11/13 11:01:15 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{2A29C846-26EF-49D8-BE1F-260B51654BDD}
[2011/11/13 10:07:41 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{28B68FE8-9330-4B90-AE3B-D6867506A6BE}
[2011/11/13 10:07:30 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{11EF7E78-4E17-4B7B-968A-D496027F90B8}
[2011/11/13 00:08:12 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{9F8F902C-FB3B-4999-8F05-797730259B22}
[2011/11/13 00:07:50 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{A0356FE8-08A8-49EB-A401-6224BA9F2212}
[2011/11/12 22:03:22 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{BF764B7C-FD2E-4EC0-87A4-F8D356D1C1D1}
[2011/11/12 22:03:11 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{999B49C0-8A36-4291-B868-F339F84AD020}
[2011/11/12 15:02:38 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{50ADD7E0-B5C9-48B1-BF2A-1D228F08B283}
[2011/11/12 15:02:26 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{BDEFBC00-F282-458E-80B5-7666068F1251}
[2011/11/11 21:35:45 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{5746636D-15C7-4503-9F32-3AAED2B61FCB}
[2011/11/11 21:35:23 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{A1B73CB9-38CC-42DC-979F-5730A830301D}
[2011/11/11 18:04:52 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{BA0016C5-94A6-49CD-8021-D4D9B58F53A1}
[2011/11/11 18:04:30 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{FC4B71E6-2CFD-4121-9B8A-B9908CBFE4E9}
[2011/11/11 14:39:46 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{D2F12F07-22A8-427C-9BF8-F99578E0ADAC}
[2011/11/11 14:39:24 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{801C8422-99C2-49C5-957D-CD897E824A47}
[2011/11/10 15:07:15 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{AD0B5D46-5BB2-485E-8F5E-0D3E9CB51C59}
[2011/11/10 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{7D63089E-5907-4A95-8063-02A51EC04CDB}
[2011/11/10 09:10:39 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{87CBCC6F-C228-4A75-9AFF-A965B91B55A8}
[2011/11/10 09:10:17 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{7B15FDB8-BC0B-40D9-986E-64678E355F5C}
[2011/11/09 21:21:01 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{C487C374-116F-43B6-B0E2-9471A7402CCC}
[2011/11/09 21:20:39 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{7BCBD1A6-4350-46A5-B831-A414A3C9E93A}
[2011/11/09 21:15:14 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{EFF9A617-E6FA-4638-9039-AB9637CC64EF}
[2011/11/09 21:14:52 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{9B66A48C-61F1-4283-9478-2A32816F35DC}
[2011/11/08 21:09:07 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{68324EE8-BE5B-43AE-A814-DD79A23C4C24}
[2011/11/08 21:08:45 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{611F9BC7-5C8C-4190-AAD5-828AE4F4DF01}
[2011/11/08 15:40:50 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{06F58FB3-0075-4B62-BAB9-3870E0C756D0}
[2011/11/08 15:40:28 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{E2CD7075-7CBD-44AC-AB64-290CBFA9C375}
[2011/11/07 20:03:46 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{1AE83794-10DA-4BF0-A1A8-7B8F2DBDABCD}
[2011/11/07 20:03:24 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{7AE8E28D-63B2-49C2-81E4-9E77343F0425}
[2011/11/07 15:19:23 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{B90E286A-CCA6-48A6-B452-3A093100FA2E}
[2011/11/07 15:19:12 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{894B880E-B1D4-47E3-973F-AD8B7D8401DA}
[2011/11/06 17:47:58 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{38695A67-AF0E-4D39-8EB9-C40720706619}
[2011/11/06 17:47:36 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{CB0236D9-7CC4-4F5B-A8B1-2FEF31FAA403}
[2011/11/06 10:31:33 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{2075C637-FE52-4B0E-BE23-AB721EB4C8BE}
[2011/11/06 10:31:11 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{A493D704-59B8-4AC3-A20B-A27943C341D9}
[2011/11/05 22:02:36 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{A4C54959-84C3-470F-81D3-58A7244EE4FE}
[2011/11/05 22:02:14 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{2EB7803B-706D-4918-A790-A893AE61D4F0}
[2011/11/04 17:50:35 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{9EED1E63-8AB0-4DAC-924F-7814A0F7F098}
[2011/11/04 17:50:13 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{EB8FBF0E-E7AF-4AA1-ADCB-D4CFD6F0452F}
[2011/11/04 16:24:17 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{AA53EF68-63AE-4214-99F1-AA7CCE952769}
[2011/11/04 16:23:54 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{B51849A3-CD23-4100-8C5B-24C021BE4A6C}
[2011/11/04 13:47:06 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{851C1E34-F96B-4A2E-86D2-CF242F857621}
[2011/11/04 13:46:43 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{4BC8D3C2-919A-49CD-BFEC-D4C7CCB51C52}
[2011/11/03 22:37:37 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{144FA324-AD87-408A-B2B9-D1B139CC6BC5}
[2011/11/03 22:37:15 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{885DFCBF-183C-44A8-ABC3-C5E46625AF51}
[2011/11/03 18:18:01 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{31E13EFE-CF70-4694-ADD3-C270A03F3709}
[2011/11/03 14:54:25 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{EBCB9CF4-E217-4026-917C-E3117A9C318D}
[2011/11/03 14:54:14 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{9F878CED-3456-4475-A632-CD23D93C3016}
[2011/11/03 09:35:23 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{CC722234-1782-49F4-802C-19488F1D6EF5}
[2011/11/03 09:35:01 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{7261A9B8-4C7A-4C4F-B9FE-C7392D24AE07}
[2011/11/02 20:12:54 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{A4070AA6-7501-4A32-BE49-B49FE6783CB3}
[2011/11/02 20:12:32 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{DB7B6B2B-C423-4EAB-8F84-1453105A610E}
[2011/11/02 12:20:28 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{E2FE01F1-335F-46CA-B688-183C3F8510F5}
[2011/11/02 07:38:17 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{3698724C-719D-4C0F-8491-03B6F023947B}
[2011/11/02 07:37:55 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{FD3C7D17-2CB1-4D9D-847B-E47B3F462FC6}
[2011/11/01 19:54:15 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{BCF9DDED-2688-482B-ADD6-93255426D9BD}
[2011/11/01 19:53:52 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{27A245E2-9A7F-4DBE-8DF9-E24DC9BD4155}
[2011/11/01 14:19:33 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{AA8D829A-086D-4E68-B25A-6061040C3CF2}
[2011/11/01 14:19:10 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{ED21DD28-B61D-47B2-8C33-25DCD115A8C5}
[2011/11/01 13:17:01 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{C091FB02-69DF-4661-83BD-F61AE8B5A64B}
[2011/11/01 09:54:41 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{2306D39F-CBA9-4240-B79A-B3B24A6F534F}
[2011/11/01 09:54:18 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{F3775F8D-DA6C-4A6E-92E0-DBD42370BEC9}
[2011/10/31 20:52:24 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{3F047581-CEB3-4B3A-9262-6AF8AE414B95}
[2011/10/31 20:52:01 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{58889D42-C94F-4FF4-B248-25CC16A5D6E9}
[2011/10/30 20:27:09 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{967149A9-E420-4CB1-8348-78BEEB2FDE3A}
[2011/10/30 20:26:46 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{7A7DBF74-9C1A-4135-A3D6-F13701704DBC}
[2011/10/29 23:08:39 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{3B6F3D8A-4D5F-4E45-9490-236FF6E7926D}
[2011/10/29 23:08:17 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{5914F787-12F1-4520-B092-8EFC8E493A99}
[2011/10/29 22:27:05 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{45293810-5F71-47D6-A9A8-4D9CF57D8720}
[2011/10/29 22:26:43 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{2D78B2FF-A17D-4F36-8DD0-E92926A5A02A}
[2011/10/29 17:57:12 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{3DFA92AC-03DD-4524-8C93-62AB75E7AC12}
[2011/10/29 17:56:50 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{64974150-07D6-4D89-8751-EF0B9FEBBE56}
[2011/10/29 11:35:14 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{37AF8313-A373-486C-B7D6-C5C08798D790}
[2011/10/29 11:34:52 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{5077E0E8-79E8-4725-88F9-91B08C9D50DC}
[2011/10/28 17:44:48 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{43F62ABD-85B6-49D9-8B86-6AE961E683DC}
[2011/10/28 17:44:37 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{D94E3FB8-AAAF-4A17-9CCE-457872CBE25F}
[2011/10/28 15:50:30 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{ABCE0EC5-B54C-46D3-B5D3-CCF2FAF5A675}
[2011/10/28 15:50:08 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{C10B8B31-1876-4DE0-8122-DF863A2ABB79}
[2011/10/28 14:12:13 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{7EAEBAE4-45C0-4545-A860-5A125F771099}
[2011/10/27 21:38:10 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{11CFC076-B701-4378-82FA-F5C52BB675E9}
[2011/10/27 17:50:16 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{1F174301-B1B4-4AB1-9BD1-76D40E5B4C71}
[2011/10/27 17:49:54 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{B8B3993B-2E0D-4045-9B17-8F348617FAAF}
[2011/10/27 15:08:48 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{40846E35-24A6-4B51-913E-7CECBB0E3C79}
[2011/10/27 15:08:26 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{71D51160-5DF2-44C8-8E19-CE5E44D465B9}
[2011/10/26 20:37:57 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{79A59B71-ED1F-449E-9275-0B8125444263}
[2011/10/26 18:19:18 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{3F923472-8809-47B7-858D-D92A361AE31E}
[2011/10/26 18:18:55 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{330926FA-5F4C-40D7-BB1C-D5C4942771AA}
[2011/10/25 20:03:57 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{A130C465-68CF-4A83-9A1B-F256BE05126D}
[2011/10/25 20:03:34 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{89AB8E34-F3A4-4669-A491-B45DAF885D4A}
[2011/10/25 18:50:11 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{011331F7-F990-4337-9932-84F5B01A6204}
[2011/10/25 18:49:49 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{CCCA1D55-9E18-4F60-8959-09F7A2FB9BDC}
[2011/10/25 18:09:10 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{4AE272E5-3297-4A7E-AD88-070514683861}
[2011/10/25 18:08:48 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{DB0AB3C4-3AA3-41AE-ADB8-5E554D8C309B}
[2011/10/25 17:42:17 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{2A9E5D86-A038-40E3-AD50-1961B1001144}
[2011/10/25 17:42:06 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{FD885B1F-545A-4FBD-9218-8B91C3A58442}
[2011/10/24 17:18:16 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{97A4E712-5975-45F5-A002-845C7471D0BC}
[2011/10/23 19:16:08 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{500D7359-C26B-4C1F-8204-BB8F89126A7C}
[2011/10/23 19:15:46 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{50557FED-7D71-41E4-8894-210E4398D414}
[2011/07/17 17:34:32 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll
[2011/07/17 17:34:32 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll
[2011/07/17 17:34:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011/11/22 18:11:15 | 000,001,068 | ---- | M] () -- C:\Users\Siegfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
[2011/11/22 18:09:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/22 18:06:15 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/22 18:00:15 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/22 18:00:15 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/22 17:57:10 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/22 17:57:10 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011/11/22 17:57:10 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/22 17:57:10 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011/11/22 17:57:10 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/22 17:52:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/22 17:52:53 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/20 21:09:38 | 000,002,715 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/11/15 08:43:11 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2011/11/20 16:57:08 | 000,001,068 | ---- | C] () -- C:\Users\Siegfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
[2011/07/17 17:34:32 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2011/07/17 17:34:32 | 000,270,336 | ---- | C] () -- C:\Windows\tsnpstd3.exe
[2011/07/17 17:34:32 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2011/02/15 23:43:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/17 20:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011/06/21 20:26:06 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\Canneverbe Limited
[2011/07/24 23:53:41 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\ICQ
[2011/11/20 10:25:53 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\Mp3tag
[2011/06/23 21:33:07 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\OpenOffice.org
[2011/06/21 21:11:51 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\Windows Live Writer
[2011/11/11 16:35:41 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/06/22 18:28:08 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\Adobe
[2011/07/22 15:36:05 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\Apple Computer
[2011/06/21 18:50:09 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\ATI
[2011/06/23 21:48:02 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\Avira
[2011/06/21 20:26:06 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\Canneverbe Limited
[2011/07/24 23:53:41 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\ICQ
[2011/06/21 18:49:46 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\Identities
[2011/07/17 17:34:04 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\InstallShield
[2010/12/04 01:32:19 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\Macromedia
[2011/06/21 20:28:44 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\Malwarebytes
[2009/07/14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\Media Center Programs
[2011/06/22 18:28:08 | 000,000,000 | --SD | M] -- C:\Users\Siegfried\AppData\Roaming\Microsoft
[2011/06/21 19:48:17 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\Mozilla
[2011/11/20 10:25:53 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\Mp3tag
[2011/06/23 21:33:07 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\OpenOffice.org
[2011/11/20 10:35:56 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\Skype
[2011/06/21 20:41:51 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\vlc
[2011/06/21 21:11:51 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\Windows Live Writer
[2011/07/12 19:35:04 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010/12/16 01:12:49 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Siegfried\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2007/11/14 19:44:42 | 000,129,552 | ---- | M] (Promise Technology, Inc.) MD5=58CB1FA96B24DFE2196548E959B1996B -- C:\ATI\Win7_Vista\8_81\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
[2009/10/26 19:41:10 | 000,189,496 | ---- | M] (Advanced Micro Devices, Inc) MD5=6C27F0A964EA98F457CAAB9A47030538 -- C:\ATI\Win7_Vista\8_81\Packages\Drivers\SBDrv\SB6xx\RAID\W7\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010/05/12 09:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010/05/12 09:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_c9199d57075f47a9\iaStorV.sys
[2010/05/12 09:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2010/05/12 09:50:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010/05/12 09:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010/05/12 09:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_c09ee40f078b4594\nvstor.sys
[2010/05/12 09:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010/05/12 09:50:49 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

cosinus · 22.11.2011, 18:46

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

hujhuj · 22.11.2011, 22:17

Code:

ATTFilter

22:16:37.0383 3364	TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
22:16:37.0457 3364	============================================================
22:16:37.0457 3364	Current date / time: 2011/11/22 22:16:37.0457
22:16:37.0457 3364	SystemInfo:
22:16:37.0457 3364	
22:16:37.0457 3364	OS Version: 6.1.7600 ServicePack: 0.0
22:16:37.0457 3364	Product type: Workstation
22:16:37.0458 3364	ComputerName: SIEGFRIEDS-PC
22:16:37.0458 3364	UserName: Siegfried
22:16:37.0458 3364	Windows directory: C:\Windows
22:16:37.0458 3364	System windows directory: C:\Windows
22:16:37.0458 3364	Running under WOW64
22:16:37.0458 3364	Processor architecture: Intel x64
22:16:37.0458 3364	Number of processors: 2
22:16:37.0458 3364	Page size: 0x1000
22:16:37.0458 3364	Boot type: Normal boot
22:16:37.0458 3364	============================================================
22:16:38.0250 3364	Initialize success
22:16:59.0317 2328	============================================================
22:16:59.0317 2328	Scan started
22:16:59.0317 2328	Mode: Manual; SigCheck; TDLFS; 
22:16:59.0317 2328	============================================================
22:17:00.0253 2328	1394ohci        (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys
22:17:00.0357 2328	1394ohci - ok
22:17:00.0391 2328	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
22:17:00.0407 2328	ACPI - ok
22:17:00.0430 2328	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
22:17:00.0470 2328	AcpiPmi - ok
22:17:00.0516 2328	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:17:00.0531 2328	adp94xx - ok
22:17:00.0553 2328	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:17:00.0568 2328	adpahci - ok
22:17:00.0595 2328	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:17:00.0605 2328	adpu320 - ok
22:17:00.0655 2328	AFD             (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
22:17:00.0747 2328	AFD - ok
22:17:00.0782 2328	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
22:17:00.0791 2328	agp440 - ok
22:17:00.0824 2328	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
22:17:00.0832 2328	aliide - ok
22:17:00.0868 2328	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
22:17:00.0875 2328	amdide - ok
22:17:00.0894 2328	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:17:00.0963 2328	AmdK8 - ok
22:17:01.0134 2328	amdkmdag        (d3b70dab12fecb8453e061e719b10d86) C:\Windows\system32\DRIVERS\atikmdag.sys
22:17:01.0331 2328	amdkmdag - ok
22:17:01.0372 2328	amdkmdap        (a9b04d58abcecf6329f87c8fd3382ab1) C:\Windows\system32\DRIVERS\atikmpag.sys
22:17:01.0402 2328	amdkmdap - ok
22:17:01.0445 2328	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:17:01.0490 2328	AmdPPM - ok
22:17:01.0514 2328	amdsata         (ab3166c09438a161fbde13099a72e0af) C:\Windows\system32\DRIVERS\amdsata.sys
22:17:01.0523 2328	amdsata - ok
22:17:01.0549 2328	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:17:01.0559 2328	amdsbs - ok
22:17:01.0575 2328	amdxata         (5118dcd2065d8c8d752ad5ec0b2d6aa6) C:\Windows\system32\DRIVERS\amdxata.sys
22:17:01.0584 2328	amdxata - ok
22:17:01.0626 2328	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
22:17:01.0676 2328	AppID - ok
22:17:01.0746 2328	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:17:01.0755 2328	arc - ok
22:17:01.0780 2328	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:17:01.0788 2328	arcsas - ok
22:17:01.0800 2328	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:17:01.0851 2328	AsyncMac - ok
22:17:01.0900 2328	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
22:17:01.0908 2328	atapi - ok
22:17:01.0955 2328	AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
22:17:02.0003 2328	AtiHDAudioService - ok
22:17:02.0037 2328	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
22:17:02.0043 2328	avgntflt - ok
22:17:02.0076 2328	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
22:17:02.0082 2328	avipbb - ok
22:17:02.0112 2328	AVMUNET         (60ddd914d878d04b5b0b1179b67e214d) C:\Windows\system32\DRIVERS\avmunet.sys
22:17:02.0132 2328	AVMUNET - ok
22:17:02.0181 2328	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:17:02.0211 2328	b06bdrv - ok
22:17:02.0245 2328	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:17:02.0268 2328	b57nd60a - ok
22:17:02.0295 2328	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:17:02.0353 2328	Beep - ok
22:17:02.0407 2328	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:17:02.0432 2328	blbdrive - ok
22:17:02.0452 2328	bowser          (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
22:17:02.0511 2328	bowser - ok
22:17:02.0545 2328	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:17:02.0572 2328	BrFiltLo - ok
22:17:02.0595 2328	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:17:02.0615 2328	BrFiltUp - ok
22:17:02.0646 2328	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:17:02.0658 2328	Brserid - ok
22:17:02.0674 2328	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:17:02.0700 2328	BrSerWdm - ok
22:17:02.0722 2328	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:17:02.0740 2328	BrUsbMdm - ok
22:17:02.0768 2328	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:17:02.0790 2328	BrUsbSer - ok
22:17:02.0806 2328	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:17:02.0817 2328	BTHMODEM - ok
22:17:02.0857 2328	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:17:02.0893 2328	cdfs - ok
22:17:02.0923 2328	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
22:17:02.0953 2328	cdrom - ok
22:17:02.0998 2328	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:17:03.0010 2328	circlass - ok
22:17:03.0047 2328	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:17:03.0059 2328	CLFS - ok
22:17:03.0103 2328	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:17:03.0127 2328	CmBatt - ok
22:17:03.0152 2328	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
22:17:03.0159 2328	cmdide - ok
22:17:03.0190 2328	CNG             (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
22:17:03.0216 2328	CNG - ok
22:17:03.0235 2328	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:17:03.0241 2328	Compbatt - ok
22:17:03.0258 2328	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:17:03.0281 2328	CompositeBus - ok
22:17:03.0330 2328	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:17:03.0336 2328	crcdisk - ok
22:17:03.0362 2328	DfsC            (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
22:17:03.0398 2328	DfsC - ok
22:17:03.0424 2328	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:17:03.0458 2328	discache - ok
22:17:03.0480 2328	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:17:03.0488 2328	Disk - ok
22:17:03.0524 2328	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:17:03.0556 2328	drmkaud - ok
22:17:03.0592 2328	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
22:17:03.0613 2328	DXGKrnl - ok
22:17:03.0682 2328	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:17:03.0745 2328	ebdrv - ok
22:17:03.0791 2328	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:17:03.0804 2328	elxstor - ok
22:17:03.0824 2328	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
22:17:03.0846 2328	ErrDev - ok
22:17:03.0894 2328	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:17:03.0962 2328	exfat - ok
22:17:03.0988 2328	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:17:04.0027 2328	fastfat - ok
22:17:04.0065 2328	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:17:04.0096 2328	fdc - ok
22:17:04.0121 2328	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:17:04.0133 2328	FileInfo - ok
22:17:04.0159 2328	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:17:04.0194 2328	Filetrace - ok
22:17:04.0291 2328	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:17:04.0347 2328	flpydisk - ok
22:17:04.0436 2328	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
22:17:04.0457 2328	FltMgr - ok
22:17:04.0476 2328	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:17:04.0485 2328	FsDepends - ok
22:17:04.0516 2328	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:17:04.0522 2328	Fs_Rec - ok
22:17:04.0568 2328	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:17:04.0579 2328	fvevol - ok
22:17:04.0618 2328	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:17:04.0626 2328	gagp30kx - ok
22:17:04.0658 2328	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:17:04.0663 2328	GEARAspiWDM - ok
22:17:04.0700 2328	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:17:04.0722 2328	hcw85cir - ok
22:17:04.0768 2328	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
22:17:04.0814 2328	HdAudAddService - ok
22:17:04.0843 2328	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:17:04.0877 2328	HDAudBus - ok
22:17:04.0898 2328	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:17:04.0920 2328	HidBatt - ok
22:17:04.0945 2328	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:17:04.0974 2328	HidBth - ok
22:17:05.0006 2328	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:17:05.0028 2328	HidIr - ok
22:17:05.0060 2328	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
22:17:05.0084 2328	HidUsb - ok
22:17:05.0120 2328	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:17:05.0131 2328	HpSAMD - ok
22:17:05.0170 2328	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
22:17:05.0229 2328	HTTP - ok
22:17:05.0253 2328	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
22:17:05.0259 2328	hwpolicy - ok
22:17:05.0278 2328	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:17:05.0286 2328	i8042prt - ok
22:17:05.0309 2328	iaStorV         (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys
22:17:05.0321 2328	iaStorV - ok
22:17:05.0346 2328	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:17:05.0352 2328	iirsp - ok
22:17:05.0443 2328	IntcAzAudAddService (3e49dac8eefa6016aa2a6331bec866ae) C:\Windows\system32\drivers\RTKVHD64.sys
22:17:05.0526 2328	IntcAzAudAddService - ok
22:17:05.0549 2328	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
22:17:05.0556 2328	intelide - ok
22:17:05.0572 2328	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:17:05.0591 2328	intelppm - ok
22:17:05.0615 2328	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:17:05.0650 2328	IpFilterDriver - ok
22:17:05.0687 2328	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:17:05.0714 2328	IPMIDRV - ok
22:17:05.0725 2328	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:17:05.0763 2328	IPNAT - ok
22:17:05.0794 2328	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:17:05.0858 2328	IRENUM - ok
22:17:05.0875 2328	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
22:17:05.0891 2328	isapnp - ok
22:17:05.0919 2328	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
22:17:05.0930 2328	iScsiPrt - ok
22:17:05.0968 2328	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:17:05.0976 2328	kbdclass - ok
22:17:06.0018 2328	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
22:17:06.0051 2328	kbdhid - ok
22:17:06.0081 2328	KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
22:17:06.0092 2328	KSecDD - ok
22:17:06.0124 2328	KSecPkg         (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
22:17:06.0135 2328	KSecPkg - ok
22:17:06.0151 2328	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:17:06.0199 2328	ksthunk - ok
22:17:06.0223 2328	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:17:06.0257 2328	lltdio - ok
22:17:06.0306 2328	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:17:06.0313 2328	LSI_FC - ok
22:17:06.0337 2328	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:17:06.0344 2328	LSI_SAS - ok
22:17:06.0373 2328	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:17:06.0380 2328	LSI_SAS2 - ok
22:17:06.0396 2328	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:17:06.0403 2328	LSI_SCSI - ok
22:17:06.0441 2328	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:17:06.0497 2328	luafv - ok
22:17:06.0517 2328	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:17:06.0524 2328	megasas - ok
22:17:06.0540 2328	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:17:06.0550 2328	MegaSR - ok
22:17:06.0563 2328	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:17:06.0600 2328	Modem - ok
22:17:06.0638 2328	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:17:06.0671 2328	monitor - ok
22:17:06.0703 2328	motccgp - ok
22:17:06.0715 2328	motccgpfl - ok
22:17:06.0728 2328	MotDev - ok
22:17:06.0754 2328	motmodem - ok
22:17:06.0778 2328	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:17:06.0786 2328	mouclass - ok
22:17:06.0803 2328	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:17:06.0826 2328	mouhid - ok
22:17:06.0850 2328	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
22:17:06.0859 2328	mountmgr - ok
22:17:06.0888 2328	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
22:17:06.0898 2328	mpio - ok
22:17:06.0913 2328	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:17:06.0948 2328	mpsdrv - ok
22:17:06.0968 2328	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
22:17:06.0986 2328	MRxDAV - ok
22:17:07.0044 2328	mrxsmb          (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:17:07.0092 2328	mrxsmb - ok
22:17:07.0133 2328	mrxsmb10        (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:17:07.0162 2328	mrxsmb10 - ok
22:17:07.0185 2328	mrxsmb20        (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:17:07.0210 2328	mrxsmb20 - ok
22:17:07.0242 2328	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
22:17:07.0255 2328	msahci - ok
22:17:07.0280 2328	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
22:17:07.0299 2328	msdsm - ok
22:17:07.0331 2328	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:17:07.0400 2328	Msfs - ok
22:17:07.0423 2328	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:17:07.0474 2328	mshidkmdf - ok
22:17:07.0517 2328	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
22:17:07.0532 2328	msisadrv - ok
22:17:07.0559 2328	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:17:07.0585 2328	MSKSSRV - ok
22:17:07.0593 2328	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:17:07.0618 2328	MSPCLOCK - ok
22:17:07.0640 2328	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:17:07.0680 2328	MSPQM - ok
22:17:07.0699 2328	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
22:17:07.0710 2328	MsRPC - ok
22:17:07.0736 2328	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:17:07.0743 2328	mssmbios - ok
22:17:07.0750 2328	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:17:07.0789 2328	MSTEE - ok
22:17:07.0812 2328	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:17:07.0825 2328	MTConfig - ok
22:17:07.0833 2328	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:17:07.0841 2328	Mup - ok
22:17:07.0888 2328	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:17:07.0933 2328	NativeWifiP - ok
22:17:07.0998 2328	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
22:17:08.0029 2328	NDIS - ok
22:17:08.0047 2328	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:17:08.0128 2328	NdisCap - ok
22:17:08.0164 2328	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:17:08.0209 2328	NdisTapi - ok
22:17:08.0227 2328	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
22:17:08.0253 2328	Ndisuio - ok
22:17:08.0269 2328	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:17:08.0294 2328	NdisWan - ok
22:17:08.0310 2328	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
22:17:08.0355 2328	NDProxy - ok
22:17:08.0380 2328	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:17:08.0417 2328	NetBIOS - ok
22:17:08.0444 2328	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
22:17:08.0486 2328	NetBT - ok
22:17:08.0542 2328	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:17:08.0549 2328	nfrd960 - ok
22:17:08.0564 2328	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:17:08.0599 2328	Npfs - ok
22:17:08.0623 2328	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:17:08.0648 2328	nsiproxy - ok
22:17:08.0719 2328	Ntfs            (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys
22:17:08.0775 2328	Ntfs - ok
22:17:08.0790 2328	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:17:08.0825 2328	Null - ok
22:17:09.0031 2328	nvlddmkm        (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:17:09.0269 2328	nvlddmkm - ok
22:17:09.0304 2328	nvraid          (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys
22:17:09.0311 2328	nvraid - ok
22:17:09.0339 2328	nvstor          (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys
22:17:09.0348 2328	nvstor - ok
22:17:09.0367 2328	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
22:17:09.0374 2328	nv_agp - ok
22:17:09.0425 2328	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
22:17:09.0456 2328	ohci1394 - ok
22:17:09.0500 2328	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:17:09.0525 2328	Parport - ok
22:17:09.0548 2328	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
22:17:09.0561 2328	partmgr - ok
22:17:09.0591 2328	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
22:17:09.0607 2328	pci - ok
22:17:09.0647 2328	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
22:17:09.0662 2328	pciide - ok
22:17:09.0699 2328	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:17:09.0710 2328	pcmcia - ok
22:17:09.0731 2328	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:17:09.0740 2328	pcw - ok
22:17:09.0786 2328	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:17:09.0824 2328	PEAUTH - ok
22:17:09.0879 2328	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
22:17:09.0923 2328	PptpMiniport - ok
22:17:09.0949 2328	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:17:09.0965 2328	Processor - ok
22:17:10.0007 2328	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
22:17:10.0051 2328	Psched - ok
22:17:10.0094 2328	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:17:10.0135 2328	ql2300 - ok
22:17:10.0151 2328	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:17:10.0158 2328	ql40xx - ok
22:17:10.0178 2328	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:17:10.0190 2328	QWAVEdrv - ok
22:17:10.0227 2328	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:17:10.0252 2328	RasAcd - ok
22:17:10.0278 2328	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:17:10.0310 2328	RasAgileVpn - ok
22:17:10.0334 2328	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:17:10.0360 2328	Rasl2tp - ok
22:17:10.0376 2328	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:17:10.0438 2328	RasPppoe - ok
22:17:10.0472 2328	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:17:10.0505 2328	RasSstp - ok
22:17:10.0524 2328	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
22:17:10.0564 2328	rdbss - ok
22:17:10.0600 2328	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:17:10.0635 2328	rdpbus - ok
22:17:10.0658 2328	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:17:10.0704 2328	RDPCDD - ok
22:17:10.0730 2328	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:17:10.0801 2328	RDPENCDD - ok
22:17:10.0837 2328	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:17:10.0861 2328	RDPREFMP - ok
22:17:10.0880 2328	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
22:17:10.0920 2328	RDPWD - ok
22:17:10.0955 2328	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
22:17:10.0964 2328	rdyboost - ok
22:17:11.0007 2328	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:17:11.0089 2328	rspndr - ok
22:17:11.0137 2328	RTL8167         (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:17:11.0147 2328	RTL8167 - ok
22:17:11.0185 2328	RTL8192su       (4629c5c4772d223b0ecd1ea8ba7a2a33) C:\Windows\system32\DRIVERS\RTL8192su.sys
22:17:11.0198 2328	RTL8192su - ok
22:17:11.0227 2328	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
22:17:11.0234 2328	sbp2port - ok
22:17:11.0252 2328	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
22:17:11.0290 2328	scfilter - ok
22:17:11.0313 2328	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:17:11.0370 2328	secdrv - ok
22:17:11.0410 2328	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:17:11.0441 2328	Serenum - ok
22:17:11.0476 2328	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:17:11.0497 2328	Serial - ok
22:17:11.0524 2328	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:17:11.0535 2328	sermouse - ok
22:17:11.0581 2328	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
22:17:11.0601 2328	sffdisk - ok
22:17:11.0633 2328	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:17:11.0645 2328	sffp_mmc - ok
22:17:11.0666 2328	sffp_sd         (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:17:11.0687 2328	sffp_sd - ok
22:17:11.0706 2328	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:17:11.0730 2328	sfloppy - ok
22:17:11.0774 2328	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:17:11.0789 2328	SiSRaid2 - ok
22:17:11.0809 2328	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:17:11.0818 2328	SiSRaid4 - ok
22:17:11.0847 2328	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:17:11.0879 2328	Smb - ok
22:17:12.0086 2328	SNPSTD3         (3a7a54e12fe503028c7fb550718b0e38) C:\Windows\system32\DRIVERS\snpstd3.sys
22:17:12.0312 2328	SNPSTD3 - ok
22:17:12.0335 2328	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:17:12.0341 2328	spldr - ok
22:17:12.0400 2328	srv             (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
22:17:12.0434 2328	srv - ok
22:17:12.0457 2328	srv2            (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
22:17:12.0479 2328	srv2 - ok
22:17:12.0505 2328	srvnet          (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
22:17:12.0521 2328	srvnet - ok
22:17:12.0581 2328	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:17:12.0591 2328	stexstor - ok
22:17:12.0625 2328	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:17:12.0640 2328	swenum - ok
22:17:12.0721 2328	Tcpip           (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
22:17:12.0775 2328	Tcpip - ok
22:17:12.0813 2328	TCPIP6          (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
22:17:12.0840 2328	TCPIP6 - ok
22:17:12.0861 2328	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
22:17:12.0896 2328	tcpipreg - ok
22:17:12.0924 2328	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:17:12.0974 2328	TDPIPE - ok
22:17:12.0992 2328	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:17:13.0017 2328	TDTCP - ok
22:17:13.0035 2328	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
22:17:13.0070 2328	tdx - ok
22:17:13.0088 2328	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
22:17:13.0094 2328	TermDD - ok
22:17:13.0137 2328	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:17:13.0166 2328	tssecsrv - ok
22:17:13.0200 2328	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
22:17:13.0225 2328	tunnel - ok
22:17:13.0257 2328	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:17:13.0263 2328	uagp35 - ok
22:17:13.0285 2328	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
22:17:13.0313 2328	udfs - ok
22:17:13.0346 2328	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:17:13.0354 2328	uliagpkx - ok
22:17:13.0375 2328	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
22:17:13.0393 2328	umbus - ok
22:17:13.0410 2328	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:17:13.0433 2328	UmPass - ok
22:17:13.0466 2328	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
22:17:13.0486 2328	USBAAPL64 - ok
22:17:13.0522 2328	usbccgp         (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
22:17:13.0576 2328	usbccgp - ok
22:17:13.0724 2328	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
22:17:13.0774 2328	usbcir - ok
22:17:13.0811 2328	usbehci         (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys
22:17:13.0837 2328	usbehci - ok
22:17:13.0875 2328	usbhub          (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys
22:17:13.0908 2328	usbhub - ok
22:17:13.0935 2328	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
22:17:13.0952 2328	usbohci - ok
22:17:13.0988 2328	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:17:14.0012 2328	usbprint - ok
22:17:14.0038 2328	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:17:14.0053 2328	usbscan - ok
22:17:14.0080 2328	USBSTOR         (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:17:14.0092 2328	USBSTOR - ok
22:17:14.0118 2328	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
22:17:14.0130 2328	usbuhci - ok
22:17:14.0155 2328	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:17:14.0162 2328	vdrvroot - ok
22:17:14.0196 2328	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:17:14.0206 2328	vga - ok
22:17:14.0231 2328	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:17:14.0265 2328	VgaSave - ok
22:17:14.0290 2328	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
22:17:14.0299 2328	vhdmp - ok
22:17:14.0316 2328	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
22:17:14.0323 2328	viaide - ok
22:17:14.0343 2328	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
22:17:14.0350 2328	volmgr - ok
22:17:14.0373 2328	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
22:17:14.0384 2328	volmgrx - ok
22:17:14.0402 2328	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
22:17:14.0412 2328	volsnap - ok
22:17:14.0455 2328	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:17:14.0463 2328	vsmraid - ok
22:17:14.0483 2328	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
22:17:14.0503 2328	vwifibus - ok
22:17:14.0525 2328	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:17:14.0573 2328	vwififlt - ok
22:17:14.0612 2328	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:17:14.0639 2328	WacomPen - ok
22:17:14.0663 2328	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:17:14.0711 2328	WANARP - ok
22:17:14.0716 2328	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:17:14.0741 2328	Wanarpv6 - ok
22:17:14.0810 2328	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:17:14.0826 2328	Wd - ok
22:17:14.0850 2328	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:17:14.0872 2328	Wdf01000 - ok
22:17:14.0905 2328	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:17:14.0931 2328	WfpLwf - ok
22:17:14.0953 2328	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:17:14.0959 2328	WIMMount - ok
22:17:15.0014 2328	WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
22:17:15.0033 2328	WinUsb - ok
22:17:15.0080 2328	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:17:15.0103 2328	WmiAcpi - ok
22:17:15.0133 2328	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:17:15.0170 2328	ws2ifsl - ok
22:17:15.0203 2328	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
22:17:15.0241 2328	WudfPf - ok
22:17:15.0265 2328	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:17:15.0326 2328	WUDFRd - ok
22:17:15.0356 2328	MBR (0x1B8)     (8bcb23b30db1819e7d8ddae01aebb583) \Device\Harddisk0\DR0
22:17:15.0899 2328	\Device\Harddisk0\DR0 - ok
22:17:15.0911 2328	MBR (0x1B8)     (9b25002e3677be175b0b779ea98d711b) \Device\Harddisk2\DR2
22:17:25.0258 2328	\Device\Harddisk2\DR2 - ok
22:17:25.0264 2328	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
22:17:25.0382 2328	\Device\Harddisk3\DR3 - ok
22:17:25.0402 2328	Boot (0x1200)   (fca52a8872a5a9e056bc6131509c4382) \Device\Harddisk0\DR0\Partition0
22:17:25.0404 2328	\Device\Harddisk0\DR0\Partition0 - ok
22:17:25.0417 2328	Boot (0x1200)   (88f5b58e7f13faf745b91ff6a7d949e4) \Device\Harddisk0\DR0\Partition1
22:17:25.0419 2328	\Device\Harddisk0\DR0\Partition1 - ok
22:17:25.0446 2328	Boot (0x1200)   (d695cd6d03ab9726e821742d845b864e) \Device\Harddisk0\DR0\Partition2
22:17:25.0448 2328	\Device\Harddisk0\DR0\Partition2 - ok
22:17:25.0453 2328	Boot (0x1200)   (42a2309ccc64446400e2b6da3e306caf) \Device\Harddisk3\DR3\Partition0
22:17:25.0455 2328	\Device\Harddisk3\DR3\Partition0 - ok
22:17:25.0457 2328	============================================================
22:17:25.0457 2328	Scan finished
22:17:25.0457 2328	============================================================
22:17:25.0474 1860	Detected object count: 0
22:17:25.0474 1860	Actual detected object count: 0

cosinus · 22.11.2011, 23:13

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

hujhuj · 23.11.2011, 19:49

Code:

ATTFilter

ComboFix 11-11-23.01 - Siegfried 23.11.2011  19:41:02.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.4095.2943 [GMT 1:00]
ausgeführt von:: c:\users\Siegfried\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Siegfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
c:\users\Siegfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanpdiskaf64.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-23 bis 2011-11-23  ))))))))))))))))))))))))))))))
.
.
2011-11-21 21:04 . 2011-11-21 21:04	--------	d-----w-	c:\program files (x86)\ESET
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 07:43 . 2011-07-20 12:15	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-31 15:00 . 2011-06-21 19:28	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemonTool"="c:\users\SIEGFR~1\nvload16.dll" [2009-07-14 1282048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-09 336384]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
c:\users\Siegfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
scandisk.lnk - c:\windows\system32\rundll32.exe [2009-7-14 45568]
scanpdiskaf64.dll [2009-7-14 1282048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-21 136176]
R3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\DRIVERS\avmunet.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-21 136176]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-21 17:47]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-21 17:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-13 11774568]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-07 835584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=MDND&bmod=MDND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 80.69.100.182 80.69.100.174
FF - ProfilePath - c:\users\Siegfried\AppData\Roaming\Mozilla\Firefox\Profiles\39n24gt3.default\
FF - prefs.js: browser.startup.homepage - www.freenet.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-BsScanner
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-23  19:48:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-23 18:48
.
Vor Suchlauf: 6 Verzeichnis(se), 906.210.058.240 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 906.051.563.520 Bytes frei
.
- - End Of File - - E2551169D1FFDAD84AF82CBB5B74BA8D

cosinus · 23.11.2011, 20:45

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

hujhuj · 23.11.2011, 21:14

Code:

ATTFilter

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-23 21:06:51
-----------------------------
21:06:51.565    OS Version: Windows x64 6.1.7600 
21:06:51.565    Number of processors: 2 586 0x170A
21:06:51.566    ComputerName: SIEGFRIEDS-PC  UserName: Siegfried
21:06:52.955    Initialize success
21:09:08.378    AVAST engine defs: 11112302
21:09:45.414    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
21:09:45.418    Disk 0 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 3
21:09:47.443    Disk 0 MBR read successfully
21:09:47.447    Disk 0 MBR scan
21:09:47.472    Disk 0 unknown MBR code
21:09:47.477    Service scanning
21:09:51.436    Modules scanning
21:09:51.441    Disk 0 trace - called modules:
21:09:51.479    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys 
21:09:51.485    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bfa060]
21:09:51.492    3 CLASSPNP.SYS[fffff8800189f43f] -> nt!IofCallDriver -> [0xfffffa8004762580]
21:09:51.498    5 ACPI.sys[fffff88000d55781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004764060]
21:09:55.032    AVAST engine scan C:\Windows
21:09:57.966    AVAST engine scan C:\Windows\system32
21:11:11.610    AVAST engine scan C:\Windows\system32\drivers
21:11:20.569    AVAST engine scan C:\Users\Siegfried
21:11:54.364    File: C:\Users\Siegfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanpdiskaf64.dll  **INFECTED** Win32:MalOb-HD [Cryp]
21:12:20.621    File: C:\Users\Siegfried\nvload16.dll  **INFECTED** Win32:MalOb-HD [Cryp]
21:12:31.690    AVAST engine scan C:\ProgramData
21:13:16.052    Scan finished successfully
21:13:28.335    Disk 0 MBR has been saved successfully to "C:\Users\Siegfried\Desktop\MBR.dat"
21:13:28.339    The log file has been saved successfully to "C:\Users\Siegfried\Desktop\aswMBR.txt"

cosinus · 23.11.2011, 21:25

Mach bitte noch einen OTL-Fix:

Code:

ATTFilter

:Files
C:\Users\Siegfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.dll
:Commands
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

hujhuj · 24.11.2011, 18:27

Code:

ATTFilter

All processes killed
========== FILES ==========
C:\Users\Siegfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanpdiskaf64.dll moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Siegfried
->Temp folder emptied: 50679501 bytes
->Temporary Internet Files folder emptied: 49595598 bytes
->Java cache emptied: 24138 bytes
->FireFox cache emptied: 140514987 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 58656 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 57465 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 230.00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 11242011_182334

Files\Folders moved on Reboot...
C:\Users\Siegfried\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Siegfried\AppData\Local\Temp\~DF412E5205FF8B9EE4.TMP not found!
File\Folder C:\Users\Siegfried\AppData\Local\Temp\~DF47FFFE814130C263.TMP not found!
File\Folder C:\Users\Siegfried\AppData\Local\Temp\~DF5EA611ABDA2B3B30.TMP not found!
File\Folder C:\Users\Siegfried\AppData\Local\Temp\~DF789292DB72686B3A.TMP not found!
File\Folder C:\Users\Siegfried\AppData\Local\Temp\~DF90D5B7AB920339E1.TMP not found!
File\Folder C:\Users\Siegfried\AppData\Local\Temp\~DF9C3807CBD4A78E91.TMP not found!
File\Folder C:\Users\Siegfried\AppData\Local\Temp\~DFBC0787A1B79E603A.TMP not found!
File\Folder C:\Users\Siegfried\AppData\Local\Temp\~DFECB17EA96BD7F231.TMP not found!

Registry entries deleted on Reboot...

cosinus · 24.11.2011, 18:49

Mach bitte ein neues Log mit aswMBR

hujhuj · 24.11.2011, 19:35

Code:

ATTFilter

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-24 19:29:31
-----------------------------
19:29:31.308    OS Version: Windows x64 6.1.7600 
19:29:31.308    Number of processors: 2 586 0x170A
19:29:31.309    ComputerName: SIEGFRIEDS-PC  UserName: Siegfried
19:29:34.033    Initialize success
19:29:55.623    AVAST engine defs: 11112400
19:30:02.237    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
19:30:02.237    Disk 0 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 3
19:30:04.265    Disk 0 MBR read successfully
19:30:04.265    Disk 0 MBR scan
19:30:04.281    Disk 0 unknown MBR code
19:30:04.296    Service scanning
19:30:08.508    Modules scanning
19:30:08.508    Disk 0 trace - called modules:
19:30:08.524    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys 
19:30:08.540    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bfb060]
19:30:08.540    3 CLASSPNP.SYS[fffff8800187543f] -> nt!IofCallDriver -> [0xfffffa8004765520]
19:30:08.540    5 ACPI.sys[fffff88000f28781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004766680]
19:30:12.408    AVAST engine scan C:\Windows
19:30:16.683    AVAST engine scan C:\Windows\system32
19:31:49.877    AVAST engine scan C:\Windows\system32\drivers
19:32:00.922    AVAST engine scan C:\Users\Siegfried
19:32:43.479    File: C:\Users\Siegfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanpdiskaf64.dll  **INFECTED** Win32:MalOb-HD [Cryp]
19:33:07.191    File: C:\Users\Siegfried\nvload16.dll  **INFECTED** Win32:MalOb-HD [Cryp]
19:33:20.217    AVAST engine scan C:\ProgramData
19:34:06.502    Scan finished successfully
19:34:14.100    Disk 0 MBR has been saved successfully to "C:\Users\Siegfried\Desktop\MBR.dat"
19:34:14.100    The log file has been saved successfully to "C:\Users\Siegfried\Desktop\aswMBR.txt"

24.11.2011, 18:49	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Hartnäckiger Trojaner lässt sich nicht entfernen Mach bitte ein neues Log mit aswMBR __________________ Logfiles bitte immer in CODE-Tags posten

Hartnäckiger Trojaner lässt sich nicht entfernen

Plagegeister aller Art und deren Bekämpfung: Hartnäckiger Trojaner lässt sich nicht entfernen