\PDFCreatorSetup.exe (Adware.Agent)

Affenjunge86 · 06.01.2012, 22:15

Hallo,

Malwarebytes hat bei einer Routine Untersuchung folgendes gefunden :

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.29.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Affenjunge :: AFFENJUNGE-PC [Administrator]

29.12.2011 19:43:42
mbam-log-2011-12-29 (19-43-42).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 379144
Laufzeit: 39 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Affenjunge\Downloads\PDFCreatorSetup.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Zudem habe ich Avast installiert. Was mich etwas stutzig macht ist das lt. virustotal.com Avast einen Win32:InstallCore-F [PUP] findet . Die installierte Version (up to date) auf meinem PC schlägt jedoch nicht an . Typische Symptome habe ich keine aber Angst vor Keyloggern trotzdem :-)

Vielen dank im voraus
Affenjunge86

cosinus · 07.01.2012, 00:08

Das ist der typische Müll im Setup vom PDFCreator. Das Setup enthält immer diesen pdfforge/spigot Müll

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Affenjunge86 · 07.01.2012, 01:29

Hallo,

ja habe Malwarebytes schon seit 2010 drauf . Alle Logdateien sind ohne irgendeinen Fund bis auf diese hier:

Malwarebytes' Anti-Malware 1.46
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18.11.2010 03:08:20
mbam-log-2010-11-18 (03-08-20).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 115242
Laufzeit: 2 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 32

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Windows\System32\System32 (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Windows\System32\System32\cis-2.4.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\issacapi_bs-2.3.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\issacapi_pe-2.3.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\issacapi_se-2.3.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MACXMLProto.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MaDRM.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MaJGUILib.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MaJUtilLib.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MAMACExtract.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MASetupCaller.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MASetupCleaner.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MaXMLProto.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MetaStore2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\Microsoft.Synchronization.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MK_Lyric.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MSCLib.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MSFLib.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MSLUR71.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\msvcp60.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MTTELECHIP.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MTXSYNCICON.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\muzaf1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\muzapp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\muzapp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\muzdecode.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\muzeffect.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\muzmp4sp.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\muzmpgsp.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\muzoggsp.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\muzwmts.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\psapi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\Synchronization2.dll (Trojan.Agent) -> Quarantined and deleted successfully.

und die ist vom 18.11.2010 und entpuppte sich nach eigener Recherche als Fehlalarm.
Ich glaube nicht das du die leeren ohne Fund auch sehen möchtest oder ?

Gruß,
Affe

cosinus · 07.01.2012, 01:31

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Affenjunge86 · 08.01.2012, 16:42

Hallo,

hier die log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=24d88f9f5694814f8c4296371356d27a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-08 03:05:48
# local_time=2012-01-08 04:05:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 37823744 37823744 0 0
# compatibility_mode=5893 16776574 100 94 5578 77659525 0 0
# compatibility_mode=8192 67108863 100 0 4972 4972 0 0
# scanned=216863
# found=1
# cleaned=0
# scan_time=5473
C:\$Recycle.Bin\S-1-5-21-1946644068-12885462-1039592219-1000\$RSGJHEC.exe Win32/Adware.Toolbar.Dealio application (unable to clean)

Gruß,
Affe

cosinus · 08.01.2012, 20:59

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Affenjunge86 · 08.01.2012, 21:44

Hi,
hoffe das so richtig ist.

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 08.01.2012 21:27:45 - Run 5
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Affenjunge\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,44 Gb Available Physical Memory | 74,09% Memory free
12,00 Gb Paging File | 10,35 Gb Available in Paging File | 86,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 443,23 Gb Total Space | 267,85 Gb Free Space | 60,43% Space Free | Partition Type: NTFS
Drive D: | 488,18 Gb Total Space | 406,43 Gb Free Space | 83,25% Space Free | Partition Type: NTFS
Drive E: | 6,22 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 7,81 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: AFFENJUNGE-PC | User Name: Affenjunge | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Affenjunge\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Users\Affenjunge\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (ssudserd) SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudserd.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (sscemdm) -- C:\Windows\SysNative\drivers\sscemdm.sys (MCCI Corporation)
DRV:64bit: - (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) -- C:\Windows\SysNative\drivers\ssceserd.sys (MCCI Corporation)
DRV:64bit: - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\SysNative\drivers\sscebus.sys (MCCI Corporation)
DRV:64bit: - (sscemdfl) -- C:\Windows\SysNative\drivers\sscemdfl.sys (MCCI Corporation)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\DDE2.tmp (Sophos Plc)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (SAVRKBootTasks) -- C:\Windows\SysWOW64\SAVRKBootTasks.sys (Sophos Plc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 BA 34 9A E8 A6 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.03 15:16:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.11.01 10:15:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.27 01:37:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.27 01:17:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.27 01:37:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.27 01:17:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.03 15:16:10 | 000,000,000 | ---D | M]
 
[2011.12.27 01:37:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Affenjunge\AppData\Roaming\mozilla\Extensions
[2012.01.06 20:37:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Affenjunge\AppData\Roaming\mozilla\Firefox\Profiles\6mi3szty.default\extensions
[2011.12.27 01:37:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.11.01 10:15:26 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.22 21:58:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B90C524-1F52-4DF2-8144-CC8B32512A23}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.10.30 02:12:54 | 000,000,055 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011.04.18 18:11:17 | 000,000,069 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{07d74929-ce27-11df-9f09-e0cb4e102deb}\Shell - "" = AutoRun
O33 - MountPoints2\{07d74929-ce27-11df-9f09-e0cb4e102deb}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{72c0b829-ce26-11df-bae8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{72c0b829-ce26-11df-bae8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\FrameworkCheck.exe -- [2007.10.30 01:59:50 | 000,052,880 | R--- | M] ()
O33 - MountPoints2\{72c0b82a-ce26-11df-bae8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{72c0b82a-ce26-11df-bae8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -- [2011.04.23 18:31:58 | 000,803,840 | R--- | M] (CD Projekt Red)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.08 17:16:10 | 000,000,000 | ---D | C] -- C:\Users\Affenjunge\Desktop\bank
[2012.01.08 14:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.01.08 14:11:22 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Affenjunge\Desktop\esetsmartinstaller_enu.exe
[2012.01.06 21:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.01.06 21:54:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.01.06 20:54:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Affenjunge\Desktop\OTL(1).exe
[2012.01.05 02:00:14 | 000,000,000 | ---D | C] -- C:\Users\Affenjunge\AppData\Roaming\QuickScan
[2012.01.01 16:58:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.12.27 18:01:59 | 000,000,000 | ---D | C] -- C:\Users\Affenjunge\AppData\Local\Skyrim
[2011.12.27 01:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.12.27 01:37:43 | 000,000,000 | ---D | C] -- C:\Users\Affenjunge\AppData\Roaming\Mozilla
[9 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.08 21:16:15 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.08 21:16:15 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.08 21:13:25 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.08 21:13:25 | 000,645,502 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.08 21:13:25 | 000,607,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.08 21:13:25 | 000,126,822 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.08 21:13:25 | 000,103,908 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.08 21:09:11 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.08 21:09:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.08 21:08:49 | 535,732,223 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.08 16:43:01 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.08 14:11:25 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Affenjunge\Desktop\esetsmartinstaller_enu.exe
[2012.01.06 20:55:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Affenjunge\Desktop\OTL(1).exe
[2012.01.06 20:49:34 | 000,000,020 | ---- | M] () -- C:\Users\Affenjunge\defogger_reenable
[2012.01.06 20:47:50 | 000,050,477 | ---- | M] () -- C:\Users\Affenjunge\Desktop\Defogger.exe
[2012.01.05 01:12:29 | 400,781,440 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.12.29 19:42:50 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.27 01:37:37 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.12.27 01:24:52 | 000,314,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.27 00:48:34 | 000,000,219 | ---- | M] () -- C:\Users\Affenjunge\Desktop\Team Fortress 2.url
[2011.12.24 01:31:30 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[9 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.06 20:49:34 | 000,000,020 | ---- | C] () -- C:\Users\Affenjunge\defogger_reenable
[2012.01.06 20:47:49 | 000,050,477 | ---- | C] () -- C:\Users\Affenjunge\Desktop\Defogger.exe
[2012.01.05 01:12:29 | 400,781,440 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.12.29 19:42:50 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.27 01:37:37 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.12.27 01:37:37 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.12.26 23:02:47 | 000,000,219 | ---- | C] () -- C:\Users\Affenjunge\Desktop\Team Fortress 2.url
[2011.10.26 02:38:38 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.10.26 02:38:38 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.10.25 21:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.21 19:10:41 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\drivers\hardlock.sys
[2011.07.21 19:10:28 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2011.07.21 19:10:28 | 000,006,836 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.INI
[2011.07.17 22:54:02 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.07.14 12:08:37 | 001,048,576 | ---- | C] () -- C:\Windows\2402.BIN
[2011.07.14 11:56:09 | 001,048,576 | ---- | C] () -- C:\Windows\2201.BIN
[2011.07.14 11:52:42 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.07.14 11:52:42 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.02.21 11:48:58 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.02.17 19:35:05 | 000,019,456 | ---- | C] () -- C:\Users\Affenjunge\AppData\Local\WebpageIcons.db
[2011.02.15 22:32:54 | 000,000,089 | ---- | C] () -- C:\Windows\SysWow64\MSBII.dll
[2011.02.15 22:29:05 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll
[2011.02.15 22:29:05 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\lfkodak.dll
[2011.02.15 22:29:05 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\WKAuxil.dll
[2011.02.15 22:29:02 | 003,782,416 | ---- | C] () -- C:\Windows\SysWow64\mso97.dll
[2011.02.15 22:29:02 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll
[2011.02.15 22:28:52 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\ccmove32.dll
[2011.02.15 22:28:52 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\Cc32.dll
[2011.02.09 12:09:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.01.29 17:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.29 17:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.01.29 17:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.01.29 17:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.01.29 17:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010.11.30 21:44:40 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010.10.27 20:55:15 | 000,007,610 | ---- | C] () -- C:\Users\Affenjunge\AppData\Local\Resmon.ResmonCfg
[2010.10.16 21:13:39 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2010.10.15 20:30:12 | 000,189,480 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.10.15 20:30:11 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.10.15 20:30:11 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.10.03 15:07:44 | 000,266,121 | ---- | C] () -- C:\Windows\hpwins23.dat
[2010.10.03 15:00:42 | 000,000,532 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.11.06 10:17:18 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2009.10.06 08:16:00 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.12.06 21:34:24 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\.minecraft
[2011.01.19 15:52:46 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\ASCON Installer
[2011.05.18 22:40:28 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\Bioshock2
[2011.04.13 17:53:15 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.16 20:10:35 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\Electronic Arts
[2011.11.13 12:07:25 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\elsterformular
[2011.12.27 18:40:21 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\FileZilla
[2011.02.15 22:23:42 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\GetRightToGo
[2010.10.02 17:21:18 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\Leadertech
[2011.05.16 23:35:10 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\Mount&Blade
[2011.05.26 14:55:51 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\Mount&Blade Warband
[2011.06.22 23:38:14 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\Mount&Blade With Fire and Sword
[2011.10.27 15:14:52 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\Notepad++
[2011.09.28 21:25:15 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\Orbit
[2011.10.19 22:34:19 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\Origin
[2010.11.09 22:30:19 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\PC Suite
[2010.12.06 15:25:55 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\ProgSense
[2012.01.05 02:00:20 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\QuickScan
[2010.11.22 23:50:24 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\Samsung
[2011.05.15 21:28:42 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\The Creative Assembly
[2011.11.23 16:34:43 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\TS3Client
[2011.12.29 20:39:25 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.06 21:34:24 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\.minecraft
[2010.10.10 17:37:10 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\Adobe
[2011.01.19 15:52:46 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\ASCON Installer
[2011.02.09 12:09:29 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\ATI
[2011.05.18 22:40:28 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\Bioshock2
[2011.02.04 22:36:41 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\Download Manager
[2011.04.13 17:53:15 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.16 20:10:35 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\Electronic Arts
[2011.11.13 12:07:25 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\elsterformular
[2011.12.27 18:40:21 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\FileZilla
[2011.02.15 22:23:42 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\GetRightToGo
[2011.01.31 22:44:26 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\Google
[2011.07.18 17:50:18 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\HP
[2010.10.02 14:28:11 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\Identities
[2010.11.26 21:29:07 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\InstallShield
[2010.11.29 20:40:14 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\InstallShield Installation Information
[2010.10.02 17:21:18 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\Leadertech
[2010.10.07 12:08:14 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\Macromedia
[2010.11.18 02:39:07 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\Media Center Programs
[2011.11.16 00:10:11 | 000,000,000 | --SD | M] -- C:\Users\Affenjunge\AppData\Roaming\Microsoft
[2011.05.16 23:35:10 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\Mount&Blade
[2011.05.26 14:55:51 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\Mount&Blade Warband
[2011.06.22 23:38:14 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\Mount&Blade With Fire and Sword
[2011.12.27 01:37:43 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\Mozilla
[2011.10.27 15:14:52 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\Notepad++
[2011.09.28 21:25:15 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\Orbit
[2011.10.19 22:34:19 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\Origin
[2010.11.09 22:30:19 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\PC Suite
[2010.12.06 15:25:55 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\ProgSense
[2012.01.05 02:00:20 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\QuickScan
[2010.11.22 23:50:24 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\Samsung
[2011.05.15 21:28:42 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\The Creative Assembly
[2011.11.23 16:34:43 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\TS3Client
[2011.11.06 18:52:36 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\vlc
[2010.10.23 15:54:48 | 000,000,000 | ---D | M] -- C:\Users\Affenjunge\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.11.20 20:38:10 | 001,102,574 | ---- | M] () -- C:\Users\Affenjunge\AppData\Roaming\.minecraft\mcpatcher-2.2.2.exe
[2010.11.29 20:29:01 | 000,331,776 | ---- | M] () -- C:\Users\Affenjunge\AppData\Roaming\InstallShield Installation Information\{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}\SetupUT3.exe
[2010.10.27 18:58:51 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Affenjunge\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2010.10.23 16:20:22 | 000,010,134 | R--- | M] () -- C:\Users\Affenjunge\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011.01.31 02:01:42 | 087,340,080 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\Affenjunge\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
[2011.09.29 08:19:30 | 000,364,432 | ---- | M] (ml) -- C:\Users\Affenjunge\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2011.09.29 08:19:30 | 000,364,432 | ---- | M] (ml) -- C:\Users\Affenjunge\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >

--- --- ---

Gruß,
Affe

cosinus · 08.01.2012, 22:06

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{07d74929-ce27-11df-9f09-e0cb4e102deb}\Shell - "" = AutoRun
O33 - MountPoints2\{07d74929-ce27-11df-9f09-e0cb4e102deb}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{72c0b829-ce26-11df-bae8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{72c0b829-ce26-11df-bae8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\FrameworkCheck.exe -- [2007.10.30 01:59:50 | 000,052,880 | R--- | M] ()
O33 - MountPoints2\{72c0b82a-ce26-11df-bae8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{72c0b82a-ce26-11df-bae8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -- [2011.04.23 18:31:58 | 000,803,840 | R--- | M] (CD Projekt Red)
:Files
C:\$Recycle.Bin\S-1-5-21-1946644068-12885462-1039592219-1000
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Affenjunge86 · 08.01.2012, 23:02

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07d74929-ce27-11df-9f09-e0cb4e102deb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07d74929-ce27-11df-9f09-e0cb4e102deb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07d74929-ce27-11df-9f09-e0cb4e102deb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07d74929-ce27-11df-9f09-e0cb4e102deb}\ not found.
File G:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72c0b829-ce26-11df-bae8-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72c0b829-ce26-11df-bae8-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72c0b829-ce26-11df-bae8-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72c0b829-ce26-11df-bae8-806e6f6e6963}\ not found.
File move failed. E:\FrameworkCheck.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72c0b82a-ce26-11df-bae8-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72c0b82a-ce26-11df-bae8-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72c0b82a-ce26-11df-bae8-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72c0b82a-ce26-11df-bae8-806e6f6e6963}\ not found.
File move failed. F:\setup.exe scheduled to be moved on reboot.
========== FILES ==========
C:\$Recycle.Bin\S-1-5-21-1946644068-12885462-1039592219-1000\$RSNC0M0 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1946644068-12885462-1039592219-1000\$RNZIPF1\TVUPlayer folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1946644068-12885462-1039592219-1000\$RNZIPF1 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1946644068-12885462-1039592219-1000\$RHYMQYH folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1946644068-12885462-1039592219-1000\$RG8ZEJ2\{086A63F0-6B13-4F29-9695-134E7A01E963} folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1946644068-12885462-1039592219-1000\$RG8ZEJ2\NPE folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1946644068-12885462-1039592219-1000\$RG8ZEJ2 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1946644068-12885462-1039592219-1000\$RB8S7MB.Msi folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1946644068-12885462-1039592219-1000\$RAFO9NE\MCLOGS\PartnerCustom\SSScheduler folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1946644068-12885462-1039592219-1000\$RAFO9NE\MCLOGS\PartnerCustom\SecurityScan_Release folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1946644068-12885462-1039592219-1000\$RAFO9NE\MCLOGS\PartnerCustom folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1946644068-12885462-1039592219-1000\$RAFO9NE\MCLOGS folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1946644068-12885462-1039592219-1000\$RAFO9NE folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1946644068-12885462-1039592219-1000\$R45I614 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1946644068-12885462-1039592219-1000 folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Affenjunge
->Temp folder emptied: 351153 bytes
->Temporary Internet Files folder emptied: 206564 bytes
->Java cache emptied: 1376683 bytes
->FireFox cache emptied: 139281832 bytes
->Flash cache emptied: 3131 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 2580 bytes
%systemroot%\System32 (64bit) .tmp files removed: 55296 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 256633 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 102360 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 135,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01082012_225121

Files\Folders moved on Reboot...
File move failed. E:\FrameworkCheck.exe scheduled to be moved on reboot.
File move failed. F:\setup.exe scheduled to be moved on reboot.
C:\Users\Affenjunge\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Affenjunge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWZM6HP\background_button_green_full[1].png moved successfully.
C:\Users\Affenjunge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KE9KZ8YT\list-item-plus[1].png moved successfully.
C:\Users\Affenjunge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CS9JZU4Y\background-banner-middle-v45[1].jpg moved successfully.
C:\Users\Affenjunge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CS9JZU4Y\background-banner-right-v45[1].jpg moved successfully.
C:\Users\Affenjunge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CS9JZU4Y\background_banner_green_50_v45[1].jpg moved successfully.

Registry entries deleted on Reboot...

cosinus · 09.01.2012, 11:06

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Affenjunge86 · 10.01.2012, 15:36

Code:

ATTFilter

15:30:37.0026 1932	TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
15:30:37.0229 1932	============================================================
15:30:37.0229 1932	Current date / time: 2012/01/10 15:30:37.0229
15:30:37.0229 1932	SystemInfo:
15:30:37.0229 1932	
15:30:37.0229 1932	OS Version: 6.1.7601 ServicePack: 1.0
15:30:37.0229 1932	Product type: Workstation
15:30:37.0229 1932	ComputerName: AFFENJUNGE-PC
15:30:37.0229 1932	UserName: Affenjunge
15:30:37.0229 1932	Windows directory: C:\Windows
15:30:37.0229 1932	System windows directory: C:\Windows
15:30:37.0229 1932	Running under WOW64
15:30:37.0229 1932	Processor architecture: Intel x64
15:30:37.0229 1932	Number of processors: 2
15:30:37.0229 1932	Page size: 0x1000
15:30:37.0229 1932	Boot type: Normal boot
15:30:37.0229 1932	============================================================
15:30:38.0274 1932	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000, SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K', Flags 0x00000040
15:30:38.0367 1932	Initialize success
15:31:33.0467 2388	============================================================
15:31:33.0467 2388	Scan started
15:31:33.0467 2388	Mode: Manual; SigCheck; TDLFS; 
15:31:33.0467 2388	============================================================
15:31:33.0825 2388	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:31:33.0903 2388	1394ohci - ok
15:31:33.0935 2388	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:31:33.0950 2388	ACPI - ok
15:31:33.0981 2388	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:31:34.0013 2388	AcpiPmi - ok
15:31:34.0059 2388	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:31:34.0075 2388	adp94xx - ok
15:31:34.0091 2388	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:31:34.0106 2388	adpahci - ok
15:31:34.0137 2388	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:31:34.0137 2388	adpu320 - ok
15:31:34.0184 2388	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
15:31:34.0215 2388	AFD - ok
15:31:34.0247 2388	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:31:34.0262 2388	agp440 - ok
15:31:34.0278 2388	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:31:34.0293 2388	aliide - ok
15:31:34.0325 2388	ALSysIO - ok
15:31:34.0356 2388	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:31:34.0371 2388	amdide - ok
15:31:34.0387 2388	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:31:34.0418 2388	AmdK8 - ok
15:31:34.0605 2388	amdkmdag        (0415ffe1b6a6ea141feafca57567f57f) C:\Windows\system32\DRIVERS\atikmdag.sys
15:31:34.0839 2388	amdkmdag - ok
15:31:34.0871 2388	amdkmdap        (dc24d6f38f17c0d643d9aa8a6852f8d0) C:\Windows\system32\DRIVERS\atikmpag.sys
15:31:34.0902 2388	amdkmdap - ok
15:31:34.0917 2388	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:31:34.0964 2388	AmdPPM - ok
15:31:34.0980 2388	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:31:34.0995 2388	amdsata - ok
15:31:35.0027 2388	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:31:35.0042 2388	amdsbs - ok
15:31:35.0073 2388	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:31:35.0073 2388	amdxata - ok
15:31:35.0105 2388	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:31:35.0151 2388	AppID - ok
15:31:35.0167 2388	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:31:35.0183 2388	arc - ok
15:31:35.0198 2388	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:31:35.0214 2388	arcsas - ok
15:31:35.0229 2388	AsIO - ok
15:31:35.0261 2388	aswFsBlk        (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys
15:31:35.0276 2388	aswFsBlk - ok
15:31:35.0323 2388	aswMonFlt       (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys
15:31:35.0339 2388	aswMonFlt - ok
15:31:35.0370 2388	aswRdr          (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys
15:31:35.0370 2388	aswRdr - ok
15:31:35.0432 2388	aswSnx          (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys
15:31:35.0448 2388	aswSnx - ok
15:31:35.0495 2388	aswSP           (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys
15:31:35.0510 2388	aswSP - ok
15:31:35.0526 2388	aswTdi          (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys
15:31:35.0541 2388	aswTdi - ok
15:31:35.0557 2388	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:31:35.0588 2388	AsyncMac - ok
15:31:35.0619 2388	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:31:35.0635 2388	atapi - ok
15:31:35.0682 2388	AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
15:31:35.0682 2388	AtiHDAudioService - ok
15:31:35.0744 2388	avmeject        (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys
15:31:35.0744 2388	avmeject - ok
15:31:35.0791 2388	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:31:35.0807 2388	b06bdrv - ok
15:31:35.0838 2388	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:31:35.0869 2388	b57nd60a - ok
15:31:35.0885 2388	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:31:35.0931 2388	Beep - ok
15:31:35.0963 2388	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:31:35.0994 2388	blbdrive - ok
15:31:36.0009 2388	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:31:36.0041 2388	bowser - ok
15:31:36.0056 2388	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:31:36.0072 2388	BrFiltLo - ok
15:31:36.0103 2388	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:31:36.0119 2388	BrFiltUp - ok
15:31:36.0134 2388	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:31:36.0165 2388	Brserid - ok
15:31:36.0181 2388	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:31:36.0197 2388	BrSerWdm - ok
15:31:36.0212 2388	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:31:36.0243 2388	BrUsbMdm - ok
15:31:36.0275 2388	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:31:36.0290 2388	BrUsbSer - ok
15:31:36.0306 2388	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:31:36.0321 2388	BTHMODEM - ok
15:31:36.0337 2388	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:31:36.0368 2388	cdfs - ok
15:31:36.0399 2388	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:31:36.0431 2388	cdrom - ok
15:31:36.0446 2388	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:31:36.0477 2388	circlass - ok
15:31:36.0509 2388	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:31:36.0524 2388	CLFS - ok
15:31:36.0540 2388	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:31:36.0555 2388	CmBatt - ok
15:31:36.0571 2388	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:31:36.0587 2388	cmdide - ok
15:31:36.0618 2388	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
15:31:36.0649 2388	CNG - ok
15:31:36.0649 2388	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:31:36.0665 2388	Compbatt - ok
15:31:36.0696 2388	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:31:36.0727 2388	CompositeBus - ok
15:31:36.0789 2388	cpuz130 - ok
15:31:36.0805 2388	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:31:36.0805 2388	crcdisk - ok
15:31:36.0852 2388	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:31:36.0899 2388	CSC - ok
15:31:36.0945 2388	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:31:36.0977 2388	DfsC - ok
15:31:37.0008 2388	dgderdrv        (867fa8b9e9e3078f68c4089904bbf4b0) C:\Windows\system32\drivers\dgderdrv.sys
15:31:37.0023 2388	dgderdrv - ok
15:31:37.0070 2388	dg_ssudbus      (bf4e72d6fa78fedc4b8577116eface7e) C:\Windows\system32\DRIVERS\ssudbus.sys
15:31:37.0070 2388	dg_ssudbus - ok
15:31:37.0101 2388	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:31:37.0133 2388	discache - ok
15:31:37.0148 2388	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:31:37.0164 2388	Disk - ok
15:31:37.0195 2388	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:31:37.0211 2388	drmkaud - ok
15:31:37.0242 2388	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:31:37.0273 2388	DXGKrnl - ok
15:31:37.0335 2388	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:31:37.0429 2388	ebdrv - ok
15:31:37.0460 2388	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:31:37.0476 2388	elxstor - ok
15:31:37.0507 2388	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:31:37.0523 2388	ErrDev - ok
15:31:37.0554 2388	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:31:37.0585 2388	exfat - ok
15:31:37.0601 2388	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:31:37.0632 2388	fastfat - ok
15:31:37.0663 2388	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:31:37.0679 2388	fdc - ok
15:31:37.0694 2388	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:31:37.0694 2388	FileInfo - ok
15:31:37.0710 2388	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:31:37.0757 2388	Filetrace - ok
15:31:37.0772 2388	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:31:37.0788 2388	flpydisk - ok
15:31:37.0819 2388	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:31:37.0835 2388	FltMgr - ok
15:31:37.0866 2388	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:31:37.0881 2388	FsDepends - ok
15:31:37.0913 2388	fssfltr         (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
15:31:37.0928 2388	fssfltr - ok
15:31:38.0037 2388	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:31:38.0053 2388	Fs_Rec - ok
15:31:38.0100 2388	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:31:38.0115 2388	fvevol - ok
15:31:38.0147 2388	FWLANUSB        (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys
15:31:38.0162 2388	FWLANUSB - ok
15:31:38.0178 2388	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:31:38.0193 2388	gagp30kx - ok
15:31:38.0240 2388	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:31:38.0240 2388	hcw85cir - ok
15:31:38.0287 2388	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:31:38.0303 2388	HdAudAddService - ok
15:31:38.0334 2388	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:31:38.0349 2388	HDAudBus - ok
15:31:38.0365 2388	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:31:38.0396 2388	HidBatt - ok
15:31:38.0396 2388	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:31:38.0427 2388	HidBth - ok
15:31:38.0443 2388	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:31:38.0474 2388	HidIr - ok
15:31:38.0490 2388	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:31:38.0505 2388	HidUsb - ok
15:31:38.0537 2388	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:31:38.0552 2388	HpSAMD - ok
15:31:38.0599 2388	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:31:38.0646 2388	HTTP - ok
15:31:38.0661 2388	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:31:38.0677 2388	hwpolicy - ok
15:31:38.0708 2388	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:31:38.0724 2388	i8042prt - ok
15:31:38.0786 2388	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:31:38.0817 2388	iaStorV - ok
15:31:38.0833 2388	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:31:38.0849 2388	iirsp - ok
15:31:38.0864 2388	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:31:38.0880 2388	intelide - ok
15:31:38.0895 2388	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:31:38.0927 2388	intelppm - ok
15:31:38.0958 2388	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:31:38.0989 2388	IpFilterDriver - ok
15:31:39.0005 2388	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:31:39.0036 2388	IPMIDRV - ok
15:31:39.0051 2388	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:31:39.0098 2388	IPNAT - ok
15:31:39.0114 2388	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:31:39.0145 2388	IRENUM - ok
15:31:39.0161 2388	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:31:39.0176 2388	isapnp - ok
15:31:39.0192 2388	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:31:39.0207 2388	iScsiPrt - ok
15:31:39.0223 2388	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:31:39.0239 2388	kbdclass - ok
15:31:39.0254 2388	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:31:39.0285 2388	kbdhid - ok
15:31:39.0332 2388	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
15:31:39.0348 2388	KSecDD - ok
15:31:39.0395 2388	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
15:31:39.0395 2388	KSecPkg - ok
15:31:39.0426 2388	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:31:39.0457 2388	ksthunk - ok
15:31:39.0488 2388	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:31:39.0551 2388	lltdio - ok
15:31:39.0551 2388	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:31:39.0566 2388	LSI_FC - ok
15:31:39.0597 2388	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:31:39.0613 2388	LSI_SAS - ok
15:31:39.0629 2388	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:31:39.0629 2388	LSI_SAS2 - ok
15:31:39.0644 2388	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:31:39.0660 2388	LSI_SCSI - ok
15:31:39.0675 2388	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:31:39.0722 2388	luafv - ok
15:31:39.0753 2388	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:31:39.0753 2388	megasas - ok
15:31:39.0785 2388	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:31:39.0800 2388	MegaSR - ok
15:31:39.0800 2388	MEMSWEEP2 - ok
15:31:39.0831 2388	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:31:39.0863 2388	Modem - ok
15:31:39.0863 2388	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:31:39.0894 2388	monitor - ok
15:31:39.0909 2388	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:31:39.0909 2388	mouclass - ok
15:31:39.0925 2388	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:31:39.0941 2388	mouhid - ok
15:31:39.0972 2388	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:31:39.0987 2388	mountmgr - ok
15:31:40.0003 2388	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:31:40.0019 2388	mpio - ok
15:31:40.0034 2388	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:31:40.0097 2388	mpsdrv - ok
15:31:40.0112 2388	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:31:40.0143 2388	MRxDAV - ok
15:31:40.0175 2388	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:31:40.0190 2388	mrxsmb - ok
15:31:40.0221 2388	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:31:40.0237 2388	mrxsmb10 - ok
15:31:40.0253 2388	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:31:40.0268 2388	mrxsmb20 - ok
15:31:40.0284 2388	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:31:40.0299 2388	msahci - ok
15:31:40.0315 2388	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:31:40.0331 2388	msdsm - ok
15:31:40.0346 2388	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:31:40.0377 2388	Msfs - ok
15:31:40.0393 2388	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:31:40.0424 2388	mshidkmdf - ok
15:31:40.0455 2388	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:31:40.0455 2388	msisadrv - ok
15:31:40.0471 2388	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:31:40.0518 2388	MSKSSRV - ok
15:31:40.0533 2388	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:31:40.0580 2388	MSPCLOCK - ok
15:31:40.0580 2388	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:31:40.0643 2388	MSPQM - ok
15:31:40.0689 2388	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:31:40.0705 2388	MsRPC - ok
15:31:40.0721 2388	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:31:40.0736 2388	mssmbios - ok
15:31:40.0736 2388	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:31:40.0767 2388	MSTEE - ok
15:31:40.0799 2388	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:31:40.0830 2388	MTConfig - ok
15:31:40.0845 2388	MTsensor        (2219a3d695405e7ba2186ba6b9ede14a) C:\Windows\system32\DRIVERS\ASACPI.sys
15:31:40.0861 2388	MTsensor - ok
15:31:40.0877 2388	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:31:40.0877 2388	Mup - ok
15:31:40.0908 2388	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:31:40.0939 2388	NativeWifiP - ok
15:31:41.0017 2388	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:31:41.0033 2388	NDIS - ok
15:31:41.0048 2388	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:31:41.0079 2388	NdisCap - ok
15:31:41.0095 2388	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:31:41.0126 2388	NdisTapi - ok
15:31:41.0157 2388	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:31:41.0189 2388	Ndisuio - ok
15:31:41.0220 2388	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:31:41.0267 2388	NdisWan - ok
15:31:41.0298 2388	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:31:41.0329 2388	NDProxy - ok
15:31:41.0360 2388	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:31:41.0407 2388	NetBIOS - ok
15:31:41.0438 2388	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:31:41.0469 2388	NetBT - ok
15:31:41.0485 2388	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:31:41.0501 2388	nfrd960 - ok
15:31:41.0516 2388	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:31:41.0563 2388	Npfs - ok
15:31:41.0579 2388	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:31:41.0610 2388	nsiproxy - ok
15:31:41.0688 2388	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:31:41.0735 2388	Ntfs - ok
15:31:41.0750 2388	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:31:41.0797 2388	Null - ok
15:31:41.0844 2388	NVENETFD        (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
15:31:41.0859 2388	NVENETFD - ok
15:31:41.0891 2388	nvlddmkm - ok
15:31:41.0937 2388	NVNET           (0aa2a6aae14bdf0bea29056ee759b200) C:\Windows\system32\DRIVERS\nvmf6264.sys
15:31:41.0953 2388	NVNET - ok
15:31:42.0031 2388	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\DRIVERS\nvraid.sys
15:31:42.0031 2388	nvraid - ok
15:31:42.0078 2388	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:31:42.0078 2388	nvstor - ok
15:31:42.0109 2388	nvstor64        (662a129cebb4c0b01f95612a7f6dcc9a) C:\Windows\system32\DRIVERS\nvstor64.sys
15:31:42.0109 2388	nvstor64 - ok
15:31:42.0140 2388	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:31:42.0156 2388	nv_agp - ok
15:31:42.0187 2388	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:31:42.0203 2388	ohci1394 - ok
15:31:42.0234 2388	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:31:42.0249 2388	Parport - ok
15:31:42.0265 2388	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:31:42.0281 2388	partmgr - ok
15:31:42.0281 2388	pccsmcfd - ok
15:31:42.0296 2388	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:31:42.0312 2388	pci - ok
15:31:42.0327 2388	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:31:42.0343 2388	pciide - ok
15:31:42.0359 2388	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:31:42.0374 2388	pcmcia - ok
15:31:42.0390 2388	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:31:42.0390 2388	pcw - ok
15:31:42.0421 2388	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:31:42.0468 2388	PEAUTH - ok
15:31:42.0546 2388	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:31:42.0593 2388	PptpMiniport - ok
15:31:42.0608 2388	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:31:42.0624 2388	Processor - ok
15:31:42.0671 2388	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:31:42.0717 2388	Psched - ok
15:31:42.0749 2388	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:31:42.0780 2388	ql2300 - ok
15:31:42.0795 2388	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:31:42.0811 2388	ql40xx - ok
15:31:42.0827 2388	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:31:42.0873 2388	QWAVEdrv - ok
15:31:42.0889 2388	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:31:42.0920 2388	RasAcd - ok
15:31:42.0936 2388	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:31:42.0967 2388	RasAgileVpn - ok
15:31:42.0998 2388	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:31:43.0045 2388	Rasl2tp - ok
15:31:43.0154 2388	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:31:43.0217 2388	RasPppoe - ok
15:31:43.0248 2388	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:31:43.0279 2388	RasSstp - ok
15:31:43.0310 2388	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:31:43.0357 2388	rdbss - ok
15:31:43.0373 2388	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:31:43.0388 2388	rdpbus - ok
15:31:43.0388 2388	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:31:43.0435 2388	RDPCDD - ok
15:31:43.0466 2388	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:31:43.0497 2388	RDPDR - ok
15:31:43.0513 2388	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:31:43.0544 2388	RDPENCDD - ok
15:31:43.0575 2388	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:31:43.0607 2388	RDPREFMP - ok
15:31:43.0653 2388	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:31:43.0841 2388	RDPWD - ok
15:31:43.0887 2388	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:31:43.0903 2388	rdyboost - ok
15:31:43.0919 2388	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:31:43.0981 2388	rspndr - ok
15:31:44.0075 2388	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:31:44.0106 2388	s3cap - ok
15:31:44.0106 2388	SAVRKBootTasks - ok
15:31:44.0137 2388	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:31:44.0153 2388	sbp2port - ok
15:31:44.0184 2388	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:31:44.0231 2388	scfilter - ok
15:31:44.0246 2388	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:31:44.0293 2388	secdrv - ok
15:31:44.0324 2388	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:31:44.0340 2388	Serenum - ok
15:31:44.0355 2388	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:31:44.0371 2388	Serial - ok
15:31:44.0387 2388	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:31:44.0402 2388	sermouse - ok
15:31:44.0433 2388	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:31:44.0449 2388	sffdisk - ok
15:31:44.0465 2388	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:31:44.0480 2388	sffp_mmc - ok
15:31:44.0496 2388	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:31:44.0511 2388	sffp_sd - ok
15:31:44.0543 2388	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:31:44.0558 2388	sfloppy - ok
15:31:44.0589 2388	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:31:44.0605 2388	SiSRaid2 - ok
15:31:44.0621 2388	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:31:44.0636 2388	SiSRaid4 - ok
15:31:44.0667 2388	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:31:44.0699 2388	Smb - ok
15:31:44.0714 2388	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:31:44.0730 2388	spldr - ok
15:31:44.0792 2388	sptd            (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
15:31:44.0808 2388	sptd - ok
15:31:44.0839 2388	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:31:44.0855 2388	srv - ok
15:31:44.0870 2388	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:31:44.0901 2388	srv2 - ok
15:31:44.0933 2388	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:31:44.0964 2388	srvnet - ok
15:31:44.0995 2388	sscebus         (f74634f46692c8315e7f37f698af3225) C:\Windows\system32\DRIVERS\sscebus.sys
15:31:44.0995 2388	sscebus - ok
15:31:45.0026 2388	sscemdfl        (82732b391efd69b0548044be9cb37bfc) C:\Windows\system32\DRIVERS\sscemdfl.sys
15:31:45.0042 2388	sscemdfl - ok
15:31:45.0073 2388	sscemdm         (43d56ace4469d90f9790e8352d87d9b5) C:\Windows\system32\DRIVERS\sscemdm.sys
15:31:45.0089 2388	sscemdm - ok
15:31:45.0120 2388	ssceserd        (db504ef6d73f6b8ab5cf8a18560c4e2a) C:\Windows\system32\DRIVERS\ssceserd.sys
15:31:45.0135 2388	ssceserd - ok
15:31:45.0167 2388	ssudmdm         (daa02a6e84a4f99b5b9cd3ef8d59d652) C:\Windows\system32\DRIVERS\ssudmdm.sys
15:31:45.0182 2388	ssudmdm - ok
15:31:45.0229 2388	ssudserd        (2e607511972b964829c44e6f20445933) C:\Windows\system32\DRIVERS\ssudserd.sys
15:31:45.0245 2388	ssudserd - ok
15:31:45.0260 2388	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:31:45.0276 2388	stexstor - ok
15:31:45.0291 2388	StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
15:31:45.0307 2388	StillCam - ok
15:31:45.0338 2388	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:31:45.0354 2388	storflt - ok
15:31:45.0369 2388	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:31:45.0385 2388	storvsc - ok
15:31:45.0401 2388	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:31:45.0416 2388	swenum - ok
15:31:45.0463 2388	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:31:45.0525 2388	Tcpip - ok
15:31:45.0557 2388	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:31:45.0603 2388	TCPIP6 - ok
15:31:45.0619 2388	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:31:45.0666 2388	tcpipreg - ok
15:31:45.0681 2388	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:31:45.0728 2388	TDPIPE - ok
15:31:45.0759 2388	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:31:45.0791 2388	TDTCP - ok
15:31:45.0822 2388	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:31:45.0853 2388	tdx - ok
15:31:45.0869 2388	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:31:45.0884 2388	TermDD - ok
15:31:45.0931 2388	TFsExDisk       (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
15:31:45.0931 2388	TFsExDisk - ok
15:31:45.0962 2388	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:31:46.0009 2388	tssecsrv - ok
15:31:46.0056 2388	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:31:46.0071 2388	TsUsbFlt - ok
15:31:46.0103 2388	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:31:46.0149 2388	tunnel - ok
15:31:46.0165 2388	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:31:46.0165 2388	uagp35 - ok
15:31:46.0212 2388	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:31:46.0259 2388	udfs - ok
15:31:46.0290 2388	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:31:46.0305 2388	uliagpkx - ok
15:31:46.0321 2388	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:31:46.0337 2388	umbus - ok
15:31:46.0337 2388	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:31:46.0368 2388	UmPass - ok
15:31:46.0399 2388	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:31:46.0415 2388	usbaudio - ok
15:31:46.0446 2388	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:31:46.0461 2388	usbccgp - ok
15:31:46.0493 2388	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:31:46.0508 2388	usbcir - ok
15:31:46.0508 2388	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:31:46.0539 2388	usbehci - ok
15:31:46.0571 2388	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:31:46.0602 2388	usbhub - ok
15:31:46.0617 2388	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
15:31:46.0633 2388	usbohci - ok
15:31:46.0664 2388	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:31:46.0680 2388	usbprint - ok
15:31:46.0711 2388	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:31:46.0727 2388	usbscan - ok
15:31:46.0742 2388	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:31:46.0758 2388	USBSTOR - ok
15:31:46.0773 2388	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:31:46.0789 2388	usbuhci - ok
15:31:46.0820 2388	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:31:46.0836 2388	vdrvroot - ok
15:31:46.0851 2388	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:31:46.0867 2388	vga - ok
15:31:46.0883 2388	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:31:46.0929 2388	VgaSave - ok
15:31:46.0945 2388	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:31:46.0961 2388	vhdmp - ok
15:31:46.0976 2388	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:31:46.0992 2388	viaide - ok
15:31:47.0007 2388	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:31:47.0023 2388	vmbus - ok
15:31:47.0039 2388	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:31:47.0054 2388	VMBusHID - ok
15:31:47.0085 2388	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:31:47.0101 2388	volmgr - ok
15:31:47.0117 2388	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:31:47.0132 2388	volmgrx - ok
15:31:47.0163 2388	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:31:47.0179 2388	volsnap - ok
15:31:47.0195 2388	vpcbus          (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys
15:31:47.0210 2388	vpcbus - ok
15:31:47.0241 2388	vpcnfltr        (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys
15:31:47.0257 2388	vpcnfltr - ok
15:31:47.0257 2388	vpcusb          (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys
15:31:47.0288 2388	vpcusb - ok
15:31:47.0319 2388	vpcuxd          (14578ff302b4c985c9740a0f327ae3c0) C:\Windows\system32\DRIVERS\vpcuxd.sys
15:31:47.0351 2388	vpcuxd - ok
15:31:47.0413 2388	vpcvmm          (c5b651e52540e6f46da66574c74b4898) C:\Windows\system32\drivers\vpcvmm.sys
15:31:47.0429 2388	vpcvmm - ok
15:31:47.0444 2388	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:31:47.0460 2388	vsmraid - ok
15:31:47.0475 2388	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:31:47.0491 2388	vwifibus - ok
15:31:47.0522 2388	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:31:47.0538 2388	WacomPen - ok
15:31:47.0569 2388	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:31:47.0616 2388	WANARP - ok
15:31:47.0616 2388	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:31:47.0647 2388	Wanarpv6 - ok
15:31:47.0678 2388	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:31:47.0694 2388	Wd - ok
15:31:47.0709 2388	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:31:47.0741 2388	Wdf01000 - ok
15:31:47.0772 2388	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:31:47.0803 2388	WfpLwf - ok
15:31:47.0819 2388	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:31:47.0819 2388	WIMMount - ok
15:31:47.0865 2388	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:31:47.0881 2388	WinUsb - ok
15:31:47.0928 2388	WmBEnum         (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
15:31:47.0943 2388	WmBEnum - ok
15:31:47.0975 2388	WmFilter        (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
15:31:47.0990 2388	WmFilter - ok
15:31:48.0006 2388	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:31:48.0021 2388	WmiAcpi - ok
15:31:48.0053 2388	WmVirHid        (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
15:31:48.0053 2388	WmVirHid - ok
15:31:48.0068 2388	WmXlCore        (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
15:31:48.0084 2388	WmXlCore - ok
15:31:48.0099 2388	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:31:48.0146 2388	ws2ifsl - ok
15:31:48.0193 2388	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:31:48.0240 2388	WudfPf - ok
15:31:48.0255 2388	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:31:48.0302 2388	WUDFRd - ok
15:31:48.0333 2388	xusb21          (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
15:31:48.0349 2388	xusb21 - ok
15:31:48.0396 2388	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:31:48.0536 2388	\Device\Harddisk0\DR0 - ok
15:31:48.0536 2388	Boot (0x1200)   (a1a8fd5508c7647729faa03efbbaa9d8) \Device\Harddisk0\DR0\Partition0
15:31:48.0536 2388	\Device\Harddisk0\DR0\Partition0 - ok
15:31:48.0567 2388	Boot (0x1200)   (ed232914549561077cafae08cca663cc) \Device\Harddisk0\DR0\Partition1
15:31:48.0567 2388	\Device\Harddisk0\DR0\Partition1 - ok
15:31:48.0583 2388	Boot (0x1200)   (398d2979bc4fbc3721dd57b3e7db70ce) \Device\Harddisk0\DR0\Partition2
15:31:48.0583 2388	\Device\Harddisk0\DR0\Partition2 - ok
15:31:48.0583 2388	============================================================
15:31:48.0583 2388	Scan finished
15:31:48.0583 2388	============================================================
15:31:48.0583 4168	Detected object count: 0
15:31:48.0583 4168	Actual detected object count: 0

cosinus · 10.01.2012, 16:46

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Affenjunge86 · 10.01.2012, 20:54

Hi,

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-01-10.02 - Affenjunge 10.01.2012  20:23:13.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.6143.4799 [GMT 1:00]
ausgeführt von:: c:\users\Affenjunge\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\AFFENJ~1\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
c:\users\Affenjunge\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
c:\windows\system32\java.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\3DAudio.ax
c:\windows\SysWow64\system32\avrt.dll
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MaJUtilLib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCaller.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\MetaStore2.dll
c:\windows\SysWow64\system32\mfplat.dll
c:\windows\SysWow64\system32\Microsoft.Synchronization.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
c:\windows\SysWow64\system32\Synchronization2.dll
c:\windows\SysWow64\UNWISE.EXE
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-10 bis 2012-01-10  ))))))))))))))))))))))))))))))
.
.
2012-01-10 19:28 . 2012-01-10 19:28	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-01-10 14:29 . 2011-11-21 11:40	8822856	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C864A8CB-759C-4C00-A24D-7A6DE91EA481}\mpengine.dll
2012-01-08 21:51 . 2012-01-08 21:51	--------	d-----w-	C:\_OTL
2012-01-08 13:11 . 2012-01-08 13:11	--------	d-----w-	c:\program files (x86)\ESET
2012-01-06 20:54 . 2012-01-06 20:54	--------	d-----w-	c:\program files (x86)\7-Zip
2012-01-05 01:00 . 2012-01-05 01:00	--------	d-----w-	c:\users\Affenjunge\AppData\Roaming\QuickScan
2012-01-01 16:00 . 2012-01-01 16:00	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-01 15:58 . 2012-01-01 15:58	--------	d-----w-	c:\windows\system32\Macromed
2011-12-27 17:01 . 2011-12-27 17:01	--------	d-----w-	c:\users\Affenjunge\AppData\Local\Skyrim
2011-12-27 00:41 . 2011-12-27 00:41	--------	d-----w-	c:\program files\Java
2011-12-14 13:26 . 2011-11-04 01:34	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-12-14 12:42 . 2011-10-26 05:21	43520	----a-w-	c:\windows\system32\csrsrv.dll
2011-12-14 12:42 . 2011-11-24 04:52	3145216	----a-w-	c:\windows\system32\win32k.sys
2011-12-14 12:42 . 2011-10-15 06:31	723456	----a-w-	c:\windows\system32\EncDec.dll
2011-12-14 12:42 . 2011-10-15 05:38	534528	----a-w-	c:\windows\SysWow64\EncDec.dll
2011-12-14 12:42 . 2011-11-05 05:32	2048	----a-w-	c:\windows\system32\tzres.dll
2011-12-14 12:42 . 2011-11-05 04:26	2048	----a-w-	c:\windows\SysWow64\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-27 00:41 . 2011-11-22 18:24	525544	----a-w-	c:\windows\system32\deployJava1.dll
2011-12-10 14:24 . 2010-11-18 01:37	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-05 15:59 . 2011-12-05 15:59	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-22 20:58 . 2010-11-09 21:52	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-10-26 03:05 . 2011-10-26 03:05	10496512	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2011-10-26 02:16 . 2011-10-26 02:16	24866816	----a-w-	c:\windows\system32\atio6axx.dll
2011-10-26 02:06 . 2011-10-26 02:06	159744	----a-w-	c:\windows\system32\atiapfxx.exe
2011-10-26 02:05 . 2011-10-26 02:05	748544	----a-w-	c:\windows\SysWow64\aticfx32.dll
2011-10-26 02:04 . 2011-10-26 02:04	892416	----a-w-	c:\windows\system32\aticfx64.dll
2011-10-26 02:01 . 2011-10-26 02:01	466944	----a-w-	c:\windows\system32\ATIDEMGX.dll
2011-10-26 02:01 . 2011-10-26 02:01	517120	----a-w-	c:\windows\system32\atieclxx.exe
2011-10-26 02:00 . 2011-10-26 02:00	204288	----a-w-	c:\windows\system32\atiesrxx.exe
2011-10-26 01:59 . 2011-10-26 01:59	18757120	----a-w-	c:\windows\SysWow64\atioglxx.dll
2011-10-26 01:59 . 2011-10-26 01:59	120320	----a-w-	c:\windows\system32\atitmm64.dll
2011-10-26 01:59 . 2011-10-26 01:59	423424	----a-w-	c:\windows\system32\atipdl64.dll
2011-10-26 01:59 . 2011-10-26 01:59	356352	----a-w-	c:\windows\SysWow64\atipdlxx.dll
2011-10-26 01:59 . 2011-10-26 01:59	278528	----a-w-	c:\windows\SysWow64\Oemdspif.dll
2011-10-26 01:58 . 2011-10-26 01:58	21504	----a-w-	c:\windows\system32\atimuixx.dll
2011-10-26 01:58 . 2011-10-26 01:58	59392	----a-w-	c:\windows\system32\atiedu64.dll
2011-10-26 01:58 . 2011-10-26 01:58	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2011-10-26 01:55 . 2011-10-26 01:55	4292096	----a-w-	c:\windows\SysWow64\atidxx32.dll
2011-10-26 01:46 . 2011-10-26 01:46	5041664	----a-w-	c:\windows\system32\atidxx64.dll
2011-10-26 01:43 . 2011-10-26 01:43	1113088	----a-w-	c:\windows\system32\atiumd6v.dll
2011-10-26 01:43 . 2011-10-26 01:43	1828864	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2011-10-26 01:43 . 2011-10-26 01:43	4044288	----a-w-	c:\windows\system32\atiumd6a.dll
2011-10-26 01:38 . 2011-10-26 01:38	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2011-10-26 01:38 . 2011-10-26 01:38	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2011-10-26 01:38 . 2011-10-26 01:38	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2011-10-26 01:38 . 2011-10-26 01:38	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2011-10-26 01:38 . 2011-10-26 01:38	9978880	----a-w-	c:\windows\system32\aticaldd64.dll
2011-10-26 01:35 . 2011-10-26 01:35	4353536	----a-w-	c:\windows\SysWow64\atiumdag.dll
2011-10-26 01:34 . 2011-10-26 01:34	8449024	----a-w-	c:\windows\SysWow64\aticaldd.dll
2011-10-26 01:32 . 2011-10-26 01:32	4189184	----a-w-	c:\windows\SysWow64\atiumdva.dll
2011-10-26 01:29 . 2011-10-26 01:29	5510144	----a-w-	c:\windows\system32\atiumd64.dll
2011-10-26 01:29 . 2011-10-26 01:29	58880	----a-w-	c:\windows\system32\coinst.dll
2011-10-26 01:22 . 2011-10-26 01:22	486912	----a-w-	c:\windows\system32\atiadlxx.dll
2011-10-26 01:22 . 2011-10-26 01:22	339968	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2011-10-26 01:22 . 2011-10-26 01:22	17408	----a-w-	c:\windows\system32\atig6pxx.dll
2011-10-26 01:22 . 2011-10-26 01:22	14336	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2011-10-26 01:22 . 2011-10-26 01:22	14336	----a-w-	c:\windows\system32\atiglpxx.dll
2011-10-26 01:22 . 2011-10-26 01:22	39936	----a-w-	c:\windows\system32\atig6txx.dll
2011-10-26 01:22 . 2011-10-26 01:22	32768	----a-w-	c:\windows\SysWow64\atigktxx.dll
2011-10-26 01:21 . 2011-10-26 01:21	326656	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2011-10-26 01:21 . 2011-10-26 01:21	40960	----a-w-	c:\windows\system32\atiuxp64.dll
2011-10-26 01:21 . 2011-10-26 01:21	31744	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2011-10-26 01:21 . 2011-10-26 01:21	38912	----a-w-	c:\windows\system32\atiu9p64.dll
2011-10-26 01:20 . 2011-10-26 01:20	29184	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2011-10-26 01:20 . 2011-10-26 01:20	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2011-10-26 01:16 . 2011-10-26 01:16	54784	----a-w-	c:\windows\system32\atimpc64.dll
2011-10-26 01:16 . 2011-10-26 01:16	54784	----a-w-	c:\windows\system32\amdpcom64.dll
2011-10-26 01:15 . 2011-10-26 01:15	53760	----a-w-	c:\windows\SysWow64\atimpc32.dll
2011-10-26 01:15 . 2011-10-26 01:15	53760	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2011-10-25 20:21 . 2011-10-25 20:21	66560	----a-w-	c:\windows\system32\OpenVideo64.dll
2011-10-25 20:21 . 2011-10-25 20:21	56832	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2011-10-25 20:21 . 2011-10-25 20:21	66560	----a-w-	c:\windows\system32\OVDecoder64.dll
2011-10-25 20:21 . 2011-10-25 20:21	56832	----a-w-	c:\windows\SysWow64\OVDecoder.dll
2011-10-25 20:21 . 2011-10-25 20:21	16991744	----a-w-	c:\windows\system32\amdocl64.dll
2011-10-25 20:20 . 2011-10-25 20:20	13950464	----a-w-	c:\windows\SysWow64\amdocl.dll
2011-10-22 11:21 . 2011-10-22 11:21	71680	----a-w-	c:\windows\system32\frapsv64.dll
2011-10-22 11:21 . 2011-10-22 11:21	65536	----a-w-	c:\windows\SysWow64\frapsvid.dll
2011-10-18 01:43 . 2011-10-18 01:43	203320	----a-w-	c:\windows\system32\drivers\ssudserd.sys
2011-10-18 01:43 . 2011-10-18 01:43	203320	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2011-10-18 01:43 . 2011-10-18 01:43	95928	----a-w-	c:\windows\system32\drivers\ssudbus.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-09-29 929680]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-09-29 3508112]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-09-29 20880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 343168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 136176]
R3 ALSysIO;ALSysIO;c:\users\AFFENJ~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 cpuz130;cpuz130;c:\users\AFFENJ~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 136176]
R3 KiesAllShare;SAMSUNG KiesAllShare Service;c:\program files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\DDE2.tmp [x]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [x]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [x]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [x]
R3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\DRIVERS\ssceserd.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-05-01 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 16:23]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 16:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45	134384	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = fritz.box
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Affenjunge\AppData\Roaming\Mozilla\Firefox\Profiles\6mi3szty.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\DDE2.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1946644068-12885462-1039592219-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1946644068-12885462-1039592219-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-10  20:33:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-10 19:33
.
Vor Suchlauf: 11 Verzeichnis(se), 286.642.040.832 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 286.456.086.528 Bytes frei
.
- - End Of File - - A48085D6C6D7640CF9288D35703E3E4D

--- --- ---

Übrigens hat mir avast das hier nach dem runterladen von CF ausgepuckt.

Infektions-Details:
URL: hxxp://download.bleepingcomputer.com/pro...
Prozess: file://C:\Program Files (x86)\Mozilla Fi...
Infektion: win32:Rootkit-gen [Rtk]

Ist das normal ?

Gruß,
Affe

cosinus · 10.01.2012, 21:41

Zitat:

Übrigens hat mir avast das hier nach dem runterladen von CF ausgepuckt.

Du bist heute schon der 20. der das fragt
Es steht so ziemlich alles im Leitfaden von CF, auch dass man Virenscanner deaktivieren soll bevor man das startet denn wie du siehst melden die darin zu oft Fehlalarme!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Affenjunge86 · 11.01.2012, 23:11

Hallo,

Zitat:

Du bist heute schon der 20. der das fragt
Es steht so ziemlich alles im Leitfaden von CF, auch dass man Virenscanner deaktivieren soll bevor man das startet denn wie du siehst melden die darin zu oft Fehlalarme!

Sorry. Dann hab ich wohl nicht richtig geguckt . Avast war natürlich während dem Scan aus.

Hier die aswMBR Log:

Code:

ATTFilter

 
aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-11 22:51:44
-----------------------------
22:51:44.314    OS Version: Windows x64 6.1.7601 Service Pack 1
22:51:44.315    Number of processors: 2 586 0xF0B
22:51:44.316    ComputerName: AFFENJUNGE-PC  UserName: Affenjunge
22:51:45.478    Initialize success
22:51:45.551    AVAST engine defs: 12011101
22:52:31.341    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006b
22:52:31.343    Disk 0 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 3
22:52:31.350    Disk 0 MBR read successfully
22:52:31.352    Disk 0 MBR scan
22:52:31.355    Disk 0 Windows 7 default MBR code
22:52:31.357    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:52:31.371    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       499899 MB offset 206848
22:52:31.374    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       453868 MB offset 1024000000
22:52:31.377    Service scanning
22:52:33.724    Modules scanning
22:52:33.727    Disk 0 trace - called modules:
22:52:33.808    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys 
22:52:33.811    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80060646d0]
22:52:33.816    3 CLASSPNP.SYS[fffff88000c2943f] -> nt!IofCallDriver -> [0xfffffa8005ee1e40]
22:52:33.821    5 ACPI.sys[fffff88000f5f7a1] -> nt!IofCallDriver -> \Device\0000006b[0xfffffa8005ee3060]
22:52:34.477    AVAST engine scan C:\Windows
22:52:35.869    AVAST engine scan C:\Windows\system32
22:53:26.834    AVAST engine scan C:\Windows\system32\drivers
22:53:33.151    AVAST engine scan C:\Users\Affenjunge
22:55:32.757    AVAST engine scan C:\ProgramData
22:56:06.252    Scan finished successfully
23:02:33.017    Disk 0 MBR has been saved successfully to "C:\Users\Affenjunge\Desktop\MBR.dat"
23:02:33.022    The log file has been saved successfully to "C:\Users\Affenjunge\Desktop\aswMBR.txt"

Quicksan war ja richtig oder?

Gruß,
Affe